NDR solutions primarily use non-signature-based techniques (for example, machine learning or other analytical techniques) to detect suspicious traffic on enterprise networks. NDR tools continuously analyze raw traffic and/or flow records (for example, NetFlow) to build models that reflect normal network behavior. When the NDR tools detect suspicious traffic patterns, they raise alerts. In addition to monitoring north/south traffic that crosses the enterprise perimeter, NDR solutions can also monitor east/west communications by analyzing traffic from strategically placed network sensors. Response is also an important function of NDR solutions. Automatic responses (for example, sending commands to a firewall so that it drops suspicious traffic) or manual responses (for example, providing threat hunting and incident response tools) are common elements of NDR tools

The Network Performance Monitoring (NPM) market consists of tools that leverage a combination of data sources to provide a holistic view of how networks (including corporate on-premises, cloud, multicloud, hybrid and other networks) are performing. Data sources include: Network-device-generated traffic data Raw network packets Network-device-generated health metrics and events NPM tools provide diagnostic workflows and forensic data to identify the root causes of performance degradations — increasingly through the adoption of advanced technology, such as artificial intelligence (AI) or machine learning algorithms (ML). Finally, based on network-derived performance data, NPM tools provide insight into the quality of the end-user experience.

UCaaS monitoring tools measure the UCaaS user experience by providing key performance indicators (KPIs), visibility and insight based on application, session and network availability, performance, and health from multiple sources. An instantiation of digital experience monitoring, UCaaS monitoring tools combine elements of application and network performance monitoring capabilities. Strong tools continually collect packet trace data, decode and play back captured voice and video streams, interrogate network infrastructure, and assess the functional status of bidirectional sessions, segments and endpoints. They gather and assess data in real time and perform synthetic call testing for service initiation and change/contingency management purposes.

