Endpoint Security - Market Quadrant 2020
.The Radicati Group, Inc.www.radicati.comTHE RADICATI GROUP, INC.Endpoint Security - MarketQuadrant 2020 *.An Analysis of the Market forEndpoint Security RevealingTop Players, Trail Blazers,Specialists and Mature Players.November 2020Radicati Market QuadrantSM is copyrighted November 2020 by The Radicati Group, Inc. Thisreport has been licensed for distribution. Only licensee may post/distribute. Vendors and productsdepicted in Radicati Market QuadrantsSM should not be considered an endorsement, but rather ameasure of The Radicati Group’s opinion, based on product reviews, primary research studies,vendor interviews, historical data, and other metrics. The Radicati Group intends its MarketQuadrants to be one of many information sources that readers use to form opinions and makedecisions. Radicati Market QuadrantsSM are time sensitive, designed to depict the landscape of aparticular market at a given point in time. The Radicati Group disclaims all warranties as to theaccuracy or completeness of such information. The Radicati Group shall have no liability forerrors, omissions, or inadequacies in the information contained herein or for interpretationsthereof.*.
Endpoint Security - Market Quadrant 2020TABLE OF CONTENTSRADICATI MARKET QUADRANTS EXPLAINED. 3MARKET SEGMENTATION – ENDPOINT SECURITY. 5EVALUATION CRITERIA . 7MARKET QUADRANT – ENDPOINT SECURITY . 11KEY MARKET QUADRANT TRENDS. 12ENDPOINT SECURITY - VENDOR ANALYSIS . 12TOP PLAYERS . 12TRAIL BLAZERS . 33SPECIALISTS . 44 This report has been licensed for distribution. Only licensee may post/distribute.Please contact us at admin@radicati.com if you wish to purchase a license. Copyright November 2020, The Radicati Group, Inc. Licensed for distribution.2
Endpoint Security - Market Quadrant 2020RADICATI MARKET QUADRANTS EXPLAINEDRadicati Market Quadrants are designed to illustrate how individual vendors fit within specifictechnology markets at any given point in time. All Radicati Market Quadrants are composed offour sections, as shown in the example quadrant (Figure 1).1. Top Players – These are the current market leaders with products that offer, bothbreadth and depth of functionality, as well as possess a solid vision for the future. TopPlayers shape the market with their technology and strategic vision. Vendors don’tbecome Top Players overnight. Most of the companies in this quadrant were firstSpecialists or Trail Blazers (some were both). As companies reach this stage, they mustfight complacency and continue to innovate.2. Trail Blazers – These vendors offer advanced, best of breed technology, in some areas oftheir solutions, but don’t necessarily have all the features and functionality that wouldposition them as Top Players. Trail Blazers, however, have the potential for “disrupting”the market with new technology or new delivery models. In time, these vendors are mostlikely to grow into Top Players.3. Specialists – This group is made up of two types of companies:a. Emerging players that are new to the industry and still have to develop someaspects of their solutions. These companies are still developing their strategy andtechnology.b. Established vendors that offer very good solutions for their customer base, andhave a loyal customer base that is totally satisfied with the functionality they aredeploying.4. Mature Players – These vendors are large, established vendors that may offer strongfeatures and functionality, but have slowed down innovation and are no longerconsidered “movers and shakers” in this market as they once were.a. In some cases, this is by design. If a vendor has made a strategic decision to movein a new direction, they may choose to slow development on existing products.Copyright November 2020, The Radicati Group, Inc. Licensed for distribution.3
