0% found this document useful (0 votes)
112 views12 pagesThe Forrester Wave™ - Endpoint Detection and Response Providers, Q2 2022
Uploaded by
Andrés J. JIménez LeandroCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
0% found this document useful (0 votes)
112 views12 pagesThe Forrester Wave™ - Endpoint Detection and Response Providers, Q2 2022
Uploaded by
Andrés J. JIménez LeandroCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
/ 12
ened
The Forrester Wave™: Endpo
Response Providers, Q2 2022
Seo eC
‘Summary
Advanced EDR Features Are Left Behind In The Rush To
XDR
Endpoint detection and response
lovers ate focusing on product strategies thet eave
ened
reauirement fra top EDR offering
te shoul select 7 EDR provier that ot only allows
for etchestration and automaton for respon, but sto buds it seamlessly inte the analyst
‘work and povices effective tool to customize these capable:
‘Aunigue produc vision end ston
tito execute, Many ofthe clients we spoke with were
Sle onthe srengts ef tre vendor's vision, tthe pelnt where t even made up fer product
'59ps nan offering, Having a elar prot vison i Wal, especialy given the hype nthe
marke as vendors loko check the “hat XOR" box. When choosing n EDR provides cents
even peta of wew on te market.
Evaluation Summary
Challengers. I's an assessment ofthe top vendo inthe market and does not represent he ete
vender iandscape. Youl find mors information about tis marketin eur reports on endacin
seston and wesponse
We intend this evaluation tebe a starting plat only and encourage cents view pro.
Figute and see Figure 2}. Clckthe lnk atthe Begining ofthis report on Foresteccom to
download she toa
Forester Veve= report Detection An Rasperse Powe 2 2022
ened
Strong
Challengers Contenders Performers
‘Seenger
fein
Wesker sates) > Srongerstategy
6)
“Agra bubble er epen dot nests anorpatpating vendo.
Forester Veve> Erez Detection nd Resprse Piers Scorecar, G2 2022
A.
& LEIELD EE
Supported stems 10% 500 190 100 990 200 200 300 300
Endpoint alemetry 10% 300 300 100 500 00 500 1.00 1.00
Detection capaitos 10% 300 100 100 500 00 300 1.00 1.00
Investigation capabites «15% 00 100 1.00 100 9.00 900 360 1.00
Fesponse capabiies 18% 00 100 100 500 300 100 100 1.00
‘TWresthuting capabites 15% 1.00 990 1.00 S00 00 300 300 300
ATTACK alignment 5% S00 190 100 200 300 100 a0 200
User experience 5% 00 100 140 S00 200 S00 100 1.00
Nactinelearing epabitee 2% 00 200 2.00 500 100 900 100 200
ended capaiiios 2% 900 900 aco 300 1.00 300 900 190
Endpcint maragement 5% 900 190 ag0 300 300 300 300 200
Prodi secu 5% S00 990 a00 500 100 500 300 200
Seategy so% 380 180 180 480 170 420 200 160
ure 50% 140 200 200 500 260 100 200 290
a eo
a FSF
ES ESP
Ennely ok 00 600 S00 800 160 300 s00
ATTACK are 8% 100 800 300 200 309 800.100
Proaict seity 8% 100 800 300 800 300 800 300
Pear 28% 00 600 200 300 c0 600 200
ars soach ‘sh 490 300 S00 300 360 300 200
Commerc mas 1% 200 800 300 800 30 S00 300
Frere 0% 00 00 200 300 2¢0 200 200
Vendor Offerings
Sofware Technologies, reweStrke, Cypereason laste Free, Fortinet McAfee, MicrosoR Palo
reused Vendors And Proc.ctlnfrnaten
ened
‘ybercason ‘yereeson EDR 2122
Mee VISION EndpottDetcton and Response a8
Mert Merozot Defender for Endpoint
Sentaione Seguaty XOR ‘Ginorland
Sophos Intarept x wih EDR Adrannod
Vendor Profiles
Leaders
+ CrowcStrke corinats ir EDR whe Luling ts future In XDR enc Zero Trust. Crowe
continues ta demonstrate excellence ints EDR ofering trough a cantexsreh Ul infused eth
ecutty tol while metnocicaly expanding into XOR and embracing Zero Trust. rosea
cepablies, nd an expansion to altlonsIXDR capsbilties arounc iden ty, ts, an thir
tovough the tecnica account management program. The efering has cheacterstialystong
cov incows and coverage ‘othe most popu versions of Mac and lstbutions of
Linux provides detailed threat iteigence within the Investigation as well as mote n-depth
trent group-speciie reports Alltelemetty is mappecte MITRE ATTECK The offering nasa
automation feature to generate playbook. Threat hunters cen search by
pe erthreugh raw
‘eatsime detecton ules ane schedulee queries based on a hunt Howevey, the oteing
provides seven eays of data retention by de‘auk less than many’in the evalunon, ane a=
such customer references suggest exgorting telemety to another source or ongerretenson
neces. CrowaSiie ie est sited for those that want» powerul ER tal wih » pethors of
highsuaty treat inetigence seamlessly integrateinto the ofeing, Ris aso goed fr
secutty teams loking to outsource some capabities through managed services.
