Jörge röse-oberreich/Shutterstock
**Editor’s Note: This is the latest in our series of “20 top providers.” Previous editions feature providers of UCaaS, SD-WAN, and backup and DR.**
Being a successful antivirus software provider means staying one step ahead of cybercriminals. Those providers that can’t aren’t likely to be around much longer.
Antivirus (AV) software is designed to detect, prevent and remove malware. That includes viruses, worms, trojans and scareware, as well as some forms of unwanted programs, such as adware and spyware.

CloudTech1’s Rick Beckers
Analysts, a member of the Channel Partners Editorial Advisory Board and other industry experts shared their views with us on what it now takes to succeed in antivirus software.
Antivirus providers were, and still are, always challenged by the ongoing evolution of the threats, and the expanding community of black-hat virus developers and ransomware criminals, said Rick Beckers, president of CloudTech1 and editorial advisory board member.
“So, it is getting much harder to compete,” he said. “All these new threats leave open the ability for new providers to reinvent the wheel and offer a better solution. The legacy names in the industry must always work diligently to keep astride while maintaining their existing products and services.”
A successful, cutting-edge antivirus provides the ability to detect malware behavior not previously seen, said Brad Kunze, sales engineer at Telarus.

Telarus’ Brad Kunze
“These are known as Zero Day and Advanced Persistent Threats (APTs), and do not have a signature identified by an antivirus entity,” he said. “Next-generation antivirus/endpoint detection services are incorporating artificial intelligence (AI)/behavior analytics to detect threats and respond whether the malware came through email or other platforms.”
Rik Turner, principal analyst at Ovum, said providers must go beyond the signatures-based approach, which characterized the first generation of vendors, some of whom, like Symantec and McAfee, grew to be industry giants with multibillion-dollar revenues off the back of the those signatures. The signature is a unique string of bits, or the binary pattern, of a virus.
“The efficacy of signatures is waning year by year and they are thus being complemented by other technologies for detection and response,” he said. “Many of these approaches rely on machine learning to recognize anomalies.”
In terms of challenges faced by providers, the “ante is going up, in that they now have to invest in the development of algorithms that they subsequently need to train to identify patterns and thus detect anomalous behavior/activities, Turner said.

Ovum’s Rik Turner
“There are also a lot of ‘next-gen’ vendors in the market vying for customer mindshare, so the old-school vendors, while they have the customer base, must spend a considerable amount to make sure they are up to date, and to let the world know that that is the case,” he said.
A good antivirus service provider must have a “great, friendly channel program” so that MSPs, VARs and those dealing directly with the end user can implement it, manage it centrally and make some money doing so, Beckers said.
“The antivirus service provider must have a product with a rapid response notification system so that the MSP or end user knows that something is going on as early as possible when there is an attack,” he said. “Time is of the essence!”
Based on feedback from experts, recent news reports and Gartner’s Magic Quadrant for Endpoint Protection Platforms, we’ve compiled a list, in no particular order, of 20 antivirus software providers that are making the most of the current competitive landscape and charting success.
Click through our gallery below to see how made the list and why.
SymantecBoth Kunze and Turner cited
Symantec as a top provider. Gartner lists the company as an
endpoint protection platform leader, saying the company's "broad deployment across a very large deployment population of both consumer and business endpoints provides it with a very wide view into the threat landscape across many verticals."
Symantec is among the "significant players" in the
global security and vulnerability management market, which is expected to more than triple in value by 2027, exceeding $20 billion.
McAfeeTurner cited
McAfee as a top provider and Gartner lists it as a visionary, saying its investment in developing an endpoint detection and response (EDR) solution has "resulted in an offering with a useful feature set."
Announced in January, McAfee Identity Theft Protection provides users with personal monitoring, financial monitoring and recovery tools to keep identities personal and secured. Additionally, through new partner innovations with D-Link and Samsung, McAfee delivers in the key areas of the connected home, mobile security and privacy.