Endpoint Security - Market Quadrant 2020b. In other cases, a vendor may simply have become complacent and be outdeveloped by hungrier, more innovative Trail Blazers or Top Players.c. Companies in this stage will either find new life, reviving their R&D efforts andmove back into the Top Players segment, or else they slowly fade away as legacytechnology.Figure 1, below, shows a sample Radicati Market Quadrant. As a vendor continues to develop itsproduct solutions adding features and functionality, it will move vertically along the “y”functionality axis.The horizontal “x” strategic vision axis reflects a vendor’s understanding of the market and theirstrategic direction plans. It is common for vendors to move in the quadrant, as their productsevolve and market needs change.HighRadicati Market QuadrantSMMature PlayersTop Players Company LFunctionality Company Z Company Y Company J Company HLow Company D Company BCompany CCompany ASpecialistsLow Company E Company FCompany GTrail BlazersStrategic VisionHighFigure 1: Sample Radicati Market QuadrantINCLUSION CRITERIAWe include vendors based on the number of customer inquiries we receive throughout the year.We normally try to cap the number of vendors we include to about 10-12 vendors. Sometimes,however, in highly crowded markets we need to include a larger number of vendors.Copyright November 2020, The Radicati Group, Inc. Licensed for distribution.4
Endpoint Security - Market Quadrant 2020MARKET SEGMENTATION – ENDPOINT SECURITYThis edition of Radicati Market QuadrantsSM covers the “Endpoint Security” segment of theSecurity Market, which is defined as follows: Endpoint Security – are appliances, software, cloud services, and hybrid solutions thathelp to secure and manage endpoints for business organizations of all sizes. Endpointsecurity solutions must be able to prevent, detect, block and remediate all threats to theendpoint. Often these solutions also combine deep forensic capabilities, and managedservices for threat hunting and neutralization. Leading vendors in this market, include:Bitdefender, BlackBerry, Cisco, CrowdStrike, Cybereason, ESET, F-Secure, Kaspersky,McAfee, Microsoft, Panda, SentinelOne, Sophos, Symantec, Trend Micro, VMwareCarbon Black, and Webroot. Vendors in this market often target both consumer and business customers. However, thisreport deals only with solutions aimed at businesses, ranging from SMBs to very largeorganizations. Government organizations are considered “business/corporate organizations”for the purposes of this report. The line between traditional and next generation endpoint solutions no longer exists as nearlyall vendors offer behavior-oriented solutions which include endpoint detection and response(EDR) or extended detection and response (XDR), sandboxing, advanced persistent threat(APT) protection, managed detection and response (MDR), and more. Organizations no longer view endpoint security as an isolated discipline affecting only theendpoint but as an integral part of an organization-wide defense posture, where endpointsecurity shares threat intelligence feeds and policy controls with all other major securitycomponents, including firewalls, secure web gateways, secure email gateways, data lossprevention (DLP), and more. The endpoint security market continues to experience very strong growth as organizations ofall sizes deploy increasingly sophisticated and feature-rich solutions to help protect againstall threats and malicious attacks. The Endpoint Security market is expected to surpass 8.2billion in 2020, and grow to over 15.6 billion by 2024. Figure 1, shows the projectedrevenue growth from 2020 to 2024.Copyright November 2020, The Radicati Group, Inc. Licensed for distribution.5
Endpoint Security - Market Quadrant 2020Endpoint Security - Revenue Forecast, 2020-2024 18,000 15,629 16,000 13,245 14,000 11,224 12,000 10,000 9,512 8,200 8,000 6,000 4,000 2,000 020202021202220232024Figure 2: Endpoint Security Market Revenue Forecast, 2020-2024Copyright November 2020, The Radicati Group, Inc. Licensed for distribution.6
Endpoint Security - Market Quadrant 2020EVALUATION CRITERIAVendors are positioned in the quadrant according to two criteria: Functionality and StrategicVision.Functionality is assessed based on the breadth and depth of features of each vendor’s solution.All features and functionality do not necessarily have to be the vendor’s own originaltechnology, but they should be integrated and available for deployment when the solution ispurchased.Strategic Vision refers to the vendor’s strategic direction, which comprises: a thoroughunderstanding of customer needs, ability to deliver through attractive pricing and channelmodels, solid customer support, and strong on-going innovation.Vendors in the Endpoint Security space are evaluated according to the following key features andcapabilities: Deployment Options – availability of the solution in different form