ThreatBook Selected in the First-ever Gartner Magic Quadrant for Network Detection and Response (NDR)

BEIJING, June 4, 2025 /PRNewswire/ -- After nearly a year of research and evaluation, Gartner released the first "Magic Quadrant for Network Detection and Response" report on May 29, ThreatBook became the only Chinese company selected.

As enterprises accelerate their migration to the cloud and network attacks become increasingly complex, NDR technology has become an indispensable underlying facility for modern security operations centers (SOCs). By continuously monitoring east-west and north-south traffic, it effectively covers lateral threats that are difficult to detect with traditional security devices. It can achieve closed-loop disposal by combining traffic blocking, host containment or linkage with SOAR and SIEM, greatly shortening response time. It also supports IaaS and SaaS deployment, and flexibly adapts to multi-cloud hybrid environments, becoming an important cornerstone of cloud security. ThreatBook believes the release of the Magic Quadrant for NDR not only marks the maturity of traffic detection and response technology and the advancement of market size, but also marks the transformation of the security paradigm from "passive defense" to "active operation."

Attacker-centric capabilities: accurate detection, automatic response and cloud advantages

As an attacker-centric detection and response platform with deep intelligence integration, ThreatBook TDP relies on cutting-edge innovative technologies to effectively solve core security issues such as zero-day vulnerability detection, attack surface identification, and compromised host detection.

Accurate detection

Comprehensively covers attack chain techniques, automatically determines the success or failure of an attack, and conducts alert correlation analysis, reducing the false alert rate to 0.003%. Combined with high-quality vulnerability intelligence, behavioral analysis engine, and cloud sandbox, the detection rate of zero-day attacks in actual combat scenarios is as high as 81%.

Efficient decryption and response

Innovative integration of bypass deployment and proxy technology, high-performance TLS decryption can be achieved without adjusting the network architecture, with an encrypted communication recognition rate of 99%; based on threat intelligence, attack analysis and custom strategies, subsequent attacks are automatically bypassed and blocked, with a two-way blocking rate of 99%, and threats are accurately located at the process level. More than 20 third-party security devices can be linked to form a closed-loop response.