ThreatBook Selected in the First-ever Gartner® Magic Quadrant™ for Network Detection and Response (NDR)

BEIJING - June 4, 2025 - After nearly a year of research and evaluation, Gartner released the first "Magic Quadrant for Network Detection and Response" report on May 29, ThreatBook became the only Chinese company selected.

As enterprises accelerate their migration to the cloud and network attacks become increasingly complex, NDR technology has become an indispensable underlying facility for modern security operations centers (SOCs). By continuously monitoring east-west and north-south traffic, it effectively covers lateral threats that are difficult to detect with traditional security devices. It can achieve closed-loop disposal by combining traffic blocking, host containment or linkage with SOAR and SIEM, greatly shortening response time. It also supports IaaS and SaaS deployment, and flexibly adapts to multi-cloud hybrid environments, becoming an important cornerstone of cloud security. ThreatBook believes the release of the Magic Quadrant for NDR not only marks the maturity of traffic detection and response technology and the advancement of market size, but also marks the transformation of the security paradigm from "passive defense" to "active operation."

Attacker-centric capabilities: accurate detection, automatic response and cloud advantages

As an attacker-centric detection and response platform with deep intelligence integration, ThreatBook TDP relies on cutting-edge innovative technologies to effectively solve core security issues such as zero-day vulnerability detection, attack surface identification, and compromised host detection.

Accurate detection

Comprehensively covers attack chain techniques, automatically determines the success or failure of an attack, and conducts alert correlation analysis, reducing the false alert rate to 0.003%. Combined with high-quality vulnerability intelligence, behavioral analysis engine, and cloud sandbox, the detection rate of zero-day attacks in actual combat scenarios is as high as 81%.

Efficient decryption and response

Innovative integration of bypass deployment and proxy technology, high-performance TLS decryption can be achieved without adjusting the network architecture, with an encrypted communication recognition rate of 99%; based on threat intelligence, attack analysis and custom strategies, subsequent attacks are automatically bypassed and blocked, with a two-way blocking rate of 99%, and threats are accurately located at the process level. More than 20 third-party security devices can be linked to form a closed-loop response.

Cloud-native adaptation

Fully supports mainstream cloud platforms such as Alibaba Cloud, AWS, and Azure, and replaces traditional NFV images with lightweight agents, greatly reducing cloud detection costs; accurately captures the risk of sensitive credential leakage such as AK/SK during transmission.

Multi-scenario capabilities and high renewal rate

ThreatBook TDP provides multi-scenario solutions to the core traffic threat pain points currently faced by enterprises:

Full-network advanced threat protection

In an environment with complex network structure, basic protection but lack of advanced defense capabilities, it can not only focus on real threats and filter massive invalid alerts, but also provide advanced threat identification and APT defense.

Unified management of multiple branches

For large groups, headquarters can centrally display, analyze and manage branch alert data, reduce operation and maintenance costs, and improve overall security.

Asset risk monitoring

Automatically sort out network assets, identify exposed surfaces and unsafe APIs, prevent data leakage, and provide personalized risk monitoring and centralized alerts.

With its core advantages of "precision, practical, closed-loop, and easy to use", ThreatBook TDP has served thousands of companies in multiple industries such as finance, energy, manufacturing, Internet, and real estate, and has maintained a high renewal rate, with market performance leading the industry. Its capabilities have also been highly recognized by customers, and it has been selected as a "Strong Performer" in Gartner® Peer Insights™ Voice of Customers for Network Detection and Response for two consecutive years.

ThreatBook believes, the inclusion in Gartner's first Magic Quadrant for NDR is not only a verification of its "technical depth + scenario-based deep cultivation" route by an international market, but also a dual recognition of ThreatBook's product technology strength and service capabilities. In the future, in the complex and ever-changing network security environment, ThreatBook will continue to focus on threat detection, relying on the core capabilities of AI + TI to provide industry users with more reliable traffic detection support.

Gartner, Magic Quadrant for Network Detection and Response, 29 May 2025

Gartner, Voice of the Customer for Network Detection and Response, 30 August 2024

Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER, MAGIC QUADRANT and Peer Insights are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.