We just completed our Forecast for the EDR market (see Forecast Snapshot: Endpoint Detection and Response, Worldwide, 2017) and are forecasting a 45.3% CAGR from 2015 through 2020, dwarfing the overall information security market growth rate of 7% CAGR in that same time period.
The main growth driver: protection has failed too many times and enterprises need addition visibility and detection to augment their EPP methods.
As our forecast notes, four EDR vendors Carbon Black, CrowdStrike, FireEye and Tanium, earned over half of the 2016 EDR market revenue, and the number of endpoints protected by them has more than doubled year over year for the past two years. (See Competitive Landscape: Endpoint Detection and Response Tools). There is plenty of room for continued EDR market growth. There are about 40 million EDR endpoints installed today, compared to the estimated installed base of 711 million desk-based, notebook and ultramobile premium devices. See “Forecast: PCs, Ultramobiles and Mobile Phones, Worldwide, 2014-2020, 4Q16 Update”).
EDR market bifurcates and advances
However, EDR functionality will have to become more mainstream, proactive, and simple to use and operate before product adoption reaches its full potential.
Our report projects a bifurcation of the EDR market reflecting the different buyer profiles in the market:
- Full functioned EDR market that will serve high end buyers with SOC teams that know how to use the data – this is the market that will grow to $1.5 billion
- “EDR light” which will be integrated into EPP suites. This will include those EDR functions needed to complement and inform endpoint protection.
Four Buyer Profiles
We break buyers who will drive endpoint security market growth down into four categories;
- Mature SOC buyers with separate EDR budgets
- Mainstream EPP buyers who buy “EDR light” as an added EPP feature
- Organizations who outsource detection, threat hunting and remediation
- SOC and security managers who mainly want proactive packaged analytics for business use cases, such as detecting insider threats and compromised accounts, which leverage in part rich EDR data.
EDR vendors will be hard-pressed to stay competitive in this environment. Our note explores in depth Vendor and Buyer Dynamics and what we should expect in terms of endpoint security platforms in the future.
Anyways you look at it, endpoint data recorded by EDR platforms provides rich fodder for security management. Which way organizations will want to use that data going forward will determine vendor success in the burgeoning EDR market.