Laptop Displaying the GigaOm Research Portal

Get your Free GigaOm account today.

Access complimentary GigaOm content by signing up for a FREE GigaOm account today — or upgrade to premium for full access to the GigaOm research catalog. Join now and uncover what you’ve been missing!

GigaOm Radar for Endpoint Detection and Responsev1.0

Table of Contents

  1. Summary
  2. Market Categories and Deployment Types
  3. Key Criteria Comparison
  4. GigaOm Radar
  5. Vendor Insights
  6. Analyst’s Take
  7. About Chris Ray

1. Summary

The endpoint is, in some ways, an unusual problem forced upon organizations and security teams. Endpoints are portals through which sensitive data is accessed and manipulated by staff. They are often mobile devices, moving from location to location and sometimes operated by multiple users. In addition, endpoint telemetry can be cryptic or completely absent, compounding the security problem.

Endpoint detection and response (EDR) addresses the risks unique to endpoints through enhanced visibility of the endpoint landscape and by correlating individual anomalous events into a unified series and prioritizing potential security threats. Once anomalous events are detected, EDR solutions deploy automated responses to mitigate risks. Automated response features not found in legacy antivirus (AV) tools include the ability to remotely isolate an endpoint until security staff can address the risk, forensic data collection, automated response workflows, and cross-device event correlation.

EDR is often delivered as part of a managed solution wherein a trusted third party handles some or all of the investigation and triage work. This is a popular service model for organizations with small security teams or business units responsible for their own security operations. EDR is also sold stand-alone as a technology-only solution, which is often a more popular choice for larger organizations with mature security operations.

With the emergence of advanced persistent threats, the burden of regulatory compliance requirements, staff and skills shortages, and the proliferation of highly distributed work-from-home environments, EDR has evolved to address new challenges.

This shift in capabilities and priorities can be viewed in terms of the fracture between groups of vendors in the space. On one side, there are vendors that see a future in which EDR transforms into extended detection and response (XDR), which supports telemetry from the endpoint as well as from software as a service (SaaS), identity providers, firewalls, VPNs, and so forth. Vendors on the other side see EDR as a separate discipline, one that will stand the test of time much the same way legacy antivirus did for decades.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.