Microsoft, SentinelOne, and CrowdStrike rank at the top of Gartner’s recently released 2024 Maqic Quadrant of endpoint protection platform (EPP) vendors, which are increasingly important in protecting what are still among the most vulnerable parts of an enterprise’s IT environment.
Cybercriminals are continuing to focus on identity and authentication as avenues for infiltrating corporate networks at a time when the workforce is becoming more distributed.
EPPs offer a layer of protection that includes identifying and stopping malware from executing on a system, detecting new threats, from fileless malware to ransomware, defending against insider threats, and investigating breaches. EPPs cover a broad array of devices, including PCs, laptops, servers, mobile phones, and embedded systems.
Given all that, it’s not surprising that EPPs are a crucial part of any MSSP’s services portfolio.
“While other sources of data like network and identity can provide tremendous detection value, endpoint protection platforms are the most valuable component to detection and response providers,” Randy Watkins, CTO at Critical Start, told MSSP Alert.
Most attackers try to access the network through phishing attempts, attaching malware to an email that the user may click on, Watkins said.
“Additionally, attackers looking to steal information or encrypt files will access a desktop as part of their attack at some point in the process,” he said. “Gaps in endpoint coverage represent a significant vulnerability to both organizations and service providers who cannot identify these gaps.”
Endpoints are Gateways for Bad Actors
According to IBM, as much as 70% of successful data breaches and 90% of successful cyberattacks start at endpoint devices. With the worldwide average cost to a business of a data breach hit $4.88 million this year, being as proactive as possible in stopping such intrusions is critical.
The message is getting through, with organizations shifting to a platform view of protection. Gartner analysts say that about 5% of enterprises this year have adopted preventative endpoint detection and response (EDR) and identity threat detection and response from the same vendor, a trend that will grow to 30% by 2028. In addition, by 2029, half of organizations will evaluate EPPs as part of a comprehensive workspace strategy, up from about 20% this year.
Microsoft, SentinelOne, and EPPs
Microsoft’s EPP offering is Defender for Endpoint, which Gartner analysts said is a good fit for a broad array of organizations around the world, particularly those that rely on the vendor’s technologies and that want to consolidate their myriad security vendor offerings. Microsoft also courts enterprises that want their EPP capabilities deployed in the cloud.
In addition, Redmond in July integrated its Defender XDR tools into Sentinel, creating a more unified landscape for an endpoint security software that spans product lines and extends into the Azure cloud.
Singularity is SentinelOne’s EPP flagship offering, which, like Microsoft’s Defender for Endpoint, targets a wide range of organizations that are looking for broad operating system support, ease of use, and managed detection and response (MDR) service options, Gartner wrote in its report. Customers also span the cloud, hybrid cloud, and on-premises – including air-gapped environments.
Singularity MDR and Singularity MDR + DFIR both became generally available in August. In addition, in April, the vendor launched the Singularity Operations Center, a unified console in the Singularity platform that centralizes security management and workflows and is available to cloud-native users.
CrowdStrike Rides Falcon
CrowdStrike comes in as the second-largest endpoint protection vendor, with a market share of 14.2%, behind Microsoft’s dominant 40.2%. Its Falcon software is its primary EPP offering. It was a faulty update to a Falcon sensor in July that caused 8.5 million Microsoft endpoints around the world to crash.
The company’s focus typically has been on larger enterprises, only recently looking to move down the market to the MSP level, according to analysts. That’s not say that CrowdStrike doesn’t have MSSP partners. eSentire this year was named CrowdStrike’s MSSP Partner of the Year for the third straight year, with other such partners including ClearNetwork, SSI, ActZero, and Kudelski Security.
A year ago, the company unveiled its Accelerate partner program to educate and incentivize MSSPs, MSPs, and other service provider partners that want to expand their use of the Falcon portfolio. On its MSSP page, CrowdStrike touts the protection and operational efficiency of Falcon, offers them package options – MSSP Protect, MSSP Defend, and MSSP Advanced Defend – and lists optional modules for cloud security, identity, security and IT operations, and next-generation SIEM and log management.
In their Magic Quadrant, Gartner analysts also named Palo Alto Networks, Trend Micro, and Sophos as leaders, while tapping Bitdefender, Check Point Software, and Cisco as visionaries in the EPP space.