IDC MarketScape Names ExtraHop® a Leader in Network Detection and Response

IDC has released the inaugural MarketScape for Worldwide Network Detection and Response (NDR), and ExtraHop is named a leader. The report is important for security buyers because it provides an analysis of the NDR market category as a whole, as well as software vendors that met the criteria for inclusion in IDC MarketScape’s evaluation. Technology buyers seeking to add NDR to their security architecture will benefit from IDC independent, third-party perspective of the value of NDR and advice from customers who have already implemented NDR solutions from the vendors included in the report.

According to the report, “What makes ExtraHop unique in NDR is that it monitors the network through multiple lenses such as the applications, the network and application performance (which can be a security issue or a bottleneck of some sort), and an elevated risk profile.”

IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of technology and suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each supplier’s position within a given market. The Capabilities score measures supplier product, go-to-market and business execution in the short-term. The Strategy score measures alignment of supplier strategies with customer requirements in a 3-5-year timeframe. Supplier market share is represented by the size of the icons.

The Essential Role of NDR

IDC defines NDR as “telemetry that can be provided about the network that comes inline from a network test access port (TAP) or out of band from a SPAN port.” According to IDC, the benefit of using the network as a source of telemetry is that it can offer unique insights and benefits that other detection and response tools, including endpoint detection and response (EDR), can’t. Unlike EDR, NDR doesn’t require agents, which can be disabled or evaded. Further, session data and connectivity protocols between devices can reveal indicators of compromise (IoCs) that aren’t visible outside the network, says IDC in the MarketScape for Worldwide Network Detection and Response.

NDR also provides visibility that SIEM solutions can’t. New connections, anomalous behavior, impossible travel, and violations of policy are all IoCs that NDR is designed to detect that would be much more challenging to spot with a SIEM.

While NDR can be used to great effect as a standalone detection and response solution, it performs best when used in concert with other tools. Blending telemetry from the network with endpoint, data, identity, and application controls provides the context security teams need to uncover the truth.

Advice for NDR Buyers

Every IDC MarketScape asks current customers of the vendors included in the evaluation to provide advice for organizations looking to buy a particular technology. Here’s a sampling of the advice from customers interviewed for the NDR IDC MarketScape report:

1. Do your homework before you start shopping. Take some time to define what capabilities you need in an NDR solution; it’s easier to be upfront with vendors than it is to try to retrofit a tool that doesn’t quite match. If this will be your first NDR, have your security team set expectations around the time it takes to get up to speed. Consider what other solutions you have in place, and how different NDR solutions will (or won’t) integrate with them. And come prepared with a robust network diagram, which helps determine the type of network sensor that should be used and where they should be deployed.
2. NDR isn’t “set it and forget it.” You should continue to monitor the effectiveness of your NDR solution. Regularly review detection rules and configurations to keep up with the latest threats.
3. Put vendors to the test during the proof of concept. It’s important to have an objective way of evaluating the effectiveness of different NDR solutions. Red team exercises can help you understand the strengths and weaknesses of each solution you’re considering.

ExtraHop Is a Leader in NDR

ExtraHop is proud to be named a leader in the NDR market for our RevealX™ platform. We believe our positioning in the report speaks to the strength of our market-leading strategy and innovation-driven roadmap. We take pride in the way we engage with our customers to inform the future development of RevealX.

The IDC MarketScape stated, “The ExtraHop RevealX™ NDR platform offers full-spectrum visibility into the entire hybrid ecosystem with real-time detection and response across on-premises, cloud, and hybrid environments, including internet of things (IoT) and operational technology (OT) systems."

The IDC MarketScape noted, “ExtraHop has several differentiating features that are uncommon and sometimes unique in NDR.” The report added, “Among these differentiators are: A tight integration with CrowdStrike. Often, integrations include a common set of APIs, where a customer can get an API key and share information between platforms. The relationship between ExtraHop and CrowdStrike is more involved than that. CrowdStrike uses ExtraHop as its preferred partner for the NDR element of XDR. ExtraHop receives threat intelligence from CrowdStrike. The partnership allows a licensed customer to have endpoint and network visibility to use either console for work. ExtraHop telemetry becomes a part of CrowdStrike push-button response capabilities.” Learn more about our partnership and integrations with CrowdStrike.

The “traditional strength” of RevealX is the ability to find IoCs at network line speed. RevealX can decrypt encrypted traffic without latency, which enables real-time analysis of network activity across on-premises, hybrid, multicloud, IoT, and OT environments. The report added, “ExtraHop can reduce an environment's complexity by adding modules for an intrusion detection system and network performance monitoring.” The IDC MarketScape noted, “ExtraHop is a good value for midsize companies but becomes an even better value for enterprise customers. Its cloud-based AI/ML models help on-premises and with correlations in heterogeneous networks.”

Read a complimentary excerpt copy of the report to discover all the reasons ExtraHop is a Leader in the NDR market.