Security Stack Logo
Gatewatcher NDR Platform logo

Network & Infrastructure Security

Gatewatcher NDR Platform

Multi-engine NDR with instant threat detection and generative AI incident response assistant.

Network Detection and Response (NDR)

Gatewatcher NDR Platform Overview

What it does

Gatewatcher NDR Platform is a multi-engine Network Detection and Response solution from Gatewatcher, founded in 2015 by Jacques de La Rivière and Philippe Gillet and headquartered in Paris, France. The company employs 51-200 people and has raised $57.57M in funding from Move Capital and European Investment Bank, including a €25M Series A round in 2024. Gatewatcher was named a Niche Player in the 2026 Gartner Magic Quadrant for Network Detection and Response, having been the sole Visionary in the inaugural 2025 edition, and its solutions are ANSSI-qualified as "Secured by Design" for protecting French vital operators and essential services.

How it works

The platform combines AIonIQ (core NDR engine), COCKPIT (unified management console), Reflex (incident response orchestration), and GAIA (generative AI assistant launched in 2024) to provide instant threat detection without baseline requirements. Multi-engine detection uses static analysis, heuristics, and machine learning to identify known threats, zero-days, encrypted traffic threats, and past threats through retro-hunt capabilities. The integrated Cyber Threat Intelligence platform built on acquired LastInfoSec technology and OpenCTI standards continuously monitors social networks, specialized sites, darknet, and deep web for indicators and early compromise signs. Deep Visibility monitors network infrastructure across IT and OT environments, while GTAP optical and copper TAPs provide non-intrusive network coverage.

Credentials and traction

The Gatewatcher NDR Platform lineage holds an ANSSI qualification (Visa de Sécurité) carrying CSPN first-level security certification. Gatewatcher was named a Visionary in the 2026 Gartner Magic Quadrant for Network Detection and Response, after also being named a Visionary in the 2025 edition. It has won TEISS Awards for Best AI/ML and Best Network and a Computing Security Award in 2024. Named customers span defense and aerospace (KNDS France, Lynred), healthcare (GHT Vaucluse), education, and sport (Leeds United).

Key Capabilities

mapped to solution categories
Network Detection and Response (NDR)

Performs deep packet inspection on industrial protocols (Modbus, DNP3, EtherNet/IP, PROFINET, IEC 61850, OPC-UA), for behavioral monitoring of OT environments alongside IT network analysis.

Integrates with firewalls, NAC platforms, and switches to automatically block or quarantine hosts and traffic flows in response to confirmed detections, without requiring analyst-initiated action.

Extends network detection to cloud VPC traffic using VPC flow log analysis, cloud-native sensors, or mirroring, covering east-west traffic between cloud workloads.

Monitors lateral movement traffic between internal network segments and hosts, distinct from perimeter monitoring. Requires network tap or span port placement on internal switch infrastructure.

Detects threats in TLS-encrypted traffic using JA3/JA3S fingerprinting, certificate anomaly detection, and traffic behavioral analysis, without requiring decryption.

Builds per-device and per-application baselines of normal network communication patterns and detects deviations, enabling detection of novel C2 channels, data staging, and lateral movement.

Groups related network alerts into structured incidents that reconstruct an attack across hosts and time, reducing alert volume and giving analysts a single investigation timeline instead of disconnected events.

Includes traditional detection such as IDPS signatures, rule-based heuristics and threshold alerts alongside behavioral analytics.

Detects threats using intelligence feeds from internal and external sources.

Performs retroactive and forensic analysis using network flow data and scalable full-packet capture with long-term retention.

Uses an AI-based search assistant to accelerate threat hunting and surface actionable insights.

Compliance

certifications
GDPRNIS2 Directive

Integrations

compatible tools
AnomaliAzure ADFortinetGigamonHarfangLabIBM QRadarNozomi NetworksO365OpenCTIPalo Alto NetworksSekoiaSentinelOneSplunk

Implementation & support

Deployment model
Air-GappedCloudHybridOn-Premises
Pricing structure
Custom / EnterpriseSubscription
Support channels
Email SupportTicketing Portal

Info last updated on May 28, 2026

Vendors

Is this your product?

Claim your profile to connect with the teams looking for your solutions.

Security Stack Logo

The curated research platform for enterprise cybersecurity solutions.

All product and company names, logos, and brands are property of their respective owners and are used on this website for identification purposes only. Security Stack does not endorse any vendor, product, or service listed, and makes no warranties, express or implied, as to the accuracy or completeness of this content, including any warranties of merchantability or fitness for a particular purpose.

© 2026 Security Stack. All rights reserved.