top of page
  • ctejada43

Critical Capabilities for Endpoint Protection Platforms

Published 31 December 2022 - ID G00752297 - 39 min read By Chris Silva, Peter Firstbrook This report focuses on EPPs’ prevention, protection and detection capabilities. It will help you assess offerings’ suitability for the use cases of mature and aggressive (Type A) organizations, mainstream (Type B) organizations, and the least mature and aggressive (Type C) organizations.

Overview Key Findings

  • The top buying priorities in the endpoint protection platform (EPP) market remain ease of use, prevention, and endpoint detection and response (EDR).

  • Managed services are essential for successful detection of, and response to, modern “human-driven” attacks. Fully managed services are now core offerings for most vendors.

  • Cloud adoption is now mainstream, with most organizations abandoning on-premises infrastructure in favor of better operational efficiency.

  • EDR capability is integral to an EPP. It is beginning to evolve into extended detection and response (XDR) with the integration of additional sources of information and orchestrated responses across multiple security tools.


Security and risk management leaders responsible for endpoint protection who need to evaluate incumbent solutions to ensure they keep up with the rapidly changing EPP market should:

  • Assess products’ fitness for the existing environment, with a focus on operating systems (OSs) and deployment requirements, rather than individual features, so as to create a manageable list of EPPs to evaluate.

  • Maintain operational efficiency by testing their team’s ability to maintain and continually tune their EPP with existing skills and staff. Any possibility that an internal security operations center (SOC) would need to monitor the EPP should prompt a discussion about how managed services may help share the operational burden.

  • Adjust the critical capability weightings in the interactive version of this report to suit your organizational model.

Strategic Planning Assumptions

By the end of 2025, 80% of Type C organizations using endpoint detection and response (EDR) capabilities will use managed detection and response (MDR) capabilities.

By the end of 2025, more than 50% of Type B organizations will consolidate EDR into a preferred vendor portfolio of security investments for more efficient security operations.

By the end of 2026, 80% of Type A organizations will be consuming EDR as part of a multitool extended detection and response (XDR) architecture.

What You Need to Know

EPPs continue to transform from basic anti-malware protection offerings into fully fledged EDR products. This transformation and the rise of sophisticated, targeted attacks, such as human-operated ransomware, means that management, monitoring and automation are now crucial.

Most customer organizations have now embraced cloud-delivered EPPs, with only those in a few highly regulated industries and regions still prioritizing on-premises solutions. Vendors are also investing heavily in cloud-based, rather than on-premises, solutions, and some no longer support or develop any on-premises EPP feature enhancements. Organizations that are only now transitioning to SaaS solutions should consider the capacity to expand skills into new areas, such as detection, that on-premises, protection-focused tools lack.

This Critical Capabilities report evaluates vendors’ offerings suitability for the organizational models of three distinct types of organization: Type A, Type B and Type C (for definitions, see Note 1).


Critical Capabilities Use-Case Graphics

Vendors’ Product Scores for Type A Use Case

38 views0 comments


bottom of page