Reflection on the 2018 Gartner Magic Quadrant for Endpoint Protection Platforms
It seemed like just yesterday that enterprise technology research firm Gartner released their 2018 Gartner Magic Quadrant for Endpoint Protection Platforms. It’s one of, if not the, most highly anticipated assessments of the endpoint protection platform market in the cybersecurity community—almost a who’s who of EPP solution providers, even if it is by no means a perfect assessment.
An entire fiscal quarter has passed since the original release of the 2018 Gartner Magic Quadrant for Endpoint Protection Platforms. Now with the benefit of hindsight and plenty of data breaches and enterprise security leaks to provide context, we thought we’d look back on some of Gartner’s assertions and assess their accuracy.
Here’s what we found:
Visionaries Truly Do Rule in the Endpoint Protection Market
We noted when we first assessed the Gartner Magic Quadrant for Endpoint Protection Platforms that, of the 21 vendors included in the report, nearly half fell under the label of “Visionary.” According to Gartner’s researchers, this quadrant designates solution providers that have excellent product visions—visions that could prove revolutionary—but have yet to fully realize implementation.
The crowding within the Visionary quadrant reinforces an assessment Gartner makes in their market report—namely, that it is mature in a way many other cybersecurity solution fields aren’t. The techniques and tools are well-known and clearly defined, to the point that the greatest concern EPP solutions providers face currently is how to distinguish themselves from their competitors.
Since the publication of that report we’ve seen numerous solution providers including Palo Alto, ESET, CrowdStrike, and Cylance embracing, or making market moves to bolster, endpoint detection and response (EDR) capabilities. EDR represents new territory in the endpoint protection platform market—a developing tool in a mature market, and thus a way for vendors to distinguish themselves.
Gartner contends in their report that EPP and EDR are starting to mix and merge, blurring the lines between them. However, our research indicates that EDR solutions are being marketed as separate products or solutions from their endpoint protection counterparts.
But does this mass adoption and emphasis on EDR represent efforts by vendors to stand out? If numerous vendors are moving to EDR at the same time, does that truly distinguish them? Or does that instead indicate that the market is so mature vendors are simultaneously recognizing the importance of detection capabilities to bolster their preventative measures?
The situation is ambiguous, but it does indicate that Gartner was right: Visionaries are making serious moves in the EPP market.
No Clear Evidence of Data Breach Fallout
The Gartner Magic Quadrant Report states that endpoint protection platform solution providers are coming under increased enterprise scrutiny due to the plethora of data breaches businesses have suffered over the past few years. The number of users and consumers with information breached now numbers in the millions.
However, our own market observations don’t appear to support Gartner’s assertions. In fact, it looks more like the opposite. According to a recent study by Centrify, 60% of CEOs primarily invest in anti-virus—a subsection of endpoint protection platforms—over any other cybersecurity solution. Endpoint security vendors are still releasing well-regarded research papers on anti-malware best practices and internet security for enterprise consumption. From what we can tell, the scrutiny is transferring from endpoint security to human error within the enterprises themselves.
What About the IoT?
The Gartner Magic Quadrant doesn’t mention Internet of Things (IoT) devices, which seems something of an oversight in the current marketplace. IoT devices are becoming ever-more commonplace in enterprise workplaces. Simultaneously, they are becoming an increasing InfoSec concern due to inherent persistent digital security design flaws. More enterprises are looking into endpoint protection platforms that can secure their IoT devices as well as their more traditional endpoints. While we can’t predict what Gartner will and will not consider in their next Magic Quadrant, but we believe this will become a major factor in their future Endpoint Protection Platform reports.
This reflection is not meant as a critique of Gartner’s Magic Quadrant for Endpoint Protection Platforms in any way. We greatly respect their research and insight. This reflection is merely meant as a companion piece to help enterprises evaluate their selection process for one of the most difficult and important digital decisions you will make.