We are thrilled to announce the release of The Forrester Wave™: Endpoint Detection And Response Providers, Q2 2022. This Forrester Wave evaluated 15 different endpoint detection and response (EDR) providers, including Bitdefender, BlackBerry Cylance, Check Point Software Technologies, CrowdStrike, Cybereason, Elastic, FireEye, Fortinet, McAfee, Microsoft, Palo Alto Networks, SentinelOne, Sophos, Trend Micro, and VMware Carbon Black. These vendors were evaluated on 20 different criteria based on:

  • Current offering — How strong are the product capabilities relative to other top vendors in the market? Key criteria for these offerings include investigation capabilities, response capabilities, threat hunting capabilities, detection capabilities, endpoint telemetry, and supported systems.
  • Strategy — How effective and aligned to client needs is the vendor’s strategy relative to other top vendors in the market? Key criteria for these offerings include product vision, market approach, planned enhancements, and partner ecosystem.
  • Market presence — How does the vendor’s customer base and revenue compare with other top vendors in the market? Market presence scores reflect each vendor’s EDR category revenue and number of EDR customers.

This report shows how each provider measures up, including a downloadable spreadsheet with the detailed scoring, to help you select the right EDR vendor for your needs.

Key Findings From The EDR Forrester Wave: Context Is Everything

EDR vendors are focusing on product strategies that leave EDR behind in favor of what is either in process or, for some, comes next: extended detection and response (XDR). In contrast, security teams are still on the hunt for a robust EDR offering that incorporates endpoint management capabilities and has a feature set fit for an enterprise environment. There are still meaningful gains to be made in EDR features that improve the analyst workflow while prioritizing resilience and providing customization for investigation, response, and threat hunting. Because of this, we recommend choosing an EDR vendor that:

  • Provides meaningful contextualization for analyst actions. Analysis is the most time-consuming part of the incident response process. To reduce time-to-respond, look for a vendor that provides relevant, streamlined context for investigation and threat hunting by linking events together, providing timely threat intelligence, and leveraging dynamic risk scoring for processes, MITRE ATT&CK techniques, etc.
  • Allows for customizable automation and orchestration underlying response. The fluctuating state of anywhere work has made quick, complete, and remote response across multiple endpoints a requirement for a top EDR offering. Select an EDR provider that not only allows for orchestration and automation for response, but also builds it seamlessly into the analyst workflow and provides effective tools to customize these capabilities.
  • Has a unique product vision and strong path to execute. Many of the reference clients we spoke with were sold on the strength of the vendor’s vision, to the point where it even made up for product gaps in an offering. Having a clear product vision is vital, especially given the hype in the market as vendors look to check the “has XDR” box. When choosing an EDR provider, shortlist vendors that have a defined, scoped vision that showcases a distinctive, data-driven point of view on the market.

The full report has a lot more valuable insights in it than we can put in one blog. View the full report, “The Forrester Wave™: Endpoint Detection And Response Providers, Q1 2022,” here, and reach out to me through inquiry or social media with any questions or comments about the EDR market or specific vendors.