Gartner’s 2018 Magic Quadrant for Endpoint Protection Platforms (EPP): What’s Changed?

What's Changed? 2018 Endpoint Protection Platform 2018

It’s that time of year again: technology research and analysis firm Gartner, Inc. has released the annual iteration of their Magic Quadrant (MQ) Report for Endpoint Protection Protection Platforms (EPP) for 2018.

For the uninitiated, in this report Gartner evaluates the strengths and weaknesses of the 21 Endpoint Protection Platform vendors that it considers the most significant in the market based on distinct service and market share criteria. The report then provides readers with a graph—the so-called Magic Quadrant—plotting the vendors based on the completeness of, and their ability to execute on, their security vision. The four categories of  the Quadrant are Leaders, Visionaries, Challengers, or Niche Players.

This year the 21 vendors selected to the Endpoint Protection Platform Magic Quadrant are: Bitdefender, Carbon Black, Cisco, Comodo, CrowdStrike, Cylance, Endgame, ESET, FireEye, Fortinet, F-Secure, Kaspersky Lab, Malwarebytes, McAfee, Microsoft, Palo Alto Networks, Panda Security, Sentinel One, Sophos, Symantec, and Trend Micro.

The 2018 EPP MQ is the 11th iteration of the report; Gartner first introduced the category in 2007. In 2018, adaption and security architecture evolution dominate the field’s collective thinking. Gartner’s latest prediction is that EPP will provide automated, orchestrated incident investigation and responses by 2021.

At Solutions Review, we read the Endpoint Protection Platforms Magic Quadrant report and pulled a few of what we considered the most important takeaways since the 2017 EPP MQ.  Here they are:

How Gartner Defines Endpoint Protection Platforms

Gartner has somewhat altered their definition of an EPP since September of last year. Before diving into the subject overall, it is important to clarify exactly what the category means to Gartner.

For 2018, Gartner defines an EPP as “solution deployed on endpoint devices to prevent file-based malware, to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts.”

This new definition contrasts somewhat with the 2017 definition. The former considers the incorporation of EDR (endpoint detection and response) features as central necessities whereas the latter considered them only as welcome supplements.

To be considered for entry to the EPP MQ, a vendor’s solution must be capable of blocking known and unknown file-based malware, detecting malicious program behaviors, and automatically quarantining rogue programs. Additionally the vendor must be capable of supporting a 10,000 seat enterprise and have some North American presence.

With that cleared up, let’s dig in.

2018: A Year of New Names and Vanished Vendors

Gartner readjusts its evaluation criteria, often in response to market changes, each year. Therefore, sometimes vendors who appeared in the MQ one year may not return for the next one.

Four vendors—360 Enterprise Security Group, AhnLab, G Data Software, and Webroot—appeared in the 2017 MQ but did not make the cut for 2018. According to Gartner’s report, this is because they focused on a single segment to the detriment of others. Most of them appear to lack a North American presence as well.

On the other hand, the new criteria allowed entry to four new vendors: Cisco, Endgame, Fortinet, and FireEye.

EPP: Consolidation Under Wary Eyes

The EPP marketplace is one of high pressure and continuous evolution—evolution that appears to be speeding up as customer demands increase in response to a plethora of attacks.

For example, EDR and EPP solutions continue to blur the lines between them; solutions that were traditionally one or the other have begun taking on the capabilities of their counterpart. This has resulted in a market that can appear on the surface to have problems with carving out individual identities.

EPP is also a market under serious scrutiny after the seemingly higher than average wave of attacks in 2017. Gartner found that clients that suffered an attack last year felt let down by their endpoint vendors or that the service provided by their vendor left them dangling.

In response, Gartner predicts that the leading and visionary vendors of 2018 and 2019 will be those that will use their data to provide actionable advice to their clients. In other words, communication will be key to future EPP vendor success.

Three Leaders Left Standing

Gartner considers Leaders to be the vendors with “balanced and consistent progress and effort in all execution and vision categories.” They tend to have both advanced anti-malware programs and good client management skills. However, Gartner stresses that just because a vendor is a Leader does not mean that it is ideal for everyone; leaders may be too board in focus for some clients or spread too thin.

One of the big changes in 2018’s EPP MQ is the loss of one of its traditional Leaders. Kaspersky Lab was bumped down to the “Visionary” Quadrant this year. According to the report, this decision stemmed in part because Kaspersky only recently introduced EDR capabilities to its platform, as well as having complexity issues in management and investigation.

However, their profile was dominated by the recent allegations against it. While Gartner did say that the U.S. federal government did not have any evidence to corroborate its claims of collusion with the Russian government, it is hard to imagine that such charges didn’t have some effect on its new placement.

That only leaves three Leaders in the EPP MQ: Trend Micro, Sophos, and Symantec.

Sophos received praise for the machine learning and integration capabilities of its product, Intercept X, but they received worries about their lack of vulnerability reporting and recent changes that may hamper the Intercept X’s cloud adoption.

Trend Micro was lauded for its patching capabilities and managed detection services, but were noted to lack MacOS support for EDR.

Symantec got good marks for stabilizing their management team at long last and for their continuing standard of comprehensiveness. However, there are still inconsistent reports concerning their support teams, and the vendor still carries a reputation for complexity and expensiveness.

A Market of Visionaries

Of the 21 vendors in the EPP MQ, just about half of them fell into the Visionary category. For comparison sake, only one vendor, ESET, fell into the Challenger Category. Five were placed in the Niche Player quadrant: Palo Alto Networks, Bitdefender, Comodo, FireEye, and Fortinet.

Gartner defines Visionaries as vendors with leading edge features that they predict will be significant in the next generation of products but struggle with current execution. Clients might select them for their “best-of-breed” qualities, according to the research firm.  

For example, CrowdStrike was praised for its EDR visibility and for the quality of its managed services, but marked down for its complex functionality and lack of integrated deployment. Malwarebytes was singled out for its application hardening and exploit mitigation, while also suffering in the rankings due to its lack of cloud-based reporting.

That there are so many visionaries in the field may suggest that Gartner’s prediction of future evolution in EPP is spot on. It certainly suggests that the next generation of Endpoint Protection Platforms will boast greater features and capabilities than ever before. Whether that means the Visionaries as the pioneers of this new technology take greater precedence and market share, or if the current leaders adapt to the changing situation on the ground, remains to be seen.

Ben Canner
Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me

Leave a Reply

Your email address will not be published. Required fields are marked *