[ UPDATED ON 01/11/23 - The new Gartner NDR Market Guide 2022 is now available for download ]
In its July report, Hype Cycle for Security Operations 2022, Gartner validated a position Vectra AI adopted some time ago: NDR (Network Detection and Response) technology should be a priority solution for enterprise security teams.
Vectra has long been aware of this, of course, but it is nice to see conventional wisdom finally catch up.
Technology influencers and decision-makers always pounce on the Gartner Hype Cycle reports. These authoritative reports proclaim which categories are on the way up, which have peaked, and which remain unlikely to climb despite enough hype to enjoy mass adoption but doomed to either die of exposure atop the “Peak of Inflated Expectations” or expire in the “Trough of Disillusionment.”
NDR, concludes Gartner, has escaped both fates – and is climbing the “Slope of Enlightenment” as I write.
Why? Let’s quote from the report:
“When considering the technology and capability roadmap for security operations, there needs to be a significant focus on prioritization of discovered issues to ensure that your security operations program aligns to your specific and dynamic attack surface. Concurrently, this all needs to align with modern IT architectures.”¹
In Vectra-style plain talk: Network domains have never been so distributed and fragmented, and the threat landscape – from data center to cloud – has never been richer or more inundated with unknowns. With the rapid adoption of hybrid and multi-cloud, never have there been so many attack vectors out there. Today, you can’t examine every anomaly – there are just too many, and in fact most are benign. So, it pays to prioritize and elevate the genuine threats, regardless of where they originate or how they progress. Enter the “Vectra Threat Detection and Response (TDR)” platform.
A Low-Risk, High-Reward Security Investment
The time is ripe for a more modern threat detection and response security platform that minimizes risk exposure – one that goes beyond surveillance to predict abnormal system behaviors, in part by applying behavioral analytics to network, cloud and identity data.
In that context, Gartner says, NDR is a low-risk, high-reward investment for security operations teams. It complements traditional, solitary, preventative security tools, which are less effective in today’s threat environment.
It has become increasingly challenging to monitor traffic and network health between on-premises facilities and the cloud. The right NDR addresses that gap; the right NDR leverages machine learning to detect threats missed by other technologies; the right NDR does not impede legitimate network traffic; the right NDR does not become a “speed bump” for organizational efficiency.
Gartner’s View of NDR Validates Vectra’s (TDR) Approach
Vectra TDR (which includes NDR, CDR, and ITDR) centers on the following:
- Aligning solutions with the customer’s requirements for attack surface coverage, knowing that attack surfaces are expanding all the time to now include public cloud, SaaS, identity, and network domains;
- Prioritizing and clarifying the most critical threats from the vast sea of anomalies which matter the most to business;
- Reducing workload complexity for SOC teams by integrating tools and automating processes so analysts operate at their best (without burning them out);
- Delivering greater visibility and control so security teams see and stop attack with less work, less tools, in less time.
Gartner’s assessments of security technologies line up nicely with Vectra’s Threat Detection and Response (TDR) platform strategy.
In fact, the Hype Cycle for Security Operations report highlights additional technologies and services beyond NDR which the Vectra TDR platform already includes MDR (Managed Detection and Response) and ITDR (Identity Threat Detection and Response), along with OT Security, Breach and Attack Simulation, Digital Forensics and Incident Response, Vulnerability Prioritization Technology, and Digital Risk Protection Services. All of which are priorities for security business decision-makers; all of which are aspects contained within the total Vectra value proposition.
Buy Business Outcomes, Not Technologies
While it is certainly pleasing to see Gartner cover core Vectra technologies so approvingly, let me close with a recommendation that, at first glance, might seem contradictory: Focus on outcomes, not technologies.
Consider the drivers Gartner outlines for MDR, all of which concern valued outcomes:
- Compliance: ensure that the organization has the needed threat monitoring and detection in place;
- Coverage: provide high-fidelity threat detection and coverage of a wide range of data sources, technologies, and SaaS platforms;
- Containment: initiate measures for active containment or disruption of a threat;
- Controls: deliver exposure management, incident response, and risk-management capabilities;
- Complexity reduction: implement a turnkey solution for those who cannot build and maintain internal capability or require rapid capability.
Botched, or at least imperfect, technological implementations are a long-standing source of security woes in the private sector. Beyond fixing the short-term problems, buying security solutions a la carte and stacking them one on top of the other only creates friction and incompatibility. If an organization is heavily invested in technologies like EDR and SIEM but deploys incompatible NDR or MDR solutions in parallel, the result may be the opposite of what was intended: both costly and disruptive.
The discriminating customer should connect with a vendor who offers tools tuned to produce specific, desired outcomes – in harmony with the existing landscape. Such a provider offers more than just NDR: MDR services centered around candor, transparency, and open communication channels with analysts and delivery teams. Search for clues to a provider’s attitude in their product user interface design: the more empathic and intuitive, the better.
Such an open, outcome-focused attitude propels important technologies like NDR up the “Slope of Enlightenment” and MDR in the “Early Mainstream,” while others fail to achieve their potential.
In their report, Gartner presents compelling reasons for every enterprise CISO to consider adopting NDR and wrapping MDR around it. Vectra has the track record, the attitude, and the culture to differentiate its particular NDR + MDR proposition.
Gartner says NDR today is “climbing the slope” toward mainstream status. Of course, well before Gartner proclaimed their Hype Cycle verdict, Vectra had put full confidence in NDR – an approach justified by successful real-world outcomes.
Now that Gartner has put the word out, more of the world may beat a path to NDR’s door. The task is to choose the right NDR: one with the right MDR services to back it up.
¹ Andrew Davies et al, “Hype Cycle for Security Operations, 2022,” Gartner Group, 5 July 2022, p. 5.