Gartner Blog Network

The EDR Comparison Paper is Out!

by Augusto Barros  |  July 5, 2016  |  1 Comment

This is old news, but the paper was published right before the maelstrom of the Gartner Security Summit. The paper compares the EDR solutions from 10 vendors (those more visible to Gartner based on number of inquiry calls specifically about EDR):

  • Carbon Black Enterprise Response
  • Cisco Advanced Malware Protection for Endpoints
  • Confer
  • CounterTack
  • CrowdStrike Falcon
  • Cybereason
  • FireEye Endpoint Security (HX Series)
  • Guidance Software’s EnCase Endpoint Security
  • RSA, The Security Division of EMC, Enterprise Compromise Assessment Tool (ECAT)
  • Tanium


The paper includes two major comparisons, a view of  EDR tools capabilities based on our previous paper on the subject, and another one about how well each of those tools support the 5 EDR use cases (also identified in the previous paper):


  • Incident data search and investigation
  • Suspicious activity detection
  • Alert triage or suspicious activity validation
  • Threat hunting or data exploration
  • Stopping malicious activity

The details of the criteria used for that comparison, as well as the results can be found in the paper (Gartner GTP subscription required). However, I can highlight a few of the key findings from our research:

  • Endpoint detection and response (EDR) vendors are often competing for the same budget used for endpoint protection platforms (EPPs) and other endpoint security tools, as well as for advanced threat and IR budgets, if available.
  • EDR is not a replacement for other endpoint security tools; it is often a detection and visibility complement to other tools providing endpoint security capabilities.
  • At end-user devices, Mac OS support is becoming more common, but some EDR solutions still don’t support it. Support for mobile devices is even more complicated and almost nonexistent.

You can also see Anton’s posts about our recent EDR research.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: endpoint-detection-and-response  

Tags: edr  new-research  

Augusto Barros
Research VP
3 years at Gartner
21 years IT Industry

Augusto Barros is Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. Read Full Bio

Thoughts on The EDR Comparison Paper is Out!

  1. […] of producing a comparison of UEBA (User and Entity Behavior Analytics) solutions. We produced a paper comparing EDR solutions a few months ago, but so far the discussion on how to compare UEBA solutions has been far more […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.