The potential for serious business disruptions makes detecting threats quickly and accurately critical to preventing data loss, compliance violations, and lost revenue. Even as resources and users leave the traditional perimeter, the network should play a key role in detecting threats to avoid business disruption. Specifically, network-based tools provide consistent, comprehensive visibility across distributed, heterogeneous environments and remain outside the scope of attacker manipulation. Yet the number of threat detection and response tools that are available can leave users unsure of where to prioritize.
In order to gain insight into these trends, Enterprise Strategy Group surveyed 376 IT, cybersecurity, and networking professionals responsible for evaluating, purchasing, and managing network security products and services for their organizations.
This study sought to answer the following questions:
- What challenges do organizations face with threat detection and response today?
- In which part of the MITRE ATT&CK framework do organizations have the most difficulty detecting and stopping threats?
- Have organizations ever fallen victim to an attack that used encrypted traffic to avoid detection? How did the attack use encryption?
- What technologies do organizations believe are most effective for threat detection and response?
- What are the primary reasons organizations use, or plan to use, network detection and response tools? How do organizations use or plan to use NDR for threat detection?
- What specific use cases do, or will, organizations support through their use of NDR tools?
- What attributes are most important to organizations in an NDR solution?
- What benefits have organizations realized as a result of using NDR?
- How do organizations weigh, or expect to weigh, artificial intelligence when selecting an NDR tool? For what reasons would organizations leverage artificial intelligence/machine learning capabilities with their NDR solutions?
- What plans do organizations have to use XDR technology? How do organizations expect to consume NDR as part of their XDR strategy?
- How do organizations expect their spending on network detection and response technologies, services, and personnel to change over the next 12 to 18 months?
- Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.