Solutions Review’s annual Vendors to Know in EDR (Endpoint Detection and Response) Platforms provides the details on some of the most critical solution providers in the space.
The editors at Solutions Review continually research the most prominent and influential EDR vendors to assist buyers in search of the tools befitting the needs of their organization. Choosing the right vendor and solution can be a complicated process; it requires constant market research and often comes down to more than just the solution and its technical capabilities. To make your search a little easier, we listed the vendors to know in EDR platforms.
Note: All vendors are listed alphabetically.
Vendors to Know in EDR Platforms, 2021
Binary Defense serves primarily as a Security Operations Center (SOC) and Managed Detection and Response (MDR) provider. From an EDR and endpoint protection perspective, Binary Defense offers to take those concerns onto itself, offloading them onto its independent SOC capabilities. Additionally, it pairs EDR with technology-agnostic SIEM deployment, tuning, and monitoring services while remaining customizable. Binary Defense provides threat hunting, which works to uncover undetected threats, enhance incident response speed and accuracy, and reduce attack surfaces.
Bitdefender’s GravityZone Enterprise Security is a modular solution delivering centralized management and deployment for a range of endpoints: cloud providers, servers, desktops, laptops, and mobile devices. Among its solutions, it boasts the Bitdefender Endpoint Detection and Response. Bitdefender EDR security monitors organizations’ networks to uncover suspicious activity early and provides the tools to enable IT security teams to fight off cyber-attacks. EDR’s threat visualizations focus investigations and maximize the ability to respond directly.
BlackBerry acquired endpoint protection platform provider Cylance and has since incorporated its capabilities into its own Cyber Suite. In the EDR realm, it offers the BlackBerry Optics platform. BlackBerry Optics is an EDR solution that extends the threat prevention delivered by BlackBerry Protect using AI to identify and prevent widespread security incidents. Its capabilities use context-driven threat detection, machine learning threat identification, root cause analysis, smart threat hunting, and automated remote investigations.
VMware | Carbon Black
VMware | Carbon Black’s endpoint security software—Cb Defense—offers streaming malware protection and EDR to detect and prevent bad actors from attacking your organization in real-time. Cb Defense consistently records all endpoint activity, making it easy to track potential security threats and determine their root causes. VMware Carbon Black offers custom APIs, giving IT teams the ability to integrate security capabilities from various solutions. It also offers Cb Protection, which is designed to replace legacy endpoint security solutions and help with PCI DSS compliance mandates and Cb LiveOps. Cb LiveOps builds off the Carbon Black Predictive Security Cloud for real-time threat remediation.
GoSecure leverages big data and behavioral analytics with a next-generation endpoint security solution called GoSecure EDR. Obviously, this uses EDR, machine learning, and behavioral analysis to recognize threat context and increase endpoint visibility. This allows its solution to catch threats missed by legacy signature-based detection methods. GoSecure software distinguishes between unknown and known threats via signatureless scanning and responses to both proportionally so that malware diversion tactics will not fool them.
CrowdStrike’s endpoint solution, Falcon Host, offers visibility in real-time and detects attacks within your enterprise software. Falcon Host integrates into your current environment and enables your IT security team to detect and block suspicious activity to prevent damage to your business. It covers Windows desktop and servers and Mac computers, whether on or off the network, and combines EDR and anti-malware into a single agent. In 2020, CrowdStrike released an enhancement to its platform’s visibility, detection, and response capabilities across Windows, macOS, and Linux operating systems and new customization capabilities.
Cybereason works to provide endpoint protection and data security across enterprise IT environments and diverse devices. Its platform offers future-ready attack protection and malicious operation visualization, shifting the emphasis from alerts to operations. The Cybereason EDR platform provides visualization with contextualization and insights, immediate remediation capabilities, and the means to maximize security team effectiveness.
Cynet 360 is the world’s first Autonomous Breach Protection platform that natively integrates XDR attack prevention and detection capabilities (including NGAV, EDR, Deception, and more) with automated investigation and remediation via a single lightweight agent with zero operational effort. Cynet 360 technology is complemented by a 24\7 MDR service free of charge, placing end-to-end breach protection within reach for any organization regardless of its security team size and skill.
Fidelis Security offers Extended Detection and Response, EDR, and Deception, working to offer fast threat response and IT environment visibility. ITs EDR platform specifically allows both real-time and retroactive deep visibility into all endpoint activity, process blocking, and simplified threat hunting. Additionally, Fidelis automates responses with pre-built scripts and playbooks.
Founded in 2006, Malwarebytes offers enterprise anti-malware software for multiple operating systems. Its EDR platform aims to prevent and mitigate escalating threats and zero-day threats while alleviating complexities. Also, Malwarebytes EDR offers remote worker optimization, Anomaly Detection machine learning, and granular isolation for processes, networks, and Windows desktops. The platform also provides 72-hour ransomware rollback for Windows workstations.
Palo Alto Networks
Palo Alto Networks has combined network, cloud, and endpoint security into one integrated platform that delivers automated prevention against cyber-attacks. Palo Alto’s Cortex XDR continuously profiles endpoint, network, and user behavior to uncover the stealthiest attacks. Also, Cortex XDR offers flexible response options that span the entire infrastructure, enabling endpoint isolation and swift malware blocking. In 2021, Palo Alto announced its intent to acquire cloud-security company Bridgecrew; previously, in 2020, it acquired attack surface protector Expanse.
ReaQta (/riˈækta/, as in react-a) offers its Active Defense Intelligence Platform; it provides detection and response capabilities with A.I. algorithms to automate and simplify the process of detecting and handling new threats. The ReaQta Hive solution offers two different sets of engines to apply state-of-the-art machine learning to applications’ behaviors, automatically alerting about active or emerging threats without the need for prior knowledge of the attacks. Hive Guard Anti-Malware pairs with EDR to protect users via a single dashboard.
RSA calls its RSA Netwitness Endpoint an EDR solution that can leverage endpoint behavioral monitoring and advanced machine learning. The RSA NetWitness Endpoint exposes targeted, advanced malware, highlights suspicious activity for investigation, and instantly determines the compromise’s scope to help security teams stop advanced threats faster. NetWitness Endpoint’s unique behavioral-based detection identifies unknown, zero-day malware and compromises missed by traditional signature-based detection methods.
SecPod is an endpoint security and management technology company, offering its SanerNow platform gives end-to-end endpoint management and security. The SecPod SanerNow Endpoint Detection and Response helps organizations monitor all the activities happening in the endpoints and stay alert to security threats and breaches and respond to them. Additionally, it can identify the indications of attacks and compromise in the network and monitor malware activity.
SentinelOne provides behavior-based anti-malware, anti-exploit, and EDR capabilities as an integrated endpoint solution; in other words, it incorporates prevention, detection, and remediation capabilities in one program, which it can deploy on-premises or via the cloud. SentinelOne offers real-time forensics to deliver investigative capabilities and multiple behavior detection methods. It can predict malicious behavior across multiple threat vectors and close vulnerability gaps. In 2020, it was recognized in the Gartner Peer Insights Customers’ Choice for Endpoint Detection and Response. It also released full remote shell capabilities.
Tanium offers its Tanium Endpoint Security and Risk Portfolio, which uses a patented architecture that creates visibility and control to fortify and defend endpoints across the largest, most demanding IT environments. It unifies visibility and control over IT environments that reduce mean-time for incident recovery. The Tanium Incident Response tool automates threat detection with perpetual, proactive, and real-time alerts.
Those were our picks for the Vendors to Know in EDR Platforms, 2021. For more on the Vendors to Know in EDR Platforms, check out the Buyer’s Guide.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021