In the 2023 Gartner® Market Guide for Network Detection and Response, Cisco is listed as a Representative Vendor. A Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position vendors within the market, but rather more commonly outlines attributes of representative vendors that are providing offerings in the market to give further insight into the market itself. If you’re trying to figure out how a new market might fit in with your company’s present and future technological needs, we believe the Gartner Market Guide reports are a great place to start. 

According to Gartner, network detection and response (NDR) refers to tools that perform behavioral analytics on data collected from a network’s traffic in order. 

The trusted analysts from Gartner observe that the network detection and response (NDR) market continue to grow steadily at 22.5%, despite increased competition from other platforms. The steady growth of the NDR market is a sign that the reach of these tools includes enhanced analytical capabilities and response tactics, thanks to the development of machine learning. In addition to the use of sophisticated machine learning models, cloud architectures make it possible to perform extensive real-time analysis on the large volumes of data produced by enterprise networks. What this means is that security experts are beginning to take notice of the technology as it begins to fulfill its promise.

Trends in the NDR market, according to Gartner, include:

  • New sensors: By building or integrating with endpoint sensors, such as EDR, ingesting third-party logs like SIEM, analyzing software/platform/infrastructure-as-a-service events through their monitoring APIs, or adding support for OT use cases.
  • New detection techniques: By adding support for more traditional signatures, performance monitoring, threat intelligence and sometimes malware detection engines. This move toward more multifunction network detection aligns well with the use case of network/security operations convergence, but also with midsize enterprises.
  • Incident response workflow automation: NDR technologies already aggregate individual abnormal events into security incidents. By enriching alerts to provide better context and applying ML to semiautomate the incident response process, NDR vendors encourage large SOC teams to rely more on the NDR console, rather than forwarding alerts directly to a SIEM.
  • Managed NDR: Some of the large vendors have started offering more services on top of the NDR product and subscriptions, ranging from proactive notifications from the vendors in case of incident to fully managed threat detection. Many of these services are recent and supported by small but growing teams.
  • Evolving architecture: More vendors provide ML analytics only in the cloud now, as the centralized approach facilitates improvement of ML detections.

If you oversee or work in the trenches of security operations today, you are most likely using a slew of detection products from various vendors, which can be perplexing. This necessitates manually hunting and investigating incidents across multiple toolkits, which can take a long time and frequently leads to dead ends or roadblocks. The Gartner Market Guide for Network Detection and Response mentions that Security and risk management leaders should prioritize NDR as complementary to other detection tools, focusing on low false positive rates and detection of anomalies that other controls don’t cover.

Introduction to this Detections Demo Series

Learn how Cisco can assist security organizations in lowering their risk profile and decreasing the time it takes to detect and respond to cyber-attacks by leveraging the network power of their existing network and cloud investments to detect advanced, hidden threats and suspicious behavior. Please watch the Introduction to this Detections Demo Series for more information on how Cisco Secure Analytics alerts and detects real-world attacks in your organization.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels



Jay Bethea

Product Marketing Manager

Cisco Secure Email