On July 25, we’re going to start sending out detailed questionnaires to vendors that qualify for our upcoming report entitled Vendor Landscape: Endpoint Detection And Response, 2017. This report will be a collaboration between Chris Sherman and myself, with an expected publication date in September.
We will be approaching a product category that is about five years old and which to date has suffered from two major challenges: 1) confusion over next-gen endpoint capabilities and 2) a moderate to high sophistication requirement on security operations teams. It is our feeling that recent trends in managed security services (MSS), including the use by digital forensics companies, has driven adoption of endpoint detection and response (EDR) tools, making them accessible and demonstrating the value of this powerful class of tools. In addressing this first issue, Forrester is going to standardize on the term EDR to describe endpoint technologies that collect telemetry data from systems, perform anomaly detection for the purpose of alerting, enable analysts to perform investigations using collected telemetry, and respond to incidents.
This is an invitation for any vendors who feel they belong in this space to reach out to us for potential inclusion in this report. For security professionals who have evaluated these technologies, we’d love to know who was on your shortlist and why, and who you ultimately selected and why.