Trend MicroKunze and Turner cited
Trend Micro as a top provider, and Gartner lists it as a leader, saying for "customers looking for a single strategic vendor, Trend Micro has strong integration across the endpoint, gateway and network solutions to enable real-time policy updates and posture adjustments."
Kaspersky LabKunze and Turner also cited
Kaspersky Lab, which Gartner lists as a
visionary, saying it "is a consistent top performer in public, third-party AV tests."
"Increasingly, an AV platform needs to respond in a timely fashion, not only to the known bad stuff that it has identified and created a signature for, but also the unknown stuff (to paraphrase Donald Rumsfeld) detected by an analytical capability that relies on machine learning," Turner said. "It should then also be able to integrate with incident response platforms to streamline how a company reacts to such information."
Bitdefender and WebrootBeckers said he's had
good success with Bitdefender and Webroot. Gartner calls the former a niche player, saying its "detection technology is well-regarded and performs well in third-party tests. The vendor has a long list of technology and service providers that use its detection capabilities as OEMs."
In March, Webroot announced double-digit, year-over-year annual recurring revenue growth for the second quarter of its 2018 fiscal year, marking its 16th consecutive quarter of double-digit, year-over-year revenue growth.
"They are both lightweight in terms of resource consumption," Beckers said. "Both have good management consoles and integrate into our professional-services automation tool so that they can be deployed, managed and pulled back efficiently. The price point fits our model and is palatable to our customers. Support is also very good when needed."
Carbon BlackKunze cited
Carbon Black as a top performer, while Gartner lists it as a visionary. The company, which is
going public, has more than doubled its customer base in two years, with most of that growth being in the cloud. In its
Securities and Exchange Commission (SEC) filing, the company claimed 3,739 customers at the end of 2017, up from 1,774 at the end of 2015.
FireEyeKunze also cited
FireEye as a top performer, while Gartner lists it as a niche player. Announced last fall, the latest version of
FireEye Endpoint is designed to deliver multiple integrated threat detection/prevention capabilities to bolster customer threat protection and response effectiveness. It includes an integrated malware (AV) detection/prevention engine aimed at quickly stopping known threats.
Avast/AVGTurner cited
Avast/
AVG as a top performer. Avast
acquired AVG in 2016, and both offer free
antivirus software.
"An
AV solution needs to be constantly scanning the endpoint device," said Tony Massimini, senior industry analyst, information and network security at Frost & Sullivan. "It must also have features such as script blocking, webmail protection, instant-messaging protection and automatic virus updates. Customer support is also an important factor. Keeping an AV up to date is important due to the constant change of malware and tactics by threat actors. Many security vendors have global threat intelligence networks which harvest threat data from endpoints. Using machine learning and artificial intelligence (AI), security vendors are able to update AV and other security solutions."
CylanceKunze cited
Cylance as a top provider, while Gartner lists it as a visionary, saying CylancePROTECT, its flagship AV product, "has a small footprint and easy-to-use management console, with low maintenance support requirements." Early this year, Cylance
announced it had surpassed $100 million in annual revenue in 2017. This represents 177 percent year-over-year growth due to the support of its more than 3,800 enterprise customers.
"I’m keeping my eyes on some relative newcomers in the space," Beckers said. "Mainly, Cylance at this time."
SophosKunze cited
Sophos as a top provider, while Gartner lists it as a leader, saying its "Intercept X product, designed to protect against and recover from the
malicious actions related to ransomware and exploits, proved popular with both existing Sophos Endpoint Protection customers and as an augmentation to an incumbent endpoint protection platform (EPP)."
MalwarebytesKunze cited
Malwarebytes among the top providers, while Gartner lists it as a visionary, saying it "continues to gain momentum, using its experience as the incident-response tool of choice by organizations of all sizes, and has doubled its seat count in the past 12 months."
"The challenge for AV vendors is that a standalone solution must compete with those AVs that are part of a larger software suite for endpoint security,"
Massimini said. "The trend is for AV to work in an overall comprehensive system architecture which ties in with other security products. The AV should integrate with the rest of a vendor’s portfolio or with other third-party vendors."
