Content, Channel partners, Endpoint/Device Security, Channel partner programs

Gartner Magic Quadrant 2018: Endpoint Protection Security Platforms

Gartner’s Magic Quadrant for Endpoint Protection Platforms for 2018 plots 21 cybersecurity companies -- down from 22 in the 2017 report. Once again, we took a look at the report and looked for companies that actually have dedicated partner programs for MSPs and full-blown MSSPs. Here's a look at the Magic Quadrant companies for 2018, along with our channel-centric perspectives. First, some market definitions. According to Gartner:
"Endpoint protection is evolving to address more of Gartner's adaptive security architecture tasks such as hardening, investigation, incident detection, and incident response. Security and risk management leaders should ensure that their EPP vendor evolves fast enough to keep up with modern threats.... By 2021, endpoint protection platforms (EPPs) will provide automated, orchestrated incident investigation and breach response. Separate, stand-alone endpoint detection and response (EDR) solutions will focus on managed security service provider (MSSP) and large enterprise security operations center (SOC) environments."
Still, many of the EPP platforms for 2018 also focus on MSSP and SOC relationships, MSSP Alert found. Here's a look at each company sorted alphabetically, along with the Magic Quadrant layout...

Gartner Magic Quadrant 2018: Endpoint Protection Security Platforms & MSSPs

  • Quadrant: Niche Players
  • Gartner says: Bitdefender provides good effectiveness across a broad range of platforms and capabilities. Bitdefender offers EPP and EDR in one platform, and one agent across endpoints, and physical, virtual or cloud servers.
  • MSSP Alert says: The company announced a cloud-centric push in November 2017. Also, the company in December 2017 hired Fortinet veteran Joe Sykora as VP of worldwide channel development. Bitdefender's Key MSSP partners include The Bonadio Group.
Carbon Black:
  • Quadrant: Visionaries
  • Gartner says: Carbon Black is in the middle of a significant corporate transition, consolidating its overall offerings into a new cloud-based security platform called Predictive Security Cloud. The company's overall offerings consist of Cb Defense (EPP), Cb Response (threat hunting and incident response), and Cb Protection (application whitelisting and device lockdown). Carbon Black began to consolidate EDR features from Cb Response into Cb Defense in 2017 as it started to build a presence in the EPP market.
  • MSSP Alert says: The company launched a managed threat hunting service in January 2018. Key an eye out for the potential Carbon Black cb Connect 2018 conference, which will likely surface in October or so.
Cisco Systems:
  • Quadrant: Visionaries
  • Gartner says: Cisco's Advanced Malware Protection (AMP) for Endpoints is a new entrant to this year's Magic Quadrant. It consists of prevent, detect and respond capabilities deployed as a cloud-managed solution that can be hosted in a public or private cloud.
  • MSSP Alert says: Cisco has bet much of its business growth on security. The company also is coming downstream -- embracing MSPs that support SMB customers. That effort largely involves Cisco's growing partnership with ConnectWise.
  • Quadrant: Niche Players
  • Gartner says: The Comodo brand is best-known as a digital certificate authority and, in late October 2017, Francisco Partners acquired a majority stake in Comodo's certificate authority business, with Comodo planning to focus on its endpoint protection strategy. Comodo Advanced Endpoint Protection (AEP) includes malware protection, a host-based intrusion prevention system (IPS), web filtering, a personal firewall, sandbox analysis, vulnerability analysis and patching, and a 100% classification capability that helps guarantee a good or bad verdict on all executable files. When an executable is untrusted or unknown, it is run in a tightly controlled container to isolate any potentially malicious activity.
  • MSSP Alert says: Comobo provides one-time free use of a malware removal and cleanup service powered by its cWatch Web website security platform. The Comodo malware removal and cleanup service is paired with security operations centers (SOCs) globally to help businesses combat website malware. The company has about 8,000 partners worldwide.
