Vectra Recognised In Latest Gartner Market Guide For NDR

Security and risk management leaders should prioritise NDR as a complement to other detection tools, says Gartner

The 2022 Gartner Market Guide for Network Detection and Response report, published in December, shows that security and risk management leaders should prioritise NDR as a complement to other detection tools, focusing on low false positive rates and detection of anomalies that other controls don’t cover. Vectra was recognised in the report for Vectra Threat Detection and Response Platform.

According to the report, “Organisations rely on NDR to detect and stop activity after a successful attack, such as ransomware, threats from within the network or lateral network traffic. NDR complements other technologies that trigger alerts primarily based on rules and signatures, building heuristic models of normal network behaviour and spotting anomaly.” The report further mentions that “Security and risk management leaders should prioritise NDR as a complement to other detection tools, as it focuses on low false alarm rates and anomaly detection that other solutions do not cover.”

“We believe that Vectra AI’s recognition in the Gartner Market Guide confirms our position as a trusted partner offering proven solutions for network detection and response,” says Taj El-khayat, Managing Director – South EMEA at Vectra, recognised as a Representative Vendors in Network Detection and Response category.

“To stem the tide of threats, security teams need full visibility into their environments so they can detect signs of an attack before it becomes a breach. With the right configuration, NDR can provide effective protection against ransomware,” he points out.

Main findings of the report

  • According to latest Gartner security forecast, “The network detection and response (NDR) market continues to grow steadily at 22.5%, per the latest Gartner security forecast, despite increased competition from other platforms.”
  • As early adopters enter a renewal phase, incident response and orchestration workflows gain more weight during the evaluation.
  • A handful of NDR vendors capture most of the attention in the market. Organisations with specialised detection use cases would benefit from mixing known vendors with emerging local players in their shortlists.


“To develop their network detection and response capabilities, security and risk management leaders should:

  • Complement existing detection solutions by implementing NDR tools to detect abnormal behaviour and investigate activity after a successful security breach.
  • Identify gaps in current processes to determine whether the anomalies that NDR can detect correspond to the most pressing detection gaps.
  • Compare NDR vendor offerings by preparing reasonable metrics and assessing how NDR tools positively impact threat detection, security operations centre (SOC) productivity and automated response.”

Strategic planning assumptions

  • “By 2026, the percentage of companies that evaluate NDR capabilities only within standalone products will drop to 70% (currently it is 90%).
  • By 2027, more than half of NDR detections will come from cloud environments (currently less than 10%).
  • By 2027, automated response to detected network anomalies will not exceed 40% of all detected anomalies.”