What’s Changed: The 2019 Gartner Magic Quadrant for Endpoint Protection Platforms

2019 Gartner Magic Quadrant for Endpoint Protection Platforms

Technology research giant Gartner, Inc. recently released the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP). You can download it here. Gartner researchers define endpoint protection platforms as “[solutions] deployed on endpoint devices to harden endpoints, to prevent malware and malicious attacks, and to provide…investigation and remediation capabilities.” 

Also, in their definition of endpoint protection platforms, Gartner comments on the transition from traditional on-premises deployments to the cloud. The researchers record the growing emphasis on detection and remediation capabilities, including EDR, in fighting advanced malware. Critically, Gartner considers EDR a core capability for responding to modern threats.

Additionally, Gartner notes the importance of Linux and Mac protections and the growing importance of Chromebook protections. However, the latter is not yet considered a must-have capability. Gartner observes the transition from hardware servers to virtual machines, containers, and cloud environments results in new security requirements. Above all, in the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms, researchers consider the market in a transformative period. 

In the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms, the researchers make few outright predictions; perhaps this can be attributed to the transformative nature of the market. In fact, the most prominent forecast concerns the cloud. According to the report by 2025, cloud-delivered EPPs shall constitute 95 percent of all new deals—up from 20 percent today. 

Instead, researchers focus on their attention on the market’s recent transformations. These transformations include physical changes like the transition to agile cloud architectures as well as discursive changes; more and more cybersecurity experts recognize preventative efforts cannot offer them complete protection—they must have the power to harden their endpoints and perform incident response. Of course, this relates to the evolution of the threat landscape and the proliferation of fileless malware.  

In particular, Gartner considers the cloud and EDR as the most disruptive innovations in the EPP market. Key capabilities in the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms include incident response capabilities and visibility, detection and remediation, and endpoint hardening. 

While still important to enterprise cybersecurity, Gartner seems less focused on certain capabilities than in previous reports. On the one hand, it rarely mentions capabilities like antivirus or application control in its market descriptions or definitions. On the other hand, the researchers still consider it a Strength in their Vendor Profiles. Enterprises should weigh this change when making their solution selections. 

In the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms, researchers evaluate the strengths and weaknesses of the providers it considers most significant in the marketplace. Then, it provides readers with a graph (the eponymous Magic Quadrant) plotting the vendors based on their ability to execute and their completeness of vision. The graph is divided into four quadrants: niche players, challengers, visionaries, and leaders. At Solutions Review, we read the report, available here, and pulled out the key takeaways.

The 2019 Gartner Magic Quadrant for Endpoint Protection Platforms is the 12th iteration of the report. In the 2018 version, Gartner did speak to the importance of investigation and remediation. However, they also emphasized application control and file-based malware prevention in that report. Additionally, Gartner reports their methodologies limit their Magic Quadrant reports to 20 vendors; in the 2018 report, 21 vendors made the cut.

Interestingly, Gartner notes they could consider over 30 EPP vendors as relevant to this report. In fact, they announce in the report changing their inclusion criteria to exclude smaller vendors. Their final list came to 24 vendors, resulting in the researchers giving Honorable Mentions to four excluded vendors. These were Cyberreason, Comodo, Endgame, and enSilo. 

Previously, Endgame and Comodo appeared on the Magic Quadrant but did not meet the inclusion criteria involving business licenses; Endgame first appeared in the 2018 Magic Quadrant. Meanwhile, Check Point Software Technologies reappeared after a previous exclusion due to the changes in this year’s criteria. 

Prominently, the biggest change to the report is a migration of vendors from the Visionaries Quadrant to the Niche Players Quadrant. In the 2018 EPP Magic Quadrant, about half the vendors received the title of Visionary. In the 2019 iteration, exactly half place in the Niche Players Quadrant. Of the 2018 Visionaries, only four remain: McAfee, Kaspersky, Carbon Black, and SentinelOne.  

Of those, McAfee rose in their Ability to Execute and moved slightly to the left in its completeness of vision. Specifically, McAfee receives praise for its comprehensive EDR. Kaspersky also lowered slightly while Carbon Black rose, although retain their relative positioning. In fact, Gartner lauds Carbon Black’s CB Threat Hunter for its advanced toolset. Finally, SentinelOne moved to the right on their completeness of vision. 

Many of previous Visionaries moved to the left in their Completeness of Vision into the Niche Players Quadrant. This includes Cisco, F-Secure, Panda Security, Blackberry Cylance, and Malwarebytes. Cisco also rose in its Ability to Execute, as did BlackBerry Cylance. The former garners attention for its threat intelligence and the latter for agent-side machine-learning-trained algorithms for file-based detection. 

Meanwhile, FireEye, Palo Alto Networks, Fortinet, and Bitdefender all reappear in the Niche Players Quadrant. Bitdefender and FireEye both rose in their Ability to Execute, with the former in particular notably proving a top performer in malware protection tests. Returning vendor Check Point Software Technologies appears in this Quadrant as well. 

Importantly, Gartner acknowledges Niche Players offer solid anti-malware and EDR capabilities which can serve specific regions or customer sizes. They could still prove a good choice for individual enterprise use cases. 

Once again, ESET reappears as the only Challenger in the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms. Gartner notes ESET’s lightweight client with its solid anti-malware and its international localization. 

In the Leaders Quadrant, the three previous Leaders—Sophos, Symantec, and Trend Micro— all return. Indeed, Sophos almost stands in the exact same position it did in the last report, although it did move slightly to the left. Simultaneously, Trend Micro moved both right and up, with Gartner praising its EDR and EPP combination solution Apex One; it enhances fileless malware detection and EDR functionality. Symantec moved somewhat to the right. 

However, the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms introduces two new Leaders: Microsoft and CrowdStrike. Both were considered Visionaries in the last report, and both significantly jumped in their Ability to Execute. CrowdStrike offers firmware visibility and vulnerability detection which Gartner finds praiseworthy. Meanwhile, Microsoft Defender ATP combines advanced EDR functionality which Gartner notes positively. 

You can read the full 2019 Gartner Magic Quadrant for Endpoint Protection Platforms here

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me