Continue to page two of five for the next five companies in the 2018 Magic Quadrant for Endpoint Protection Security Platforms ... and their implications for MSSPs. Welcome to page two of five for the next five companies in the 2018 Magic Quadrant for Endpoint Protection Security Platforms ... and their implications for MSSPs. CrowdStrike:
  • Quadrant: Visionaries
  • Gartner says: CrowdStrike made strong progress in 2017 and managed to replace incumbent legacy EPP vendors at large organizations. With 79% of its business in North America, CrowdStrike has deployments in 176 countries and includes some very large organizations with more than 50,000 seats. CrowdStrike Falcon's lightweight single agent supports all environments (physical, virtual and cloud) and functions with the same agent and management console for Falcon Prevent protection and Falcon Insight EDR. With its EDR heritage, CrowdStrike records most endpoint events and sends all recorded data to its cloud for analysis and detection. Some prevention is done locally on the agent.  Organizations with small or no SOC teams will find the combination of Falcon OverWatch and Falcon Endpoint Protection compelling. CrowdStrike also offers a well-respected breach response service.
  • MSSP Alert says: The company named former former AppDynamics executive Matthew Polly as its vice president of worldwide business development and channels in July 2017. He is driving the Elevate Partner Program. Also, the company raised $100 million in Series D funding in May 2017.
  • Quadrant: Visionaries
  • Gartner says: Cylance was one of the pioneers in using machine learning to detect file-based malware, but by 2017, most EPP competitors claimed to have added ML capabilities, pressuring Cylance to more aggressively address non-file-based attacks. In late May 2017, Cylance formally launched its EDR product, CylanceOPTICS, which was late to market compared to other vendors, and generally perceived to be lacking in advanced capabilities already available in key competing products.Eighty-five percent of Cylance's business is in North America, although the company has about 3,700 customers across the globe, half of which represent organizations with fewer than 500 seats. CylancePROTECT is cloud-based, with Cylance hosting and managing the console infrastructure directly. The vendor finally started participating in the VirusTotal community in 2017, but has a poor third-party test participation record when compared with established EPP vendors.
  • MSSP Alert says: Cylance has made a serious commitment to MSSPs and channel partners. Most recently, the company in January 2018 hired Chris Scanlan, a former Optiv Security top sales executive, to head its North America sales efforts and tasked him with delivering incremental revenue, building partnerships and fleshing out his sales team’s expertise. His official title is SVP of North America Sales.
  • Quadrant: Visionaries
  • Gartner says: Endgame is a new entrant to the Magic Quadrant this year. It is a privately held organization that has evolved from pure EDR for large enterprise and defense organizations, with the addition of prevention capabilities for the broader enterprise market. Endgame is one of the few vendors in this analysis that sells a single product offering — meaning there are no additional add-ons or purchases — to address protection, detection and response use cases.
  • MSSP Alert says: We have never heard directly from Endgame. On the partner front, Endgame points mostly to alliances with Accenture, Corvil, HP Enterprise and Morphick  -- rather than a formalized channel partner or MSSP partner program.
  • Quadrant: Challengers
  • Gartner says: ESET has a strong EPP market share among SMBs to large enterprises, providing solid protection with a lightweight agent. But it still manages to provide a large protection stack, including a host- based intrusion prevention system (HIPS), ML, exploit prevention, detection of in-memory attacks and ransomware behavior detection. ESET recently launched an additional platform for EDR capabilities, called Enterprise Inspector. Customers with experienced security staff will be able to inspect and modify the detection rules within Enterprise Inspector, and further tailor them to their unique requirements.
  • MSSP Alert says: ESET was an early moving in the MSP partner ecosystem, but anecdotal evidence suggests Webroot has leapfrogged the company in terms of SMB-centric MSP engagements. That said, ESET has formalized partner programs for MSPs, resellers and technology alliances.
  • Quadrant: Niche players
  • Gartner says: FireEye, a new entrant to this Magic Quadrant, is a security suite vendor that provides email, web, network, endpoint security and threat intelligence, which are managed in the new Helix security operations platform launched in April 2017. FireEye revenue from its HX Series endpoint security product is a relatively small portion of the vendor's overall business. The HX management console is deployed through the cloud or as a virtual or on-premises hardware appliance that supports up to 100,000 endpoints. FireEye's HX endpoint security agent is installed on 9 million endpoints globally, with over 70% of customers in North America and 15% in EMEA. FireEye's appeal to Gartner clients is as a security suite and not as a best-of-breed endpoint security vendor.
  • MSSP Alert says: FireEye has faced some partner program and MSSP relationship challenges in recent years, because of the company's own security consulting services. Still, June 2017 product and service upgrades specifically had partners in mind.
