Forrester released its second evaluation of the network analysis and visibility (NAV) market in the report The Forrester Wave™: Network Analysis And Visibility Solutions, Q4 2025. This market, first defined in Forrester’s 2011 report, Pull Your Head Out Of The Sand And Put It On A Swivel: Introducing Network Analysis And Visibility, introduced NAV as a cornerstone for deep network visibility and Zero Trust enablement. The definition evolved in the 2024 report The Modern Definition Of NAV, which underscored NAV’s role in advanced threat detection and operational resilience.

What’s New In This Wave?

The previous evaluation, The Forrester Wave™: Network Analysis And Visibility, Q2 2023, assessed vendors on eight current-offering criteria, six strategy criteria, and two market-presence criteria. This most recent evaluation doubles down with 19 current-offering criteria and six strategy criteria, reflecting the market’s growing complexity and enterprise demand. We evaluated 12 vendors as part of this process: Arista Networks, Cisco, Corelight, Darktrace, Exeon Analytics, ExtraHop, Fortinet, Lumu Technologies, NETSCOUT, NetWitness, Trend Micro, and Vectra AI.

Participants were categorized as Leaders, Strong Performers, and Contenders based on analysis of tailored questionnaire responses from vendors, executive briefings and demos, and customer references. Notable mentions outside the vendors included in the Wave include Broadcom (formerly VMWare), DataBee, and Trellix (which was included in the previous Wave).

You Say NDR; We Say NAV

Many in the security industry refer to the capabilities included in NAV as “network detection and response,” or NDR. NAV predates the term “NDR” and is more directly reflective of the solutions in the space, as most deploy passively and don’t include native response capabilities.

With that said, Forrester defines network analysis and visibility as:

Security solutions that deploy passively in networks to gain deep, real-time insights into network traffic and detect threats across on-premises, cloud, and hybrid environments while mapping asset relationships, performing flow analysis, extracting metadata, enabling full or targeted packet capture, and integrating with other control points to enhance detection accuracy, remediate threats, and enable network forensics.

Despite its criticality, NAV remains underrepresented in enterprises compared to technologies such as endpoint detection and response (EDR) and security information and event management. Enterprise organizations at large still do not fully realize NAV’s value until evasive threats like the recent Typhoon malware series expose blind spots. NAV is often the only technology capable of monitoring certain items such as IoT devices, where endpoint agents cannot be deployed. This makes it indispensable for SecOps and increasingly relevant for compliance, fraud detection, and insider risk management programs.

NAV Trends That Matter For Security Professionals

Current NAV vendor strategies fall into one or more of these three categories:

  1. Security operations center-in-a-box solutions for midmarket and select enterprises
  2. Pure-play NAV specialists focused on deep visibility and detection
  3. EDR-like offerings that blend endpoint and network telemetry

Enterprise adoption of NAV is accelerating, but picking the right vendor requires scrutiny. Hence, our evaluation zeroed in on three critical dimensions for Forrester clients to follow:

  • Prioritize vendors that kill alert fatigue before it kills SecOps. Network traffic is noisy, and excessive alerts cripple SecOps. Hence, the evaluation considers critical factors such as deep partnerships with closely associated technologies like EDR, robust decryption capabilities, depth of protocol coverage across IT/OT/IoT, flexibility and ease of customizing detection rules, etc. Beyond data collection, we also assessed whether vendors can simultaneously clearly visualize and explain detections in a way that is accessible to security analysts without deep network expertise.
  • Understand that vision without detailed action is vapor. An overly broad vision without clear steps tied to innovation and a roadmap is meaningless. Likewise, a roadmap lacking diversity in development areas signals a gap in market leadership. In addition to this, roadmap items that fail to align with market needs or user experience are weighted accordingly. Prioritize vendors with a distinctive, well-defined vision and a realistic roadmap that resonate with their R&D capabilities.
  • Future-proof your capabilities or fall behind. Enterprise customers with in-house network security expertise and operating in highly regulated, mission-critical environments increasingly demand advanced capabilities such as post-quantum cryptography, compliance, native features to enhance threat hunting and network forensics, etc. Enterprises that fall under this segment must prioritize vendors that deliver these capabilities today or have them clearly outlined in near-term roadmap commitments.

For a closer look into this evaluation, scoring, and the overall market, Forrester clients can read the full report: The Forrester Wave™: Network Analysis And Visibility Solutions, Q4 2025. For any questions about the evolution of this market or if you need support in navigating it, book an inquiry or guidance session with me.

Join us at Forrester’s Security & Risk Summit from November 5–7 in Austin, Texas. I’ll be leading a panel and a roundtable discussion focused on operationalizing threat intelligence and its intersection with AI. Check out the full agenda to learn more about other sessions on Zero Trust; securing generative AI; governance, risk, and compliance; application security; and many more topics.