The editors at Solutions Review highlight what’s changed in the 2021 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP), the report’s latest iteration.
Technology research giant Gartner, Inc. recently released the 2021 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP). You can download it here. Gartner researchers define endpoint protection as “platforms [that] provide the facility to deploy agents or sensors to managed endpoints including PCs, servers and other devices.” These include the capabilities that prevent file-based and fileless malware, control over software and scripts, and the ability to investigate incidents and remediate evasive threats.
Additionally, Gartner researchers note the importance of behavioral analysis as a threat detection capability and optional management capabilities.
2021 Gartner Magic Quadrant for Endpoint Protection Platforms: Present and Future
In the present, Gartner frames endpoint protection as a component of basic digital security hygiene, necessary for malware protection. In fact, Gartner praises it as a means to lower the risk of cyber-attacks. However, the researchers also note the importance of examining and investing in more advanced capabilities to extend protection to more evasive threats.
Interestingly, the 2021 Gartner Magic Quadrant for Endpoint Protection Platforms discusses EDR with language reminiscent of SOAR (security orchestration, automation, and response, even using some of those components by name. Indeed, the report calls EDR’s automated response capabilities highly desirable.
As to the future: Gartner predicts that by the end of 2023, cloud delivery of EPPs will exceed 95 percent of all deployments. Moreover, by 2025, 50 percent of enterprises using endpoint detection and response (EDR) will use managed detection and response (MDR).
In the report, researchers evaluate the strengths and weaknesses of the providers it considers most significant in the marketplace. Then, it provides readers with a graph (the eponymous Magic Quadrant) plotting the vendors based on their ability to execute (Y-Axis) and their completeness of vision (X-Axis). The graph is divided into four quadrants: Niche Players, Challengers, Visionaries, and Leaders.
At Solutions Review, we read the report (available here). Here’s what we found.
What’s Changed In this Report?
The 2021 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP) is the 13th iteration of the report; Gartner did not release the Magic Quadrant for the 2020 year. As always, Gartner evolved its inclusion and exclusion criteria to match with current market innovations and demands. Thus Malwarebytes and Palo Alto Networks failed to meet the exclusion criteria despite appearing in previous reports (both, alongside Tanium, are named as Honorable Mentions). Only one new vendor, Cybereason, appears in the current report.
Interestingly, Gartner chooses to list 30 inclusion criteria based on solution capabilities for the report, with 15 being mandatory. These include the ability to detect known and unknown malware without relying on updates, automatic threat removal upon detection, and the ability to collect suspicious event data on devices operating outside the corporate network.
These inclusion criteria operate in tandem with Gartner’s market-based exclusion criteria.
Therefore, the total number of vendors appearing in the Magic Quadrant for 2021 is 19: Bitdefender, BlackBerry (Cylance), Broadcom (Symantec), Check Point Software Technologies, Cisco, CrowdStrike, Cybereason, ESET, FireEye, Fortinet, F-Secure, Kaspersky, McAfee, Microsoft, Panda Security, SentinelOne, Sophos, Trend Micro, and VMware Carbon Black.
Who’s Where and Why?
Niche Players, by Gartner’s definitions, provide the core of necessary capabilities but are often confined through service to particular geographic or customer sizes; this means they can still be solid choices for enterprises that fall within their specialized use cases.
The Niche Players this year are FireEye, Bitdefender, F-Secure, Blackberry (Cylance), Fortinet, Check Point Software, and Panda Security.
This year, the 2021 vendors moved more to the left than in the last iteration almost en masse, demonstrating less Completeness of Vision overall. F-Secure moved substantially to the right, edging closer to the line separating Niche Players from Visionaries. Also, Fortinet moved to the right, appearing now closer to the middle of the quadrant.
However, almost all of the listed vendors moved up and down on the “Ability to Execute” axis. FireEye moved so far up that it nears the Challengers Quadrant. Bitdefender and Blackberry both moved down, as did Panda Security. Meanwhile, both Check Point and Fortinet moved up.
- FireEye’s multiple prevention engines for endpoint threats and ransomware.
- F-Secure’s innovative EDR solution.
- Bitdefender’s R & D team, which focuses on threat research.
- Blackberry’s Cyber Suite, which provides EPP, EDR, and mobile protection through a single console.
- Fortinet’s easy deployment and management of its solutions.
- Check Point’s wide array of protections, including email phishing protection.
- Panda Security’s comprehensive range of operating systems.
Visionaries are defined by their capabilities, which often promise what will become critical in the next generation of products and allow customers to get in on the ground floor of new technologies.
The Visionaries this year include VMware Carbon Black, Cisco, Broadcom (Symantec), Cybereason, and Kaspersky. Cybereason appears in this Quadrant having been excluded from previous reports.
This Quadrant is ruled by change. Kaspersky moved down and somewhat to the left of the last report, whereas VMware Carbon Black moved up substantially. However, Cisco was listed as a Niche Player in the last report and has moved right into this quadrant and up in 2021. Symantec, previously listed as a Leader, dropped into this quadrant.
- VMware Carbon Black’s single-agent offering of all four core EPP capabilities.
- Cisco’s improvements such as automated playbooks and simplified threat hunting.
- Broadcom’s improved EDR capability with better visualization.
- Cybereason’s efficient and easy-to-use management console.
- Kaspersky’s broad range of endpoint protection capabilities including device control, firewall management, and URL filtering.
As a category, Challengers offer solid, well-rounded platforms but can execute beyond the scope of the Niche Players.
Only ESET appears as a Challenger in the 2021 Gartner Magic Quadrant for Endpoint Protection Platforms, echoing its position as the only challenger in the 2019 iteration. However, this year it moved significantly to the left.
Gartner praises ESET’s combination of “a lightweight client with a solid anti-malware engine.”
While Gartner stresses that Leaders do not match the buying needs of every customer, they do provide “broad capabilities in advanced malware protection, and proven management capabilities for large enterprise accounts.”
The Leaders this year are Microsoft, CrowdStrike, Trend Micro, SentinelOne, McAfee, and Sophos.
In a distinct pattern, Sophos, McAfee, SentinelOne, and Trend Micro form a line moving right and up in the quadrant. McAfee and SentinelOne appeared as Visionaries in the last report, showing a massive jump up.
However, Microsoft and Crowdstrike saw a massive spike up and to the right, appearing the far corner together.
- Microsoft’s unified threat hunting and automation, achieved through common cloud consoles and data lakes.
- CrowdStrike’s ability to adapt to shifts in attack patterns and tactics early, serving a highly targeted customer base.
- Trend Micro’s strong commitment to cloud offerings.
- SentinelOne’s added support for containers and serverless workloads.
- McAfee’s EDR, which includes an extensive remediation capability plus an advanced SOC workflow feature.
- Sophos’ expansion of its MDR capabilities through acquisition and platform integration.