Here's How The Top Legacy And Next-Generation Endpoint Security Companies Stack Up

Red-Hot Market

Endpoint security is one of the hottest markets in security right now, with around 10 percent of a company's overall IT security budget going to endpoint security in 2016, according to Forrester Research. However, with the opportunity comes confusion as both legacy players and startups alike are jumping in to grab share. In the latest version of its Wave Endpoint Security Suites report, Forrester breaks down how 15 of the biggest endpoint security players stack up, including, for the first time, the rising tide of next-generation endpoint security startups looking to compete head to head with some of the biggest names in the business.

Methodology

Forrester identified what it deemed were the 15 "most significant" endpoint security vendors for this report, significantly choosing both traditional and next-generation endpoint security companies for the first time. It ranked the companies based on 25 criteria, including around their current offering (prevention, detection, remediation, other security capabilities, architecture, customer input); strategy (cost and licensing model, product road map, go-to-market strategy);l and market presence (enterprise presence, license partner program). The vendors were then ranked as leaders, strong performers, contenders and challengers based on their performance in those categories.

Bromium

Bromium was named a "contender" by Forrester, which said it "offers a high level of protection without the use of signatures or application whitelists." Forrester gave the company's current offering a 2.38 out of 5, with high marks for its detection capabilities and architecture. It said Bromium was a "solid choice for organizations with supported hardware that don't require a full-featured endpoint security suite," as the company's offering can have a negative impact on user experience. Bromium also landed a 1.95 out of 5 for strategy and a 2.25 out of 5 for market presence.

SentinelOne

SentinelOne, another company in the next-generation endpoint security space, landed a "strong performer" ranking on the Forrester Wave report. The company performed well on its detection capabilities, given its behavioral detection methods, but Forrester said the company isn't as mature in its prevention capabilities as other companies on this list. Forrester gave SentinelOne a 2.33 out of 5 overall for its current offering, with high marks for detection. The company also landed a 3.75 out of 5 for strategy and a 1.5 out of 5 for market presence.

Invincea

Forrester named Invincea as a "strong performer" on this quarter's Wave report, saying it is the only vendor with signatureless prevention, application containment and behavior-based detection. Those capabilities landed it an overall product score of 2.68 out of5, with high marks for detection and customer feedback. However, with those capabilities, Forrester said Invincea can stumble around user experience, depending on configurations. It said the offering is best suited for enterprises with existing security offerings and high-risk environments. Forrester gave the company a 3.1 out of 5 for strategy and a 1.75 out of 5 for market presence.

Palo Alto Networks

Known for its presence in the network security market, Palo Alto Networks has been investing big in expanding into the endpoint security market with its Traps offering. Forrester named the company a "strong performer" in the space, with an overall score of 2.48/ out of 5, scoring highly for its detection capabilities. Forrester said the company's technology shines with its strong malware prevention and exploit blocking capabilities. However, the report said the offering can only connect to the company's WildFire engine when connected to the internet and lacks a dedicated endpoint visibility and control function.

IBM

Forrester said IBM is a "solid choice for those who already have threat detection in place," giving the vendor an overall current offering score of 3.1 out of 5 and naming it a "strong performer" in endpoint security. Forrester gave the company high marks for its remediation capabilities and said integration between its own technologies (like BigFix and Apex) and licensed technology (from Trend Micro) lead to "strong malware prevention effectiveness scores and a reasonably low detriment to user experience." However, the report said IBM's reliance on a Carbon Black integration for threat detection is a "gaping hole" in its portfolio.

ESET

Forrester named ESET a "strong performer" in this quarter's Wave report, highlighting the company's move from the SMB market to the enterprise space. Forrester said ESET has particularly enhanced its capabilities around endpoint prevention, automated remediation, endpoint encryption, media control and mobile security. It gave the company a 3.04 out of 5 for its overall product, with high scores for its architecture and customer feedback. ESET also landed a 3.7 out of 5 for strategy and a 4.25 out of 5 for market presence.

Cylance

Cylance is one of the higher-profile upstarts in the next-generation endpoint security space. Forrester named the company a "strong performer" in the space, giving it a 2.54 out of 5 overall, with strong marks for its architecture and customer feedback. Forrester said the company offers "strong malware prevention capabilities" and said it has a "high level of satisfaction with customers and a low negative impact on employee endpoint experience." That being said, Forrester said the company's offering doesn't include some of the detection capabilities that other vendors might have, which might require customers to invest in other complementary offerings.

