Magic Quadrant for Endpoint Protection Platforms Published 20 August 2019 - ID G00352135 - 63 min read The endpoint protection market is transforming as new approaches challenge the status quo. We evaluated solutions with an emphasis on hardening, detection of advanced and fileless attacks, and response capabilities, favoring cloud-delivered solutions that provide a fusion of products and services. Strategic Planning Assumption By 2025, cloud-delivered EPP solutions will grow from 20% of new deals to 95%. Market Definition/Description This document was revised on 23 August 2019. The document you are viewing is the corrected version. For more information, see the Corrections page on gartner.com. An endpoint protection platform (EPP) is a solution deployed on endpoint devices to harden endpoints, to prevent malware and malicious attacks, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents when they evade protection controls. Traditional EPP solutions have been delivered via a client agent managed by an on-premises management server. More modern solutions utilize a cloud-native architecture that shifts the management, and some of the analysis and detection workload, to the cloud. Security and risk management leaders responsible for endpoint protection are placing a premium on detection capabilities for advanced fileless threats and investigation and remediation capabilities. Data protection solutions such as data loss prevention (DLP) and encryption are also frequently part of EPP solutions, but are considered by buyers in a different buying cycle. Protection for Linux and Mac is increasingly common, while protection for mobile devices and Chromebooks is increasing but is not typically considered a must-have capability. While protection for virtual, Windows and Linux servers is common, the evolutionary shift from hardware servers to virtual machines (VMs), containers and private/public cloud infrastructure means that server workloads now have different security requirements compared to end-user-focused, interactive endpoints. (See “Endpoint and Server Security: Common Goals, Divergent Solutions.”) As a result, specialized tools to address the modern hybrid data center that utilizes both the cloud and on-premises deployments are diverging into a new market Gartner calls cloud workload protection platforms (CWPP; see “Market Guide for Cloud Workload Protection Platforms”). Gartner recommends that organizations separate the purchasing decisions for server workloads from any product or strategy decisions involving endpoint protection due to the largely divergent nature of their features and management. This is a transformative period for the EPP market, and as the market has changed, so has the analysis profile used for this research. In the 2019 Magic Quadrant for Endpoint Protection Platforms, capabilities 1 traditionally found in the endpoint detection and response (EDR) market are now considered core components of an EPP that can address and respond to modern threats (see “Market Guide for Endpoint Detection and Response Solutions”). Magic Quadrant Figure 1. Magic Quadrant for Endpoint Protection Platforms Source: Gartner (August 2019) Vendor Strengths and Cautions Bitdefender Bitdefender is a private software company that offers an EPP and EDR in one platform, GravityZone Ultra, and one agent across endpoints, and physical, virtual or cloud servers, delivered via a cloud or on-premises management. Bitdefender has been consistently growing its enterprise segment presence and licenses its core engine to an extensive range of security products. It launched a managed detection and response (MDR) 2 service providing proactive alerting, assistance with alert investigation and periodic health checks. It also added a confidence score. Bitdefender is a good choice for organizations that value malware detection accuracy and agent performance, as well as full support for data center and cloud workloads from a single solution. Strengths  Bitdefender has a large R&D team that focuses on threat research and that is a consistent top performer in malware protection tests.  Bitdefender offers a single modular agent for physical, virtual and cloud platforms, and a single SaaS console for all endpoint/server security administration.  Low-overhead EDR supported by several detection layers and automated response actions enable enterprises and midmarket organiz