factors, such as onpremises, appliance and/or virtual appliance, cloud-based services, or hybrid. Platform Support – the range of computing platforms supported, e.g. Windows, macOS,Linux, iOS, Android, and others. Malware detection – is usually based on signature files, reputation filtering (proactiveblocking of malware based on its behavior, and a subsequent assigned reputation score), andproprietary heuristics. The typical set up usually includes multiple filters, one or more bestof-breed signature-based engines as well as the vendor’s own proprietary technology.Malware engines are typically updated multiple times a day. Malware can include spyware,viruses, worms, rootkits, and much more. Antivirus Removal Tools – serve to uninstall previously used security software on a user’smachine. Running multiple security solutions on one device can cause conflicts on theendpoints, which can result in downtime.Copyright November 2020, The Radicati Group, Inc. Licensed for distribution.7
Endpoint Security - Market Quadrant 2020 Directory integration – can be obtained via Active Directory or a variety of other protocols,such as LDAP. By integrating with a corporate directory, organizations can more easilymanage and enforce user policies. Firewall – functionality typically comes with most endpoint security solutions, and offers amore granular approach to network protection, such as blocking a unique IP address.Intrusion prevention systems are also commonly included as a feature in firewalls. Intrusiondetection and prevention systems protect against incoming attacks on a network. URL Filtering – enables organizations to manage and control the websites their employeesare allowed to visit. Solutions can block particular websites, or define categories of websites(e.g. gambling) to block, as well as integrate with sandboxing and or threat intelligence feedsto detect and stop malicious URLs. Third Party Patch Assessment – is a common feature included in many endpoint securitysolutions. It serves to inventory software on protected endpoints to determine if any of thesoftware on the endpoint is out-of-date. It is meant to alert administrators about importantsoftware updates that have not yet been deployed. Third Party Patch remediation – lets administrators deploy a missing software updatediscovered during the patch assessment phase. It should be possible for administrators todeploy software updates directly from the management console. Reporting – lets administrators view activity that happens on the network. Endpoint Securitysolutions should offer real-time interactive reports on user activity. Summary views to givean overall view of the state of the network should also be available. Most solutions alloworganizations to run reports for events that occurred over the past 12 months, as well as toarchive event logs for longer-term access. Web and Email Security – features enable organizations to block malware that originatesfrom web browsing or emails with malicious intent. These features are compatible withapplications for web and email, such as browsers, email clients, and others. These featuresalso help block blended attacks that often arrive via email or web browsing. Device control – allows control on the use of devices on endpoints, such as USB drives,CD/DVDS, and more. Some solutions provide only basic binary control policies (i.e.Copyright November 2020, The Radicati Group, Inc. Licensed for distribution.8
Endpoint Security - Market Quadrant 2020allow/disallow), while others allow more granular controls, e.g. blocking a device by user, orgroup of users, and more. Encryption – support for full-disk encryption (FDE) to lock an entire drive, or file-basedencryption to lock specific files. Network access control (NAC) – lets administrators block network access to certainendpoints for various reasons. It is commonly used to bar new endpoints from joining thenetwork that have yet to deploy the organization’s security policies. Mobile device protection – many endpoint security vendors integrate some form of mobileprotection into their endpoint solutions. Some endpoint security vendors offer mobileprotection through separate add-ons for Mobile Device Management (MDM) or EnterpriseMobility Management (EMM). Data Loss Prevention (DLP) – allows organizations to define policies to prevent loss ofsensitive electronic information. There