+ Microsoft nas mace tsa ¢ aowarhicusehseculy rovetion ene EDR, tn 202%,
commited $20 billon over ve yeats to delver mote-sevanced secutty tok, upaing the ante
from its $121on per year spend on eybersecunty since 2015 Beyond the dali signs
ened
pricing structure to ade esd ofering standalone ping per endpoint oricense-based
Pricing ts toueap Includes continued rogtess on Linux ane Mee feature capable, IT ane
secuttycolazeraton, ane XOR capabiltes. Wicosofthas on par coverage of Windows
ering hase vatety ofhelful features for investigation suchas atogenerated human:
the attack and in wht order, Al telemety i aligned fe MITRE ATTECK. ft provides nave
sandbox fesure, response recommenciations, rem shall eapailis,ané custom seiptng
‘They con sehecle queries but cane create custom detection res based on 3 hn
‘Trerd Micro Irrcvates fr beyord its publ perception and wirs 01 customer susp Trene
Micro focuses ts ofterng on a cycle of atack suface discovery, sk assessment ane secutty
public recognition Planned enhancements incuce attack surface risk assessment, broader
response actions ane guidance, snd thid.pty tegration: Reference customers highlght
the interoperabilly between ferent pts f the portfolio ase key dierent, and aligns
thi teroperabiyt ts pricing mode by pring base’ on credits that can be apple to ary
versions, Mac, and Linux lstabutlons compared te others inthis evaluation. Detectons are
coded accoring to rs vel ‘fase nvestigaton, ane al telemety I tagged withthe
spplable MITRE ATTACK toesiques. The oering does not provid orchestration of response
ac205s multiple endpoints, but does provide a natve saneboxng feature, remote shel, and
custom seriting. Threat hunters can search by ype or by raw data and schedule queries
etault Reference customers noted hat compliance reporting remains 8 Imitation. Trend
keeping detection engineering and reporting separated inthe SIEM.
Strong Performers
Festi Is apoyrg SIEV velies o EDR capes out laps in resporse. Flsticenvsions
secuty 25 ate problem and prizes features that enable customers to use that data as
they S00. The endpoint agent aes as calectr and ie now entre incorporated int the
Elastic SIEM. The tee se ofthe efering inclides many core features such asthe endpoint
agent Clase ures # eonsumpton-bssed acing mode, splving 2 cv computing minset
to EDR product pricing. hss nurtured an onknecomnmunty so tat secuty teams can
crowesource expense, whch customer references fn valuable, Rs rosea looks to expan
‘hie-arty ingestion eapabites, response actions, and worktows, andi proiizes new ideas
by deciestng 2 meek of RED every two mnths to focused innovaton. The ofering suppers
on par for Wac coverage, Telemesy collection is customzable downto event cllecton. The
of tages wth MITRE ATTECK teenniques, but net alltelemery. The afering does notheve &
rave sancbox feature, erchesration ofrespanse across multole endpoints, or emote shall
ened
team wih 9 depth of owedge hat want flexible offering wth features of SIEM ane EDR,
‘SentrelOre reeds to agit sion erd strategy to the engi of is fetirg, SentinetOne
Is oten called "the new kc onthe block” cue tits recent PO and unicue implementations of
explicit keto this. Instead ts roacaa is focused on uniting DataSet formerly Sea
‘Hequenty mentioned by ts partners fr its Remote Sept Orchestration feature and
Linux disubutons compared to ethers inthis evaluation, Altelemety is mapped te applicable
MITRE ATTECK technigues: Rs Storyline feature provides some context about the attack, but
invegratons with hearty marketplace apps donot give immersive contextin the alt and
Inetend provide inks and comments inthe nates ‘este, Ther eno nave sandbocng
response actions acess muliple endpoints ts Remote Serpt Orchestaton feature can apply
heat hunters ean search ares a elemety, whieh is etained for 4 days by default ess
than most vendors inthe evaluation, They ean ake erent curtom detections based an 3
toveat hunt Reference customers highlghted the ease of deployment and management af he
feng, SeminelOne i best sited for mid: to ndvancedmatuy secry teams that want
tdefencer focus
cr restlence but lecks te irtegrations of ¢ mat. cering.Bidefenéer
many leading securty products on the markets one ofthe mest use, yet supisngy least
methodically improve its fering winout geting ahead of ts sks, wth a parcuar focus on
ses0 vit, nk scoring, ane automation fer prevention, detection. and response. The
Bhdetenderoteing is ssighforwerd ahd elle K supports a wide array of OS versions
snd eetributions across Wineowes, Mac, an Ln, more than most inthis evasion. The user
hebstul context and color cocing within an nelent. The otering mape alltlemety to MIIRE
does not provide orchesvation of response actons across mukiple endpoints r custom
seripting. Tht hunters ean search aver al eoleted elemety, whieh ie retainee for seven
days by detour and can create custom detection les. Reference customels lauded ts
support and product teams, as well asthe partnership brings tthe table, However they