Continue to page three of five for the next five companies in the 2018 Magic Quadrant for Endpoint Protection Security Platforms ... and their implications for MSSPs. Welcome to page three of five for the next five companies in the 2018 Magic Quadrant for Endpoint Protection Security Platforms ... and their implications for MSSPs. Fortinet:
  • Quadrant: Niche players
  • Gartner says: Fortinet is a network security suite vendor that sells enterprise firewalls, email security, sandbox, web application firewalls and a few other products, including its FortiClient endpoint security software. The vendor is a new entrant to this Magic Quadrant. FortiClient is not well-known to most Gartner clients inquiring about endpoint security, and we see little adoption of it outside of Fortinet's client base. FortiClient is becoming more focused on the enterprise space, but its current installed base is mostly in the SMB space, and about half of its customers have less than 1,000 seats installed. In 2017, FortiClient generated less than 1% of the vendor's revenue. Its track record of endpoint- focused third-party testing is poor, and this impacts its execution and vision in this assessment.
  • MSSP Alert says: Fortinet helped to pioneer MSSP-related partner programs and security consumption models. True believers include ePlus, which now supports Fortinet's security gear within an MSSP push.  The company's 2018 partner and customer conference is set for February.
  • Quadrant: Visionaries
  • Gartner says: In 2017, F-Secure continued with its long track record for high-accuracy, lightweight and low-impact anti-malware detection with its cloud-based F-Secure Protection Service for Business (PSB) offering and on-premises solution F-Secure Business Suite. F-Secure added an integrated password manager with password protection capabilities and improved device control management to PSB and Business Suite. F-Secure also added ML capabilities to its Rapid Detection Service, which is its managed EDR solution. Over the past 12 months, F-Secure further enhanced its product deployment and management capabilities, making it a good choice for larger, more complex enterprises. F-Secure is focusing its investments in its managed service offerings, and has added product enhancements with a specific focus on preventing ransomware attacks.
  • MSSP Alert says: F-Secure acquired Digital Assurance in May 2017. F-Secure is a UK based security consultancy firm offering information security assessment services to governments and companies in the financial, petrochemical, retail, communication, and defense industries. For some MSSPs, that may be a warning sign that F-Secure plans to sell more directly to customers. Still, the company has more than 6,000 reseller partners worldwide.
Kaspersky Lab:
  • Quadrant: Visionaries
  • Gartner says: Kaspersky Lab's "built not bought" approach has provided good integration and allows for a strong approach to managed services. The vendor is late to market with EDR capabilities, and has no vendor-managed, SaaS-type cloud-based management options for organizations with more than 1,000 endpoints to manage. The vendor's research team makes up one-third of the organization, and is well-known for its accurate malware detection and in-depth investigation and analysis of many sophisticated attacks. Kaspersky Lab has been the subject of media scrutiny, citing unnamed intelligence sources, claiming that Kaspersky's software was being used by the Russian government to access sensitive information. Kaspersky denies the claims.
  • MSSP Alert says: Despite U.S. government scrutiny, Kaspersky's revenues grew roughly 8 percent in 2017. The company has a large partner program, and MSP-related relationships with companies like Kaseya continue. However, MSSPs that have any U.S. federal government relationships will likely shy away from Kaspersky, since the U.S. government has barred the company's software on agency networks.
  • Quadrant: Visionaries
  • Gartner says: Malwarebytes continues to gain momentum, using its experience as the incident response tool of choice by organizations of all sizes, and has doubled its seat count in the past 12 months. In 2017, Malwarebytes delivered cloud-based management, and added mainstream and advanced EDR capabilities to its single agent, which includes the breach remediation tools for remediating infections. It is one of the few vendors in this space that can roll back the changes made by ransomware, including restoring files that were encrypted in the attack. This ransomware remediation can be performed remotely from the cloud management console up to 72 hours after the attack, without the need for any local access to an endpoint. For organizations with small IT or security teams, Malwarebytes provides strong protection capabilities and some advanced EDR capabilities, all at an attractive price point. For larger organizations, or organizations with a mature security team, there are some missing enterprise features that make it a challenge to incorporate into an existing SOC workflow.
