Gartner Magic Quadrant 2018: Endpoint Protection Security Platforms
Welcome to page two of five for the next five companies in the 2018 Magic Quadrant for Endpoint Protection Security Platforms … and their implications for MSSPs.
- Quadrant: Visionaries
- Gartner says: CrowdStrike made strong progress in 2017 and managed to replace incumbent legacy EPP vendors at large organizations. With 79% of its business in North America, CrowdStrike has deployments in 176 countries and includes some very large organizations with more than 50,000 seats. CrowdStrike Falcon’s lightweight single agent supports all environments (physical, virtual and cloud) and functions with the same agent and management console for Falcon Prevent protection and Falcon Insight EDR. With its EDR heritage, CrowdStrike records most endpoint events and sends all recorded data to its cloud for analysis and detection. Some prevention is done locally on the agent. Organizations with small or no SOC teams will find the combination of Falcon OverWatch and Falcon Endpoint Protection compelling. CrowdStrike also offers a well-respected breach response service.
- MSSP Alert says: The company named former former AppDynamics executive Matthew Polly as its vice president of worldwide business development and channels in July 2017. He is driving the Elevate Partner Program. Also, the company raised $100 million in Series D funding in May 2017.
- Quadrant: Visionaries
- Gartner says: Cylance was one of the pioneers in using machine learning to detect file-based malware, but by 2017, most EPP competitors claimed to have added ML capabilities, pressuring Cylance to more aggressively address non-file-based attacks. In late May 2017, Cylance formally launched its EDR product, CylanceOPTICS, which was late to market compared to other vendors, and generally perceived to be lacking in advanced capabilities already available in key competing products.Eighty-five percent of Cylance’s business is in North America, although the company has about 3,700 customers across the globe, half of which represent organizations with fewer than 500 seats. CylancePROTECT is cloud-based, with Cylance hosting and managing the console infrastructure directly. The vendor finally started participating in the VirusTotal community in 2017, but has a poor third-party test participation record when compared with established EPP vendors.
- MSSP Alert says: Cylance has made a serious commitment to MSSPs and channel partners. Most recently, the company in January 2018 hired Chris Scanlan, a former Optiv Security top sales executive, to head its North America sales efforts and tasked him with delivering incremental revenue, building partnerships and fleshing out his sales team’s expertise. His official title is SVP of North America Sales.
- Quadrant: Visionaries
- Gartner says: Endgame is a new entrant to the Magic Quadrant this year. It is a privately held organization that has evolved from pure EDR for large enterprise and defense organizations, with the addition of prevention capabilities for the broader enterprise market. Endgame is one of the few vendors in this analysis that sells a single product offering — meaning there are no additional add-ons or purchases — to address protection, detection and response use cases.
- MSSP Alert says: We have never heard directly from Endgame. On the partner front, Endgame points mostly to alliances with Accenture, Corvil, HP Enterprise and Morphick — rather than a formalized channel partner or MSSP partner program.
- Quadrant: Challengers
- Gartner says: ESET has a strong EPP market share among SMBs to large enterprises, providing solid protection with a lightweight agent. But it still manages to provide a large protection stack, including a host- based intrusion prevention system (HIPS), ML, exploit prevention, detection of in-memory attacks and ransomware behavior detection. ESET recently launched an additional platform for EDR capabilities, called Enterprise Inspector. Customers with experienced security staff will be able to inspect and modify the detection rules within Enterprise Inspector, and further tailor them to their unique requirements.
- MSSP Alert says: ESET was an early moving in the MSP partner ecosystem, but anecdotal evidence suggests Webroot has leapfrogged the company in terms of SMB-centric MSP engagements. That said, ESET has formalized partner programs for MSPs, resellers and technology alliances.
- Quadrant: Niche players
- Gartner says: FireEye, a new entrant to this Magic Quadrant, is a security suite vendor that provides email, web, network, endpoint security and threat intelligence, which are managed in the new Helix security operations platform launched in April 2017. FireEye revenue from its HX Series endpoint security product is a relatively small portion of the vendor’s overall business. The HX management console is deployed through the cloud or as a virtual or on-premises hardware appliance that supports up to 100,000 endpoints. FireEye’s HX endpoint security agent is installed on 9 million endpoints globally, with over 70% of customers in North America and 15% in EMEA. FireEye’s appeal to Gartner clients is as a security suite and not as a best-of-breed endpoint security vendor.
- MSSP Alert says: FireEye has faced some partner program and MSSP relationship challenges in recent years, because of the company’s own security consulting services. Still, June 2017 product and service upgrades specifically had partners in mind.
Continue to page three of five for the next five companies in the 2018 Magic Quadrant for Endpoint Protection Security Platforms … and their implications for MSSPs.