The CF List: 20 Endpoint Detection and Response (EDR) Providers You Should Know
EDR vendors have begun their evolution into extended detection and response (XDR).
![Twenty, 20, SD-WAN providers Twenty, 20, SD-WAN providers](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt1623fbe456f4d7d3/6523f96f6868b42e553c7c45/shutterstock_790434142.jpg?width=700&auto=webp&quality=80&disable=upscale)
Jörge röse-oberreich/Shutterstock
Forrester’s Allie Mellen and S&P Global’s Fernando Montenegro cite Bitdefender among top EDR providers.
“Our survey data points to information security being one of the most important areas of investment during the pandemic, so there’s an opportunity for a technology refresh,” Montenegro said. “Some of the interest here has gone to areas such as zero trust-based network access and secure access service edge (SASE), but with endpoints being critical for access, there are opportunities there, too. In this case, organizations may be looking at endpoints to help address some of the coverage they lost when people started working remotely and not in a corporate network.”
Mellen cites BlackBerry Cylance as a top EDR provider. This month, the company announced BlackBerry Optics 3.0, its next-generation cloud-based EDR solution, and BlackBerry Gateway, the company’s first AI-empowered zero trust network access (ZTNA) product. BlackBerry’s new endpoint and network security capabilities will help differentiate its XDR strategy.
Mellen cites Broadcom as a top EDR provider.
“The landscape has been in flux, perhaps not so much over the past year but over the past few years,” Montenegro said. “The acquisitions of Symantec (by Broadcom), Cylance (by BlackBerry), Webroot (acquired by Carbonite which was then picked up by OpenText) and Carbon Black (by VMware) have made changes to the landscape in terms of larger vendors coming in. Also, other acquisitions such as CrowdStrike picking up Humio and SentinelOne acquiring Scalyr reflect the changing nature of the market as vendors gear up for competition beyond endpoint security and into XDR.”
Mellen said Cisco is a leading EDR provider.
“Much of the data that was previously stored on the endpoint is being shifted to the cloud, in part accelerated by the pandemic,” she said. “EDR established its value around protecting where the data has historically been known to reside: the endpoint. Now that we are seeing the data shift to the cloud, EDR solutions must start to provide native cloud security capabilities to remain relevant.”
Omdia’s Parizo and Mellen said CrowdStrike‘s acquisition of Humio makes it a compelling EDR/XDR provider to watch. In addition, CrowdStrike is named a leader in Gartner’s latest Magic Quadrant for EPP providers. It delivered triple-digit earnings growth in the fiscal first quarter with the addition of 1,524 net-new subscription customers and continued customer demand.
Mellen said Cybereason is among top EDR providers.
According to Mordor Intelligence, the global EDR market was valued at $1.8 billion in 2020, and it is expected to reach $6.9 billion by 2026. Enterprises are increasingly adopting more decentralized and edge-based security techniques due to an increasing number of data breaches globally. This is driving the demand for EDR solutions.
Mellen cites Fidelis Cybersecurity among top EDR providers. The Fidelis Elevate XDR Platform integrates deception technologies with EDR, network and cloud. Fidelis helps organizations detect, respond and neutralize threats earlier, and to deploy deception technologies to create traps and lures that stop adversaries before they advance across the IT environment.
Montenegro said Fortinet is among top EDR providers. Last month, the company announced enhancements to its FortiEDR solution. These include new MITRE ATT&CK tags for system activity, new managed detection and response (MDR) service options and its recently announced XDR capability.
Parizo said he’s intrigued by Hunters, which provides an XDR engine and data analysis capabilities using technology from integrated third-party vendors. Its XDR ingests, retains and cross-correlates telemetry from all security tools to integrate and analyze threat signals across large enterprise environments, fostering accelerated response to incidents.
Mellen cited Kaspersky as an EDR leader. Kaspersky has incorporated EDR capabilities into its Endpoint Security Cloud product.
“EDR in and of itself is a fairly mature space, but I am intrigued by the efforts of vendors like Kaspersky who are attempting to invent a new approach,” Parizo said.
Mellen cites Malwarebytes as a top EDR provider. Last month, TeamViewer announced a new partnership with Malwarebytes. Malwarebytes’ solutions for advanced endpoint protection, as well as EDR, will be embedded in TeamViewer Remote Management to offer customers cyber resilience and threat defense capabilities.
Mellen cites McAfee among top EDR providers. In addition, McAfee is named a leader in Gartner’s latest Magic Quadrant for EPP providers. McAfee has expanded its MVision XDR solution by correlating the telemetry of its endpoint security solution, SASE solution and threat intelligence solution powered by MVision Insights.
Mellen said Microsoft belongs among top EDR providers. In addition, Microsoft is named a leader in Gartner’s latest Magic Quadrant ranking of EPP providers. Microsoft’s threat and vulnerability management capabilities in Microsoft Defender for Endpoint now protect Linux-based devices.
SentinelOne’s acquisition of Scalyr and its evolution to XDR make it a provider to watch, Parizo said. In addition, SentinelOne is named a leader in Gartner’s latest Magic Quadrant ranking of EPP providers. The company also recently filed for an IPO to raise $100 million.
Mellen cites Sophos among top EDR providers. In addition, Sophos is named a leader in Gartner’s latest Magic Quadrant ranking of EPP providers. Last month, Sophos introduced Sophos XDR, an XDR solution that blends endpoint, server, firewall and email security capabilities.
Parizo said he’s intrigued by the so-called “open” XDR vendors. That includes upstarts like Stellar Cyber, which provides an XDR engine and data analysis capabilities using technology from integrated third-party vendors.
“While I like the idea of third-party, best-of-breed XDR solutions, these vendors must be careful not to make the same mistakes that have led most SIEM solutions to struggle with log normalization and correlation, and ultimately hindering detection accuracy,” he said.
Mellen, Montenegro and Frost & Sullivan’s Massimini all cited Tanium as an EDR leader.
“Tanium was in my top 10 for endpoint security in 2019,” Massimini said. “We do not track EDR separately, it is part of endpoint. The company has focused on EDR for several years. It has a great deal of financial backing and has seen high revenue growth.”
Mellen cited Trend Micro among top EDR providers. In addition, Trend Micro is named a leader in Gartner’s latest Magic Quadrant ranking of EPP providers. With Vision One, Trend Micro is solving more complex security challenges with enhanced XDR, new risk visibility, new third-party integrations, and simplified response to threats across security layers.
Parizo said VMware is making “fantastic strides” toward a compelling XDR offering by combining its own expertise in network and hybrid cloud data center security with technology from Carbon Black (EDR) and Lastline (NDR).
“A year from now, I would not be surprised if VMware’s efforts quickly foster one of the most competitive XDR solutions in the industry,” he said.
Montenegro cites Webroot among top EDR providers. In April, OpenText launched a new version of its Webroot Business Management Console for MSPs. It’s designed to provide MSPs with a unified point of management across Webroot’s endpoint, DNS and security awareness training portfolio.
Montenegro cites Webroot among top EDR providers. In April, OpenText launched a new version of its Webroot Business Management Console for MSPs. It’s designed to provide MSPs with a unified point of management across Webroot’s endpoint, DNS and security awareness training portfolio.
The COVID-19 pandemic and subsequent shift to remote work accelerated demand for endpoint detection and response (EDR) solutions.
Our latest CF List focuses on EDR and the transition to extended detection and response (XDR). Analysts with Omdia, S&P Global Market Intelligence, Forrester and Frost & Sullivan weighed in on EDR market trends and what it takes to be a successful EDR provider.
Allie Mellen is analyst of security and risk at Forrester.
Forrester’s Allie Mellen
“The pandemic has highlighted how important it is to build resilience into our systems and processes,” she said. “When the pandemic started, security teams had to quickly pivot to support remote work.”
Additionally, throughout the past year, security teams had to prepare for the inevitable return to the office, Mellen said.
“Ultimately … security teams are looking for a tool that can be dynamic with them, especially when handling such large and changing amounts of data,” she said.
Pandemic Accelerated Changes
Fernando Montenegro is principal analyst of information security at S&P Global.
S&P Global’s Fernando Montenegro
“The requirements have been evolving,” he said. “But the pandemic accelerated changes that have been in play for a few years now. For example, it’s now commonplace to have at least the option of using a cloud-based back end. And broad support for multiple platforms (Windows, Mac, Linux, mobile) is expected as well.”
Eric Parizo is principal analyst of Omdia’s cybersecurity operations intelligence service. (Like Channel Futures, Omdia’s parent company is Informa.)
Omdia’s Eric Parizo
“There’s no question endpoint defense requirements have evolved to the point where the ability to detect and respond to threats on remote endpoints, endpoints with trusted user access, is just as important as for endpoints directly connected to the corporate network,” he said.
Tony Massimini is senior industry analyst of information and network security at Frost & Sullivan.
Frost & Sullivan’s Tony Massimini
“A major development in the last few years is that EDR has quickly become integrated into endpoint protection platform (EPP),” he said. “EDR, an enhanced threat hunting tool, was a standalone, high-end niche solution that was previously tracked separately by Frost & Sullivan. Endpoint security vendors have integrated various EDR functions across a spectrum of EPP offerings.”
XDR Evolution
Mellen said EDR vendors have begun their evolution to XDR. Companies have initiated acquisitions explicitly meant to help them on this new strategy.
“Two examples that come to mind are CrowdStrike and their acquisition of Humio, a log management solution, and SentinelOne and their acquisition of Scalyr, a data analytics platform,” she said.
EDR vendors across the board have shifted towards the XDR market, Mellen said.
In addition, some younger players claim to deliver on XDR outcomes, she said. But they haven’t yet revealed these capabilities.
Parizo said recent M&A activity shows the future isn’t EDR, but rather XDR.
“While XDR solutions don’t necessarily have to be based on EDR, the EDR vendors recognize that customers don’t want separate detection and response solutions for endpoints, networks and the cloud,” he said.
Vendors should integrate these solutions, Parizo said. That’s because threat actors will traverse back and forth across different platforms during the course of a single attack.
In addition to SentinalOne and Crowdstrike, Parizo cites Fidelis Cybersecurity’s acquisition of CloudPassage as an example of the evolution to XDR.
“Standalone EDR solutions are already on borrowed time,” he said.
We’ve compiled a list, in alphabetical order, of 20 top EDR providers based on analysts’ feedback and recent news reports. The list includes a mix of well-known providers as well as lesser-known ones making strikes in endpoint security.
Scroll through our slideshow above to see who made the list.
About the Author(s)
You May Also Like