  • MSSP Alert says: Malwarebytes, ranked number 847 on the Inc. 5000 list for 2017. Revenue grew 532 percent, reaching $98.3 million, over a three-year period, the report said. The company in May 2017 expanded its partner program across EMEA.
  • Quadrant: Visionaries
  • Gartner says: Intel completed the sale of 51% McAfee to TPG in April 2017 and, as a stand-alone company, McAfee hopes it can now refocus its efforts on the core aspect of its business: endpoint protection. McAfee remains one of the top three incumbent EPP vendors by market share, and its execution issues over the past three years make it the top competitive target for displacement by other vendors in the EPP Magic Quadrant. Specifically, Endpoint Security (ENS) version 10.x (v.10.x) upgrades remained a very challenging adoption cycle for most McAfee clients. While the feature set and protection capabilities included in the most recent release are quite compelling, and public test scores have improved over the past year, McAfee's execution assessment is hampered by organizations continuing to be hesitant to adopt the latest version, leaving them vulnerable to commodity malware as well as more advanced threats. Gartner client inquiry data identified McAfee as the single most-quoted EPP vendor that clients were planning to replace. Customer satisfaction scores were low again for 2017.
  • MSSP Alert says: McAfee has taken multiple steps to strengthen its business, including a free trial of a virtual Network Security Platform on AWS; some new SOC offerings; and the Skyhigh Networks acquisition.
Continue to page four of five for the next five companies in the 2018 Magic Quadrant for Endpoint Protection Security Platforms ... and their implications for MSSPs. Welcome to page four of five for the next five companies in the 2018 Magic Quadrant for Endpoint Protection Security Platforms ... and their implications for MSSPs. Microsoft:
  • Quadrant: Visionaries
  • Gartner says: Microsoft is unique in the EPP space, as it is the only vendor with the capacity to embed protection features directly into the OS. It has used this advantage to step up its efforts in security with Windows 10 features, improvements to Windows Defender (also known as System Center Endpoint Protection), the addition of Windows Defender Advanced Threat Protection and Windows Defender Security Center. Microsoft has become the most-asked-about vendor during EPP-related Gartner client inquiry calls, and there is significant interest in using the security capabilities in Windows 10 to reduce security spend with other vendors.
  • MSSP Alert says: Cybersecurity was a major focus area at the Microsoft Ignite 2017 partner conference. It's a safe bet the cybersecurity emphasis will continue. The good and bad news: Microsoft is obsessed with safeguarding Windows, Office 365 and Azure. But overall, MSSPs may be seeking a more holistic approach to security that isn't so Microsoft-centric.
Palo Alto Networks:
  • Quadrant: Niche players
  • Gartner says: Palo Alto Networks is still best-known to Gartner clients for its next-generation firewall (NGFW) product line, and this continues to be the main line of introduction to Palo Alto Networks Traps for Gartner clients. Traps uses a stack of nonsignature detection capabilities, such as ML, static and dynamic analysis, as well as monitoring processes and applications as they are spawned for suspicious activity and events. Suspect files from the endpoint can be tested by Palo Alto Networks WildFire, its cloud- based threat analysis and malware sandboxing platform, which is included with a Traps subscription. Palo Alto Networks acquired LightCyber in 2017; its behavioral-based analytics technology provides automated detection of suspicious user and entity activity indicative of malware. Traps without LightCyber currently offers limited EDR capabilities, which impacts its execution and vision evaluation in this assessment.
  • MSSP Alert says: Don't overlook Palo Alto's very strong channel leadership team. Plus, the company is attracting strong attention from next-generation MSPs like 2nd Watch.
Panda Security:
  • Quadrant: Visionaries
  • Gartner says: Panda Security's unique value proposition is the classification or attestation of every single executable file and process on a protected endpoint device, and it is the only vendor to include a managed threat hunting service in the base purchase of its EPP. Adaptive Defense 360 is fully cloud managed, and combines EPP and EDR into a single offering and single agent. Organizations without experienced security staff will find Panda Security a good shortlist candidate for an EPP solution, as will organizations considering managed detection and response solutions that are prepared to replace their incumbent EPP vendor.
  • MSSP Alert says: Panda has longstanding relationships with MSPs in the SMB sector. Enterprise-class relationships also have emerged -- including Panda's growing relationship with Deloitte, a Top 100 MSSP for 2017.
