Today, Forrester is announcing the retirement of The Forrester Wave™: Endpoint Security. This evaluation has been published under multiple names for over a decade, the most recent being in 2023, with the goal to review the features, functions, and leading vendors who delivered a solution to offer protection of the enterprise endpoints.

What is driving this retirement?

For decades and through many terms like anti-virus, anti-malware, and next-gen anti-virus (NGAV), the protection solutions running locally on endpoints have provided the last line of defense for enterprise architectures, stopping malicious actions where the users work. Over time, new innovations emerged to help tackle the challenges of detecting new threats, but there was always something missing — what happens when protection offerings don’t recognize the new threat? Enter endpoint detection and response, a totally separate product which watched for actions on the endpoint that, by themselves were not malicious, but when chained together exploited vulnerabilities within the systems and gave security teams a way to customize the response to these threats and attacks.

When it first came to market, security & risk teams ran separate endpoint protection platforms (EPP) and endpoint detection and response (EDR) products, many times by different vendors. This was the standard for some years, but then EDR vendors either integrated their EPP product as the base for their EDR product or vendors bought into the spaces, such as Palo Alto Networks’ acquisition of Cyvera and then Secdo or Fortinet acquiring enSilo. This began the process of creating one solution that covered all functions.

The result was a slowdown in EPP innovation. This isn’t to say that vendors weren’t releasing new functions and improving security, but this was no longer the difference between wooden and steel roller coasters; it was now the difference between a 2.2g turn and 2.6g. And EDR didn’t “fix” any problems in EPP; it simply closed a gap in overall endpoint defense. These functions are complementary, not competitive.

In 2023, we found that at the core of the EPP offerings, the differences were negligible. Yes, some vendors overachieved or were a step behind others. But like the roller coaster turns, we were looking more at subtleties like additional feature gaps, aesthetics, and reporting depth.

Over the last two years, we have not seen remarkable changes in the EPP market and while some vendors have released new functions that enhance their offerings and overcome security challenges for customers, evaluating endpoint protection platforms as if they’re not the base component of EDR/XDR does not benefit Forrester’s customers.

Further, we have seen enterprise customers accept the convergence between EPP and EDR to the point where it no longer makes sense to separate the product offerings or to recommend customers use different products for each. In cases where customers use separate endpoint prevention, they most often rely on the included capabilities of Microsoft Defender. Convergence between EPP and EDR is not just a choice, it is a necessity for better user experience, analyst experience, and overall business support.

What does this mean for endpoint security research at Forrester?

Essentially, EPP on desktops, laptops, and servers are a key component to the defensive posture of any enterprise, which is why EDR vendors included those functions into their products and carried this into their extended detection and response (XDR) offerings. High-performance EPP functions will need to be a core of modern XDR platforms to be a replacement for mix-and-match solutions providers. Our research will still look at the challenges of protecting the end-user workloads themselves and highlight the latest advancements and recent deficits that happen within the endpoint security market. Paddy will still research native security functions within the OS, what are the latest trends within endpoint security in general, and looking at the broader endpoint market that incorporates mobile security, browser security, and IoT and OT security.

In 2024 we published The Forrester Wave™: Extended Detection And Response Platforms, Q2 2024, The Forrester Wave™: Operational Technology Security Solutions, Q2 2024, and The Forrester Wave™: Mobile Threat Defense Solutions, Q3 2024. In 2025, we released The IoT Security Solutions Landscape, Q2 2025 and The Forrester Wave™: IoT Security Solutions, Q3 2025. In 2026, we’ll be targeting refreshes to The Operational Technology Security Solutions Landscape and The Forrester Wave™: Operational Technology Security Solutions, and have plenty of evaluations for modern enterprise endpoints while we say goodbye to The Forrester Wave™: Endpoint Security.

If you or your team have questions about the changes in the endpoint security market, please schedule an inquiry or guidance session with us.