This Magic Quadrant assesses the innovations that allow organizations to protect their enterprise endpoints from attacks and breaches. Technologies and practices in this space are being shaped by two trends: the continued growth and stealth of endpoint attacks and the sudden surge in remote working.
Strategic Planning Assumption(s)
By the end of 2023, cloud-delivered EPP solutions will exceed 95% of deployments.
By 2025, 50% of organizations using EDR will use managed detection and response capabilities.
By 2025, 60% of EDR solutions will include data from multiple security control sources such as identity, CASB and DLP.
Market Definition/Description
This document was revised on 20 May 2021. The document you are viewing is the corrected version. For more information, see the Corrections page on gartner.com.
Gartner’s view of the endpoint protection platform (EPP) market is focused on transformational technologies or approaches delivering on the future needs of end users. It is not focused on the market as it is today.
Gartner defines the EPP market as follows:
Endpoint protection platforms provide the facility to deploy agents or sensors to managed endpoints including PCs, servers and other devices.
These are designed to prevent a range of known and unknown malware and threats and to provide protection from such threats; in addition, they provide the ability to investigate and remediate any incidents that evade protection controls.
The core functionalities of an endpoint protection platform are:
Prevention and protection against security threats including malware that uses file-based and fileless exploits
The ability to apply control (allow/block) to software, scripts and processes
The ability to detect and prevent threats using behavioral analysis of device activity, application and user data
Facilities to investigate incidents further and/or obtain guidance for remediation when exploits evade protection controls
Optional capabilities often present in endpoint protection platforms may include:
The collection and reporting of inventory, configuration and policy management of endpoint devices
The management and reporting of operating system security control status such as disk encryption and local firewall settings
Facilities to scan systems for vulnerabilities and report/manage the installation of security patches
The capability to report on internet, network and application activity to derive additional indications of potentially malicious activity