Crowdstrike

Another fast-growing and high-profile next-generation endpoint security startup is Crowdstrike, which landed a spot as a "strong performer" on this quarter's Forrester Wave report. Forrester gave the company's current offering, called Falcon Host, a 2.75 out of 5 overall, with strong scores for detection and customer feedback. While the company's portfolio centers around detection, Forrester said the company's road map includes building out more features, including encryption, device control and user behavior analytics, something it said would "make it more competitive with leading endpoint security suite vendors." Forrester gave Crowdstrike a 4.15 out of 5 for strategy and a 2.25 out of 5 for market presence.

Landesk

Landesk is going through an evolution from a systems management company to an endpoint security company, Forrester said, with capabilities around application control, patch management, mobile security and endpoint detection. Forrester named the company a "strong performer" and gave it a score of 3.59 out of 5 for its current offering, with high marks for its remediation and other security capabilities. Forrester said it expects the company's score will improve as integration between organic and inorganic investments continue. The report gave Landesk a 3.35 out of 5 for strategy and a 3 out of 5 for market presence.

Intel Security

As Intel Security spins out from parent company Intel to become McAfee, Forrester said the company has a strong endpoint security offering, particularly for large enterprises, and named it a "leader" in the space. Forrester highlighted the company's ePolicy Orchestrator management platform, broad capabilities, integration and "solid" effectiveness scores as reasons why the vendor landed an overall product score of 3.29 out of 5. Forrester said Intel Security could improve in the area of user interface complexity and functionality on older machines. Intel Security also scored a 4.05 out of 5 for strategy and a 5 out of 5 for market presence.

Carbon Black

Carbon Black also landed in a "leader" position for the Forrester Wave report, with an overall score of 3.64 out of 5 for its product offering. Forrester highlighted the company's "balance of prevention, detection and remediation functions," which the company expanded even further in July with the acquisition of next-generation antivirus company Confer. Forrester said that acquisition, in particular, "demonstrates its commitment to a more balanced portfolio, with prevention and detection capabilities," as well as predicts the acquisition will help improve the user experience. Forrester gave Carbon Black high marks for its prevention and detection capabilities, as well as awarding it a 3.55 out of 5 for strategy and a 2.75 out of 5 for market presence.

Sophos

Sophos also landed a "leader" position on this quarter's Forrester Wave Endpoint Security Suite report, led by the company's "tightly integrated suite of endpoint capabilities." Forrester highlighted Sophos' advanced threat protection, detection and automatic remediation capabilities, administrative interface and variety of deployment options, though did note it lacked patch management and some application whitelisting options. The report said Sophos' push to provide signatureless security offerings will make it "highly competitive over the long term." Forrester gave Sophos' offering a 3.92 out of 5 score overall, with particular high scores for its prevention and other security capabilities. Forrester also gave Sophos a 5 out of 5 for strategy and a 4.5 out of 5 for market presence.

Symantec

Symantec was also named a "leader" by Forrester in its Wave report, landing high scores for remediation and other security capabilities for an overall 4 out of 5 score for its current endpoint security suite offering. The report highlighted Symantec's broad range of capabilities, which it said covers "almost every possible attack surface … when buyers utilize the full extent of this portfolio." Symantec has also expanded beyond its endpoint security strategy, acquiring Blue Coat Systems this summer to push further into the cloud security and secure web gateway markets.

"The continued development of advanced post-compromise detection techniques, as well as integrations with recently acquired Blue Coat Systems, should lead to improved levels of effectiveness and more competitive offering over the next six to 12 months," the report said. Forrester also gave Symantec a 5 out of 5 for its market presence and a 4.7 out of 5 for its overall strategy.

Kaspersky Lab

Kaspersky Lab landed a "leader" spot on the Forrester Wave report, which credited the company with having "one of the most complete endpoint security solutions on the market." Forrester awarded Kaspersky with a 4.16 out of 5 overall for its current offering, with high marks for its remediation and other security capabilities. It also landed a 3.4 out of 5 for strategy and a 3.75 out of 5 for market presence. Forrester highlighted Kaspersky's organic development as a major strength of the company's portfolio, saying it made for tighter integration between products, though it said the company lacked deep threat investigation capabilities.

Trend Micro

The Forrester report said Trend Micro "offers one of the most technically capable products on the market." The research found the company, which landed a "leader" ranking, scored a 4.3 out of 5 overall in its offering and landed particularly high rankings for its detection capabilities and its architecture. The report said Trend Micro's complete endpoint security suite shone, highlighting its flexibility, variety of deployment options, and balance of protection and detection capabilities. From a strategy perspective, Trend Micro landed perfect scores for its product road map and go-to-market strategy, as well as a perfect score for its enterprise presence.

"Overall, Trend Micro's current portfolio, combined with its short- and long-term road maps, aligns very well with the current and (likely) future needs of enterprise buyers," the report said.