The endpoint security market is one of the fastest growing cybersecurity sectors, and for good reason. The threat landscape is complex—the attack surface is growing and elite cybersecurity talent is hard to retain. With hundreds of endpoint cybersecurity vendors serving the market, it’s a challenging task for organizations to navigate these new sectors and understand what endpoint technologies are the best fit for their business profile, and which vendor is right for them.
One of the best ways to assess what your organizational needs are is through the expert analysis of industry analyst reports. These reports are useful tools to help companies understand the current state of the cybersecurity industry, different types of vendors and technologies, and which vendors are worth considering. The Gartner® 2022 Hype Cycle™ for Endpoint Security recently published illustrates “the most relevant innovations in the endpoint security space for security leaders to adopt and put in place.” The report highlights what technologies have reached mainstream adoption to become must-haves for any organization today, and what are the expected highest-impact technologies in endpoint security in the next 2-5 years.
We have captured some insights from the Gartner® 2022 Hype Cycle™ for Endpoint Security report along with our own commentary below to help you understand more about the different classes of cybersecurity vendors, technology benefits and drawbacks, to choose the right solution for your organization.
How endpoint security is changing
Over the last few years, there has been a major increase in the number and sophistication of endpoint attacks, and the complexity of the environment cybersecurity leaders need to secure. This is partly due to remote working becoming a mainstay for many organizations with a digital footprint.
These factors have led to an increase in ransomware and phishing attacks alongside BEC attacks, an attack that has cost companies $1.8B in 2021.
With elevated risk and a growing attack surface, organizations are struggling to properly secure their environment despite increased budgets going to cybersecurity solutions. Additionally, the cybersecurity talent gap has made it difficult to hire and retain cybersecurity talent with the right expertise to leverage security tools designed for modern threats.
The vendor market has responded by providing a wide variety of tactical solutions. Among these are EPP, EDR, and XDR solutions.
A closer look at EPP, EDR and XDR and recommendations
EPP (Endpoint Protection Platforms)
Endpoint Protection Platforms (EPPs) have been around much longer than EDR and XDR and are table stakes for organizations. In fact, according to Gartner in the report, “EPP is considered fundamental security hygiene for all organizations and is fully deployed on 99% of enterprise endpoints.” In regards to their use and benefits Gartner also writes that EPPs are designed to “...protect against existing and emerging unknown threats against endpoints. Primarily safeguarding against malware, file-based and fileless exploits, EPPs continue to embrace technologies and practices against the growth of stealth attacks and ransomware.” *.
Recent advancements in EPP include deploying as a cloud-native solution that facilitates easier management, leveraging machine learning and cloud-based look-up capabilities rather than signature-based identification to spot key attacks, and expanding to offer EDR capabilities.
As organizations look beyond preventative measures, EPP platforms are often just a starting point and either bring additional proactive and response capabilities or complemented with security tools that provide more comprehensive cyber resilience.
For organizations considering EPP…
Companies should prioritize EPP vendors that have options that best fit the company’s existing departmental needs and unique risks. For larger and more robust teams, an EPP solution that supplements the staff with extensive support and services may be best. For more resource and headcount strapped organizations, an EPP with a managed service component would be best.
Companies should also prioritize EPP vendors that have effective anti-tamper protection, use a cloud-based look-up of unknown items, consolidate endpoint security functions, and automate remote remediation. These are more modern qualities that address the current cybersecurity needs many companies have today.
EDR (Endpoint Detection and Response)
Endpoint detection and response solutions are considered more advanced than EPP and adoption rates are increasing because, according to Gartner, they can, “...facilitate detection and investigation of security events, identify attacks, and produce remediation guidance. They must analyze all user, process and system activity, and report device configuration. Detection of threats is combined with remote remediation.” *
Organizations can leverage EDR tools to quickly detect potential attacks while also having remediation and recovery efforts take place, often in an automated fashion. This has quickly made EDR a must-have for many companies. Those without EDR may face increased risk, struggle to achieve compliance and regulatory standards, and may have difficulty procuring cyber insurance who are more commonly requiring some form of EDR to be in place.
For organizations considering EDR…
Organizations should look for EDR solutions that optimize, complement, and amplify an existing cybersecurity department that focuses on rapid deployment, and ease of use. This means looking for cloud-hosted solutions that can provide a number of multi, hybrid, private, or cloud-native deployment. EDR vendors should also be assessed by their ability to provide a fast time-to-value and have direct access to endpoints that allow for quick response.
On the response side — Gartner recommends that companies prioritize EDR solutions that offer automated playbook and response strategies as well as managed services across the EDR’s entire suite of services for smaller teams who don’t have the time or headcount to manage the solution.
XDR (eXtended Detection and Response)
Extended Detection and Response (XDR) solutions have the potential to make the biggest impact to your cybersecurity department by reducing the need for a large tech stack and even saving headcount. XDR provides threat detection and incident response offerings by aggregating and centralizing various telemetry sources to optimize overall EDR, CASB, firewalls capabilities, IAM, and IDS security controls.
Gartner notes that, “XDR platforms appeal to resource-constrained organizations of all sizes in all industry sectors, due to their ability to automate time-consuming processes, shorten detection and response times, and generally require less maintenance.” *
The flexibility of XDR solutions ensures that a cybersecurity department is best served, either through expanded security technology, or by optimizing an existing security tech stack. XDR serves as a complementary tool and often a critical factor for helping companies shore up cybersecurity skill gaps by automating key processes and improving overall detection and response in a cost-effective way without increasing complexity.
With XDR, cybersecurity leaders may find that they don’t need a larger team and that their existing team is more productive, allowing the department to work on other priorities that can’t be automated.
For organizations considering XDR…
Because XDR can sit as a centralized solution facilitating much of a cybersecurity department’s action, finding the right vendor is a more involved process. Finding the right XDR solution must be a strategic decision. Gartner recommends working and communicating with key security operation stakeholders to understand what staffing and resourcing will look like in the near future and what potential tools the department will bring in.
A cybersecurity leader or IT buyer will then need to create an internal architecture and purchasing policy that will fit in an XDR implementation, which may require additional tool purchases and potentially tech retirements in order to best integrate the XDR solution in your environment.
How organizations can choose a security solution
We’re proud that Bitdefender was recognized in the 2022 Gartner® Hype Cycle™ for Endpoint Security report under the XDR, EDR, and EPP categories. In the report, Gartner provides an overview of the cybersecurity and vendor landscape and takes stock of where these technologies, among many others, fit within the larger cybersecurity ecosystem.
We believe Bitdefender’s presence across the XDR, EDR and EPP categories demonstrates the GravityZone platform’s ability to effectively combine advanced threat detection with cross-endpoint correlation, rich security context and risk analytics for superior visibility and protection across endpoints, productivity applications, clouds, identity sources and network data, all within a single, unified view.
Organizations should modernize their cybersecurity strategy
One thing is clear - organizations need to take stock of their cybersecurity department, their strategy, and their resources to see whether these technologies make sense as an investment. Given the staffing and resourcing challenges many companies face, XDR may make sense for most organizations, especially if the vendor offers a managed service component.
We recommend reaching out to key vendors to see how these solutions fit within your environment and how they can be integrated as part of a holistic cybersecurity strategy.
Get your complimentary copy of the 2022 Gartner® Hype Cycle™ for Endpoint Security.
Learn more about what Bitdefender can offer to your organization.
*Gartner, “Hype Cycle for Endpoint Security, 2022”, December 19, 2022.
GARTNER is registered trademark and service mark of Gartner, Inc. and HYPE CYCLE is a registered trademark of Gartner and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.