Enterprise cybersecurity technology research that connects the dots.

Change Is Coming to the Network Detection and Response (NDR) Market

After years of relative stability and steady growth, Omdia research indicates the NDR segment is poised for rapid change.

Andrew Braunberg, Principal Analyst, SecOps, Omdia

March 16, 2023

2 Min Read
Shields and electronic parts on a science-fiction background
Source: Pete Linforth via Pixabay

After several years of relative stability and steady growth, Omdia research indicates that the network detection and response (NDR) segment appears poised for rapid change.

While a handful of vendors continue to enjoy significant market traction, the segment faces uncertainty due to the evolving demands on threat detection, investigation, and response (TDIR) solutions.

It's becoming tougher for many vendors to find traction in a changing NDR market landscape. Several second-tier players have exited the market in the last several quarters, and Omdia expects a further culling of vendors in this segment. As the NDR market shakes out over the next 12–24 months, vendors must ensure that they can meet the visibility requirements of customers, as continued network evolution, cloud computing, and the need for proactive security approaches demand a greater focus on extended network visibility. This will include fully articulating NDR’s value within broader initiatives such as XDR and zero trust.

How Do NDR Vendors Differentiate Themselves?

NDR vendors differentiate across numerous features, but the most successful vendors share the goal of providing the highest possible signal-to-noise ratio in their threat detection techniques. No one needs another network-based "alert cannon." There is significant variation in approaches, however, both regarding what data is collected and how it is analyzed, and this is particularly true with respect to how leading vendors handle analysis of encrypted traffic.

Another important market dynamic is the consolidation of network security features within NDR platforms. For example, several vendors position themselves as replacements for traditional IDS products. More broadly, NDR solutions are taking on security functionality that has traditionally resided in NTA, IDS, UEBA and TIP solutions. Additionally, Omdia is seeing NDR vendors move into adjacent markets such as cloud detection and response (CDR) and identity detection and response (IDR).

Despite significant shifts in enterprise network architectures, NDR technology continues to demonstrate value by detecting threats that other security technologies miss, either because of lack of traffic visibility or lack of analytical sophistication. As a result, there will remain specific use cases for NDR as a stand-alone product. The market is clearly moving toward integrated XDR solutions, however, and enterprises should future-proof NDR deployments by fully understand which XDR interoperability initiatives are supported by any NDR prospect they may be considering.

There are several paths along which the NDR market could evolve, but recent acquisitions in the space demonstrate continued optimism that NDR functionality will remain an important component of enterprise security architectures. The uncertainty lies in how it will be delivered in the longer term.

Omdia remains optimistic and forecasts the global NDR market will eventually grow to $1.98 billion in 2027. Within that time, Omdia expects continued consolidation and retrenchment in the market as a smaller number of vendors represent a larger percentage of total market revenue.

For a deeper dive into current trends in the NDR market, Omdia customers can access "Fundamentals of Network Detection and Response" (Article number: OM029348).

About the Author

Andrew Braunberg

Principal Analyst, SecOps, Omdia

Andrew supports Omdia's Cybersecurity Operations (SecOps) Intelligence Service research practice, guiding vendor, service provider, and enterprise clients. He provides thought-leading analysis on technologies, trends, and innovations in enterprise security operations centers (SOCs), and specifically on the proactive technologies used to avoid breach, such as vulnerability management and attack surface management.

Andrew has been covering, researching, or speaking on topics related to enterprise information technology for approximately 20 years. Prior to joining Omdia (formerly Ovum) in 2022, Andrew spent five years at NSS Labs where he led the analyst group and worked closely with the company’s security product testing team.

Prior to NSS, Andrew spent more than a decade at GlobalData (formerly Current Analysis), where he managed the Enterprise team and was the firm’s principal security analyst. Over his career, Andrew’s coverage has ranged from endpoint protection suites, to network security appliances, and solutions for protecting cloud-based assets.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights