Gartner’s 2017 Magic Quadrant for Endpoint Protection Platforms (EPP): What’s Changed?

Gartner-endpoint-protection-platform-magic-quadrant-2017Analysis and research firm Gartner, Inc. has released the latest iteration of its yearly Magic Quadrant (MQ) for Endpoint Protection Platforms (EPP) Report.

In the 2017 MQ for EPP Gartner evaluates the strengths and weaknesses of 22 vendors that it considers most significant in the EPP market and provides readers with a graph (the Magic Quadrant) plotting the vendors based on their ability to execute and their completeness of vision. Gartner divides their chart into four quadrants: niche players, challengers, visionaries, and leaders. Gartner does not endorse any vendor, product, or service depicted in its research publications.

The 22 vendors featured in the report are 360 Enterprise Security Group, AhnLab, Bitdefender, Carbon Black, Comodo, CrowdStrike, Cylance, Eset, F-Secure, G Data Software, Intel Security, Invincea, Kaspersky Lab, Malwarebytes, Microsoft, Palo Alto Networks, Panda Security, SentinelOne, Sophos, Symantec, Trend Micro, and Webroot.

This year marks the tenth iteration of the report, which Gartner first introduced way back in 2007, and it comes amidst a transitional period for the EPP market, as the lines between EPP and Endpoint detection and response (EDR) capabilities blur. Gartner predicts that, by 2019, EPP and EDR capabilities will have merged completely, “eliminating the need to buy best-of-breed products for all but the most specialized environments.”

At Solutions Review, we read the 32-page report and pulled a few of what we considered the most important takeaways since the 2016 EPP MQ.

How Gartner Defines EPP

Before jumping into the big changes in this iteration of the report, we should probably clarify just what Gartner analysts mean when they talk about EPP.

In its newest report, Gartner defines EPP solutions as integrated solutions that include Anti-malware, personal firewall,  and port and device control capabilities. Many EPP solutions also include other capabilities such as vulnerability assessment, application control, and EMM. These products and features are usually managed centrally and integrated by shared policies, says Gartner.

To be considered in Gartner’s report, vendors must have the capability to detect and cleanse malware and must have centralized management, configuration and reporting capabilities sufficient to support companies with “at least 5,000 geographically dispersed endpoints.

So with that out of the way, here are a few key takeaways from the report.

Product Consolidation and Market Growth. 

The EPP market is changing fast, and Vendor integration of disparate capabilities such as Data Loss Prevention (DLP), Enterprise Mobility Management (EMM) and vulnerability assessment into comprehensive platforms is only speeding up the transformation.

Gartner predicts that large segments of markets such as DLP and EMM will be absorbed by the EPP market in the near future, like the personal firewall and anti-spyware markets before them.

Analysts at Gartner have noted a widespread trend towards product consolidation, as more and more organizations use a single vendor for multiple EPP functions. 

The growing functionality of EPP products has apparently caused some revenue growth for EPP vendors, as SMBs who previously required multiple solutions for their EPP and EMM needs turn to all-in-one solutions. The total EPP revenue of the Magic Quadrant participants at year-end 2016 was slightly over $3.29 billion, says Gartner. That’s up 2.8% over the previous year. Gartner predicts that growth will continue to be in the low single digits in 2017.

As noted above, Gartner predicts that, by 2019, EPP and EDR capabilities will have merged completely, “eliminating the need to buy best-of-breed products for all but the most specialized environments.”

Four Vendors Lead the Pack

As the EPP market continues to grow, new entrants to the market have inevitably emerged to challenge the domination of traditional signature-based anti-virus vendors, and many have made impressive in-roads in the marketplace. However, four vendors, Trend Micro, Sophos, Kaspersky Lab, and Symantec, continue to dominate the market.

Gartner scored Trend Micro highest in the leader’s quadrant, praising the company for their breadth of coverage across endpoints and the data center, and for their intuitive security dashboards.

According to Gartner, the EPP Leaders Quadrant is composed of vendors who “demonstrate balanced progress and effort in all execution and vision categories. This means broad capabilities in advanced malware protection and strong management capabilities. However, Gartner warns that vendors in the leader’s field aren’t for everyone, citing concerns that leaders are spreading efforts thinly across multiple disciplines, without “pursuing clients’ special needs.

Symantec, for example, was ranked a leader, but Gartner cautions potential customers about a lack of continuous product direction, which as resulted in overwhelming feedback about Symantec from its client base that Gartner sums up with one word: fatigue.

New Challengers Crowd the Market

While the majority of market share remains in the hands of those few large companies, there has been an explosion of new entrants to the EPP protection field in recent years. Ten of the 22 vendors listed in Gartner’s report occupy the Niche players quadrant, while 6 occupy the visionaries quadrant. Meanwhile,  the more established quadrants are home to just six vendors, the four leaders, and just two ‘challengers,’ Microsoft and Intel.

Most of these new competitors are small vendors, challenging legacy vendors with products that are easy-to-use, and are generally more effective at catching new threats. Many of these vendors employ new means of threat detection, outside of traditional, signature-based anti-virus.

Many of these challengers offer less comprehensive products than the market leaders, and Gartner considers many of the vendors in the Niche and Visionary quadrants “complementary,” meaning that they can be added to a machine without disrupting a broader traditional EPP solution already in place.

In fact, Gartner’s analysts estimate that 90 percent of ‘visionary’ products are running in tandem with other solutions. Approximately six percent of organizations are now running with two solutions, according to Gartner’s research.

However, some visionary challengers have earned high praise even as full-on replacements for large-scale EPP deployments. SentinelOne, for example, was praised for “strong performance in competitive displacements, even in very large accounts, due to ease of use and a single-agent deployment that provides both EPP and EDR capabilities.”

How these changes will shake out over time is yet to be seen, but for now, it’s safe to predict that the EPP market as we know it will not last. New challengers show the potential to overtake the capabilities of the old-guard, who struggle to keep up via acquisitions and new integrations, but still provide necessary functions unproven in ‘next-generation’ products.

Jeff Edwards
Follow Jeff

Jeff Edwards

Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

9 thoughts on “Gartner’s 2017 Magic Quadrant for Endpoint Protection Platforms (EPP): What’s Changed?”

  1. Saurabh says:

    Hi,

    I am planning to go for enterprise security but am confused between sophos and bitdefender. can you please guide me thru. we only have 40 endpoints with no in house application , we are into retail sales and our major usage is MS office.

    1. URHacked says:

      Just use Avira, don’t buy an endpoint suite – you’re already f’ed.

    2. Jai says:

      Saurabh, buy Panda AD360 and it will make your life easy

    3. Ujwal Maharjan says:

      Sophos Endpoint may have appeared on the Top list.
      But it’s crap.
      Blue screen every single day on installed systems, reported since a month ago still have no solution from their technical team so far.
      When an infected file appears on a system, it requires Sophos central to manage it either remove or keep.
      Even though u did remove it there, it would say ‘successfully cleaned’ go and check the file still exists!! WTF!!

  2. Satish says:

    Its very strange that Mcafee in pur in first quadrant

    1. Jumbo says:

      That’s actually proving that it’s a good report 🙂

      1. Rudi says:

        It is baffling why Dells product DDP-ESS and similar endpoint solutions never show for comparison on this report. Can anyone provide insight as to why that is.

  3. Rony Krayem says:

    Trend Micro is the worst EPP in terms of defense and protection. Maybe it is widely used and highly propagated which gives the main reason for scoring number one in the quadrant.

Leave a Reply

Your email address will not be published. Required fields are marked *