MicrosoftGartner lists
Microsoft as a visionary, saying its "Windows Security Research Team benefits from a vast installation of over 1 billion consumer endpoint versions of the (Windows Defender) antivirus engine and its online system-check utilities, which provide a Petri dish of malware samples and indicators of attack (IOAs).
SolarWinds MSPBeckers said under the “old things become new again” heading, he's taking another look at the Solarwinds MSP Antivirus offering "that is based on their own retweaked version of Vipre that has now incorporated what used to be called Logic Cards into it, and thus gives it the network 'listening' capability that we are all seeking."
The SolarWinds MSP platform, which includes antivirus, maintains more than 12,000 subscriptions in more than 100 countries across the globe.
F-SecureTurner cited
F-Secure as a top regional provider, while Gartner lists it as a visionary, saying it "has consistently good malware test results and performance tests. It includes
cloud-based file intelligence look-ups and a virtual sandbox for malicious behavior detection."
"
To meet the needs of today’s MSPs, an antivirus product must be both cloud-based and on-premise[s] deployable and manageable," Beckers said. "It must be robust enough to protect at many different points of attack such as: firewall point of attack; real-time protection point of attack; (and) web browser point of attack. And it must protect all common versions of operating systems: Windows, IOS, Android, Mac, etc."
FortinetGartner lists
Fortinet as a niche player, saying FortiClient, which includes antivirus, web filtering,
firewall and parental controls, is "easy to deploy and easy to manage." For 2017, the company reported a 17 percent increase in revenue and a 19 percent increase in billings compared to the previous year.
"
Many customers, especially in large to enterprise organizations, rely on multiple AV solutions on the same endpoint," Massimini said. "This is to ensure if one AV misses something, another will catch it. However, these AVs need to communicate well with each other in order to eliminates any gaps in coverage."
Panda SecurityTurner cited
Panda Security as a regional player, and Gartner lists it as a visionary, saying its "cloud-first approach, and the managed services backing the endpoint protection platform (EPP) and endpoint detection and response (EDR) capabilities, are beginning to increase brand awareness outside of Europe."
"
Cybercrime is big business," Beckers said. "There are over 1.5 million annual cyberattacks — three every minute. Criminals use increasingly advanced techniques to implement malware, phishing, scams and other schemes to steal money and personal information."
CiscoKunze cited
Cisco as a top performer, while Gartner lists it as a visionary. Last month, Cisco
announced upgrades to its
Advanced Malware Protection (AMP) for Endpoints, designed to stop malware, eliminate blind spots and discover unknown threats.
"
All vendors take a multi-layered strategy for endpoint security," Massimini said. "Several endpoint security vendors are moving toward adopting signatureless technologies such as exploit mitigations, machine learning and behavior monitoring. More data analysis and automated continuous remediation are being employed. Cutting-edge AV works in concert with these technologies."
Palo Alto NetworksKunze cited
Palo Alto Networks as a top provider, while Gartner lists it as a niche player. Its Traps platform has been
certified as a replacement for legacy AV software sold by companies like Symantec and McAfee, giving it access to another fast-growing market.
"
The frequency of new and mutated viruses, along with new methods and attack points, require that an effective antivirus solution become a 'learning' solution that looks deeper than the file level or device level," Beckers said. "The network is the new combat zone in fighting viruses. Catching the virus by listening on the network and putting up barriers to its further transmission by shutting off paths to insecure endpoints is a better protection plan than remediating and cleaning after the infection has taken place."
CrowdStrikeKunze cited
CrowdStrike, which Gartner lists as a visionary. Last month, the company
launched Crowdstrike
Falcon Endpoint Protection Complete, a turnkey offering that combines its Falcon endpoint protection technology with its endpoint protection team. Falcon delivers and unifies IT hygiene, next-generation antivirus, endpoint detection and response (EDR), managed threat hunting and threat intelligence.