As we mentioned in this post, we are about the visit the land of EDR (formerly: ETDR) in order to update Gartner GTP EDR coverage and to create one new document with a deeper technical dive on EDR technology.
If you recall, I’ve been whining incessantly about the fuzzy boundary between EDR (at least the way we originally defined it – as a visibility tool) and all types of “Next Generation Endpoint Protection.” Now another curveball was added to this: vendors who do remediation so rapidly, that it looks like prevention. On top of this, we have those isolation vendors that dabble with visibility too….
So…what should poor analysts do to provide some much needed clarity to their enterprise clients? In essence, we will suffer for vendors’ marketing sins … but I digress.
Here is what we are thinking now … maybe [all subject to change as our research progresses!]:
|Protection – visibility balance||Example||“EDR-ness”|
|All protection, no/little visibility capabilities||Cylance, EMET, etc||Not EDR [not in our EDR Market Guide]|
|All visibility, no protection, no remediation||Open src EDR like GRR live here||EDR|
|All visibility, some remediation, no protection||Many EDR vendors live here||EDR|
|A balance of significant visibility and protection / remediation functions||1-2 vendors live here||EDR but also EPP? A mythical “NG-EPP”?|
|Lots of focus on protection, a little on visibility||Some vendors here…||Probably not EDR … a very fuzzy bucket|
All in all, we will have to look at BOTH EDR capabilities [can your tool do it?] AND “funded use cases” [if you are predominantly purchased to BLOCK and PREVENT, we will not cover you in this paper] to decide who to include and who to profile for the paper.
Now, my traditional call to action:
- EDR vendors or related endpoint visibility vendors, got anything to say about this or just want to update us on your new capabilities and use cases? Here is a briefing link … you know what to do [reminder: to brief an analyst you do not need to be a Gartner client – so it is free]!
- Enterprises, got an EDR or endpoint visibility / monitoring/ detection / response story – either a WIN or a FAIL story – to share? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).
Related blog posts on EDR:
- Where Does EDR End and “NG AV” Begin?
- Reality Check on EDR / ETDR
- The Future Is Here … And It Is … Network? Endpoint?
- My Paper on Endpoint Tools Publishes (2013)
- Endpoint Threat Detection & Response Deployment Architecture
- Essential Processes Around Endpoint Threat Detection & Response Tools
- Named: Endpoint Threat Detection & Response
- Endpoint Threat Indication & Response?
- Endpoint Visibility Tool Use Cases
- On Endpoint Sensing
- RSA 2013 and Endpoint Agent Re-Emergence
- All posts tagged endpoint
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.