As we mentioned in this post, we are about the visit the land of EDR (formerly: ETDR) in order to update Gartner GTP EDR coverage and to create one new document with a deeper technical dive on EDR technology.
If you recall, I’ve been whining incessantly about the fuzzy boundary between EDR (at least the way we originally defined it – as a visibility tool) and all types of “Next Generation Endpoint Protection.” Now another curveball was added to this: vendors who do remediation so rapidly, that it looks like prevention. On top of this, we have those isolation vendors that dabble with visibility too….
So…what should poor analysts do to provide some much needed clarity to their enterprise clients? In essence, we will suffer for vendors’ marketing sins … but I digress.
Here is what we are thinking now … maybe [all subject to change as our research progresses!]:
|Protection – visibility balance||Example||“EDR-ness”|
|All protection, no/little visibility capabilities||Cylance, EMET, etc||Not EDR [not in our EDR Market Guide]|
|All visibility, no protection, no remediation||Open src EDR like GRR live here||EDR|
|All visibility, some remediation, no protection||Many EDR vendors live here||EDR|
|A balance of significant visibility and protection / remediation functions||1-2 vendors live here||EDR but also EPP? A mythical “NG-EPP”?|
|Lots of focus on protection, a little on visibility||Some vendors here…||Probably not EDR … a very fuzzy bucket|
All in all, we will have to look at BOTH EDR capabilities [can your tool do it?] AND “funded use cases” [if you are predominantly purchased to BLOCK and PREVENT, we will not cover you in this paper] to decide who to include and who to profile for the paper.
Now, my traditional call to action:
- EDR vendors or related endpoint visibility vendors, got anything to say about this or just want to update us on your new capabilities and use cases? Here is a briefing link … you know what to do [reminder: to brief an analyst you do not need to be a Gartner client – so it is free]!
- Enterprises, got an EDR or endpoint visibility / monitoring/ detection / response story – either a WIN or a FAIL story – to share? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).
Related blog posts on EDR:
- Where Does EDR End and “NG AV” Begin?
- Reality Check on EDR / ETDR
- The Future Is Here … And It Is … Network? Endpoint?
- My Paper on Endpoint Tools Publishes (2013)
- Endpoint Threat Detection & Response Deployment Architecture
- Essential Processes Around Endpoint Threat Detection & Response Tools
- Named: Endpoint Threat Detection & Response
- Endpoint Threat Indication & Response?
- Endpoint Visibility Tool Use Cases
- On Endpoint Sensing
- RSA 2013 and Endpoint Agent Re-Emergence
- All posts tagged endpoint
Read Complimentary Relevant Research
Security Monitoring and Operations Primer for 2017
Security monitoring and operations excellence is a key component of any effective security program. Gartner's 2017 research will guide...
View Relevant Webinars
Equip Your IAM Risk-Based Planning With a Comprehensive Risk Model
Assessment of more than 50 large IAM deployments have shown suboptimal IAM solutions with arbitrary priorities, missing time and budget...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.