is a range of DLP capabilities that vendors offer intheir solutions, ranging from simple keyword based detection to more sophisticated ContentAware DLP functionality. Administration – should provide easy, single pane-of-glass management across all users andresources. Many vendors still offer separate management interfaces for their on-premises andcloud deployments. As more organizations choose a hybrid deployment model, an integratedmanagement experience that functions across on-premises and cloud is required. Sandboxing – does the solution include sandboxing capabilities, or integrate with a thirdparty sandboxing solution for pre- or post-execution malware detection. Advanced Persistent Threat (APT) – endpoint protection solutions should integrate withAPT solutions for real-time threat correlation across the entire customer environment. EDR/XDR – endpoint protection solutions should include Endpoint Detection and Response(EDR) or Extended Detection and Response (XDR) solutions, or integrate with third partyEDR/XDR solutions.Copyright November 2020, The Radicati Group, Inc. Licensed for distribution.9
Endpoint Security - Market Quadrant 2020 Managed Detection and Response (MDR) – managed services which allow organizations tooutsource their security services for 24/7 threat detection, response and remediation.In addition, for all vendors we consider the following aspects: Pricing – what is the pricing model for their solution, is it easy to understand and allowscustomers to budget properly for the solution, as well as is it in line with the level offunctionality being offered, and does it represent a “good value”. Customer Support – is customer support adequate and in line with customer needs andresponse requirements. Professional Services – does the vendor provide the right level of professional services forplanning, design and deployment, either through their own internal teams, or throughpartners.Note: On occasion, we may place a vendor in the Top Player or Trail Blazer category even ifthey are missing one or more features listed above, if we feel that some other aspect(s) of theirsolution is particularly unique and innovative.Copyright November 2020, The Radicati Group, Inc. Licensed for distribution.10
Endpoint Security - Market Quadrant 2020MARKET QUADRANT – ENDPOINT SECURITYRadicati Market QuadrantSMHighTop PlayersMature PlayersSymantec Cisco FunctionalityBitdefender LowESET Kaspersky SentinelOne McAfee CrowdStrike Webroot Cybereason Panda F-Secure BlackBerry (Cylance) VMware Carbon Black Microsoft Trend Micro SpecialistsLowSophos Trail BlazersHighStrategic VisionFigure 3: Endpoint Security Market Quadrant, 2020**Radicati Market QuadrantSM is copyrighted November 2020 by The Radicati Group, Inc. This reporthas been licensed for distribution. Only licensee may post/distribute. Vendors and products depicted inRadicati Market QuadrantsSM should not be considered an endorsement, but rather a measure of TheRadicati Group’s opinion, based on product reviews, primary research studies, vendor interviews,historical data, and other metrics. The Radicati Group intends its Market Quadrants to be one of manyinformation sources that readers use to form opinions and make decisions. Radicati Market QuadrantsSMare time sensitive, designed to depict the landscape of a particular market at a given point in time. TheRadicati Group disclaims all warranties as to the accuracy or completeness of such information. TheRadicati Group shall have no liability for errors, omissions, or inadequacies in the information containedherein or for interpretations thereof.Copyright November 2020, The Radicati Group, Inc. Licensed for distribution.11
Endpoint Security - Market Quadrant 2020KEY MARKET QUADRANT TRENDS The Top Players in the Endpoint Security market are Symantec, Cisco, Bitdefender, ESET,Kaspersky, and SentinelOne. The Trail Blazers quadrant includes Webroot, Cybereason, and Sophos. The Specialists in this market are McAfee, CrowdStrike, Panda, F-Secure, BlackBerry,VMware Carbon Black, Microsoft, and Trend Micro. There are no Mature Players in this market at this time.ENDPOINT SECURITY - VENDOR ANALYSISTOP PLAYERSSYMANTEC (A DIVISION OF BROADCOM)1320 Ridder Park DriveSan Jose, CA 95131www.broadcom.comSymantec offers a wide range of security solutions for enterprises. Symantec operates one of thelargest civilian cyber