  • Quadrant: Visionaries
  • Gartner says: SentinelOne a part of the new wave of EPP solution providers that have experienced fast growth over the past few years. The cloud-based solution is designed around fully embedded EDR and behavioral protection. SentinelOne was one of the first vendors to offer a ransomware protection guarantee based on its behavioral detection and file journaling features. In 2017, SentinelOne struggled to maintain its mind share and share-of-voice in a crowded market, which impacts the marketing-related assessment criteria across both vision and execution. However, the vendor continued to sign on a broad range of partners and resellers. SentinelOne is a good prospect to replace or augment existing EPP solutions for any organization looking for a solution with strong protection and visibility.
  • MSSP Alert says: Key MSSP partners include Carvir. Recent relationships include a firewall integration with SonicWall, the pure channel company. A Vigilance security monitoring service partners surfaced in September 2017.
  • Quadrant: Leaders
  • Gartner says: In March 2017, Sophos acquired Invincea — a Visionary vendor in the 2017 Magic Quadrant for Endpoint Protection Platforms — giving Sophos access to its deep learning ML algorithms. The Sophos Intercept X product, designed to protect against and recover from the malicious actions related to ransomware and exploits, proved popular with both existing Sophos Endpoint Protection customers and as an augmentation to an incumbent EPP. This momentum continued its increased brand awareness in the enterprise space. Also included in the Intercept X purchase are Sophos' EDR-like capabilities — called Root Cause Analysis — and the ML malware detection technology from the acquisition of Invincea was added in late 2017.
  • MSSP Alert says: Sophos has one of the most advanced dashboards for MSPs and MSSPs that need to manage security across multiple customer sets. The company's partner program is widely respected across the IT channel.
Continue to page five of five for the next five companies in the 2018 Magic Quadrant for Endpoint Protection Security Platforms ... and their implications for MSSPs. Welcome to page five of five for the next five companies in the 2018 Magic Quadrant for Endpoint Protection Security Platforms ... and their implications for MSSPs. Symantec:
  • Quadrant: Leaders
  • Gartner says: The divestiture of the Veritas business in January 2016 and the acquisition of Blue Coat in August 2016 provided a new executive team with leadership and vision that has refocused the vendor and resulted in an improved execution score in this analysis. In 2017, Symantec successfully released product updates for its traditional products with enhancements and new capabilities, such as deception technologies. In the EDR space, Symantec is the most successful of the traditional EPP vendors, where the Advanced Threat Protection (ATP) product uses the same agent as Symantec Endpoint Protection (SEP).  Throughout 2017, Symantec continued to be the leading vendor mentioned by other vendors as their main competition. Symantec continues to generate growth and increased revenue in both the consumer and enterprise businesses (roughly evenly split 50/50). It continues to lead the market in EPP revenue and market share. Symantec continues to provide one of the most comprehensive EPPs available in this market, with third-party test scores remaining in the top tier, and has added advanced features to better address the changing threat landscape, becoming the first vendor to combine malware protection, EDR, system hardening and deception capabilities in a single agent.
  • MSSP Alert says: Symantec has a large partner program but the company also is an MSSP of sorts.
Trend Micro:
  • Gartner says:  Trend Micro is the third-largest vendor in the EPP market, with products ranging across network, data center and endpoint systems. It has a large worldwide footprint, with more than half of the business coming from Japan and the Americas. Although the vendor has had a rather unremarkable year from a technology innovation perspective, it ticks boxes for mainstream EPP requirements, particularly for those looking for a comprehensive suite of solutions at an affordable price. Unlike the more visionary participants in this Magic Quadrant, Trend Micro's EDR solution is delivered as a separate agent to the EPP solution. And while it integrates with additional on-premises products like the Deep Discovery sandbox, it lacks integration with its cloud sandbox, and cannot be managed from Trend Micro's cloud platform. One of Trend Micro's biggest advantages is the vulnerability assessment and virtual patching technology, which uses an IPS engine to detect vulnerabilities, and uses HIPS to create a virtual patch to block the exploitation. Trend Micro remains a good shortlist candidate for organizations of all sizes.
  • MSSP Alert says: Trend Micro was one of the early movers in the MSP-centric SMB channel, but the company's channel efforts have fluctuated in recent years.
Here's how the Magic Quadrant chart actually looks...
Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.