EDR vendors have begun their evolution into extended detection and response (XDR).

Edward Gately, Senior News Editor

June 8, 2021

20 Slides

The COVID-19 pandemic and subsequent shift to remote work accelerated demand for endpoint detection and response (EDR) solutions.

Our latest CF List focuses on EDR and the transition to extended detection and response (XDR). Analysts with Omdia, S&P Global Market Intelligence, Forrester and Frost & Sullivan weighed in on EDR market trends and what it takes to be a successful EDR provider.

Allie Mellen is analyst of security and risk at Forrester.


Forrester’s Allie Mellen

“The pandemic has highlighted how important it is to build resilience into our systems and processes,” she said. “When the pandemic started, security teams had to quickly pivot to support remote work.”

Additionally, throughout the past year, security teams had to prepare for the inevitable return to the office, Mellen said.

“Ultimately … security teams are looking for a tool that can be dynamic with them, especially when handling such large and changing amounts of data,” she said.

Pandemic Accelerated Changes

Fernando Montenegro is principal analyst of information security at S&P Global.


S&P Global’s Fernando Montenegro

“The requirements have been evolving,” he said. “But the pandemic accelerated changes that have been in play for a few years now. For example, it’s now commonplace to have at least the option of using a cloud-based back end. And broad support for multiple platforms (Windows, Mac, Linux, mobile) is expected as well.”

Eric Parizo is principal analyst of Omdia’s cybersecurity operations intelligence service. (Like Channel Futures, Omdia’s parent company is Informa.)


Omdia’s Eric Parizo

“There’s no question endpoint defense requirements have evolved to the point where the ability to detect and respond to threats on remote endpoints, endpoints with trusted user access, is just as important as for endpoints directly connected to the corporate network,” he said.

Tony Massimini is senior industry analyst of information and network security at Frost & Sullivan.


Frost & Sullivan’s Tony Massimini

“A major development in the last few years is that EDR has quickly become integrated into endpoint protection platform (EPP),” he said. “EDR, an enhanced threat hunting tool, was a standalone, high-end niche solution that was previously tracked separately by Frost & Sullivan. Endpoint security vendors have integrated various EDR functions across a spectrum of EPP offerings.”

XDR Evolution

Mellen said EDR vendors have begun their evolution to XDR. Companies have initiated acquisitions explicitly meant to help them on this new strategy.

“Two examples that come to mind are CrowdStrike and their acquisition of Humio, a log management solution, and SentinelOne and their acquisition of Scalyr, a data analytics platform,” she said.

EDR vendors across the board have shifted towards the XDR market, Mellen said.

In addition, some younger players claim to deliver on XDR outcomes, she said. But they haven’t yet revealed these capabilities.

Parizo said recent M&A activity shows the future isn’t EDR, but rather XDR.

“While XDR solutions don’t necessarily have to be based on EDR, the EDR vendors recognize that customers don’t want separate detection and response solutions for endpoints, networks and the cloud,” he said.

Vendors should integrate these solutions, Parizo said. That’s because threat actors will traverse back and forth across different platforms during the course of a single attack.

In addition to SentinalOne and Crowdstrike, Parizo cites Fidelis Cybersecurity’s acquisition of CloudPassage as an example of the evolution to XDR.

“Standalone EDR solutions are already on borrowed time,” he said.

We’ve compiled a list, in alphabetical order, of 20 top EDR providers based on analysts’ feedback and recent news reports. The list includes a mix of well-known providers as well as lesser-known ones making strikes in endpoint security.

Scroll through our slideshow above to see who made the list.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like