intelligence networks, allowing it to see and protect against the mostadvanced threats. Symantec is an operating division of Broadcom. Broadcom is publicly traded.SOLUTIONSSymantec Endpoint Security solutions are powered by the Symantec Global IntelligenceNetwork that offers real-time updates to prevent attacks, stop breaches, and mitigate risk.Symantec offers the following endpoint protection solutions: Symantec Endpoint Security Complete – supports on-premises, cloud, and hybrid optionsfor deployment and management. It delivers artificial intelligence-guided securitymanagement by combining multiple technologies to address threats across the entire attackCopyright November 2020, The Radicati Group, Inc. Licensed for distribution.12
Endpoint Security - Market Quadrant 2020chain. Protections begin with Symantec Endpoint Protection which delivers: malwareprotection, advanced machine learning, behavioral analysis, reputation filtering, exploit andintrusion prevention, deception, mail security, web security, firewall, device control,antivirus removal tools, recovery tools, reporting, REST APIs, and integration withSymantec intelligent threat cloud capabilities. It also includes Mobile Threat Defense,endpoint detection and response, protections against Active Directory exploits, attack surfacereduction capabilities, such as smart application isolation, behavioral isolatio
archive event logs for longer-term access. Web and Email Security – features enable organizations to block malware that originates from web browsing or emails with malicious intent. These features are compatible with applications for web and email, such as browsers, email clients, and others. These features
ESET Endpoint Protection Standard v6.5.522.0 FireEye Endpoint Security v4 Fortinet FortiClient v5.6.2 G DATA EndPoint Protection Business v14.1.0.67 Kaspersky Lab Kaspersky Endpoint Security v10 Malwarebytes Endpoint Protection v1.1.1.0 McAfee Endpoint Security v10.5 Palo Alto Networks Traps v4.1 Panda Security Panda Adaptive Defense 360 v2.4.1
Symantec Endpoint Protection . Endpoint Protection Manager: v11.600.550 Symantec Endpoint Protection: v11.6000.550 . Sophos Endpoint Security and Data Protection . Enterprise Console: v4.0.0.2362 Endpoint Security and Control: v9.05 . Trend Micro Worry-Free Business Security: Standard Edition . Worry-Free Business Security: v6.0 SP2 build 3025
Endpoint Buyers Guide 3 Gartner Magic Quadrant for Endpoint Protection Platforms (January 2012) Gartner’s 2011 endpoint security Magic Quadrant, a research tool that rates vendors on completeness of vision and ability to execute, reviewed 17 vendors. Kaspersky Lab, McAfee, Sophos, Symantec and Trend Micro were placed in the Leaders Quadrant.
Vendor Product Version Endpoint Security 10.x Endpoint Security for Mac 10.x VirusScan 8.x VirusScan for Mac 9.x McAfee McAfee Security for Mi crosoft Exchange 8.5 Microsoft Windows Defender All known versions Symantec Endpoint Protection 12.1, 14 Endpoint Protection for Macintosh 12, 14 Sophos Endpoint Security 9.x, 10.x
McAfee Dynamic Endpoint Threat Defense Next-generation endpoint security is a security category highlighting signature-less defenses and dominated by startup vendors and point tools. As this market matures however, traditional endpoint security vendors are catching up, offering the first true next-generation endpoint security solutions.
only endpoint security solution to concurrently prioritize, predict, and prescribe actions. Trellix Endpoint Security (ENS) Purpose-built security for proactive threat management and proven security controls Endpoint security that aligns with your priorities The endpoint solution you depend on should align with the priorities that matter most .
(APT) protection, managed detection and response (MDR), and more. Organizations no longer view endpoint security as an isolated discipline affecting only the endpoint but as an integral part of an organization-wide defense posture, where endpoint security shares threat intelligence feeds and policy controls with all other major security
In the 2019 Magic Quadrant for Endpoint Pr otection Platforms, capabilities traditionally found in the endpoint detection and r esponse (EDR) mark et are now considered core components of an EPP that can addr ess and respond to modern threats (see “Market Guide for Endpoint Detection and Respons
