Here's Who Made Gartner's 2016 Magic Quadrant For Endpoint Protection Platforms

The EPP Market

Research firm Gartner defines the Endpoint Protection Platform (EPP) market as one with offerings that "provide a collection of security capabilities to protect PCs, smartphones and tablets," which it said could include anti-malware, personal firewall, port and device control, and more. The market is a sizable one, Gartner said, with the vendors on this year's Magic Quadrant doing $3.2 billion in revenue in 2014 with their EPP offerings, up 2 percent over the previous year. However Gartner cautioned that while the list of EPP vendors is extensive, many are failing to block malicious threats, with 44 percent of customers using one of the solutions being compromised. However, the market has seen some new startups hitting the scene and legacy vendors adapting their technologies, Gartner said. The vendors on this list were ranked on their "completeness of vision" and "ability to execute." Take a look at how all of the vendors in the space stack up in a breakdown of the 2016 Magic Quadrant for Endpoint Protection Platforms.

Trend Micro: Leader

Trend Micro, based in Tokyo, is one of the largest enterprise protection platform vendors on the Gartner list. The company was named a leader for EPP, Gartner said, because of its appeal to a wide variety of buyers, calling its Smart Protection Suite "one of the most complete, integrated packaging of protection technologies in this market." Gartner also praised Trend Micro's investment in application control, vulnerability detection and shielding, malware sandboxing, and endpoint detection and response. The company also has made investments in next-generation IPS and network security with its October acquisition of HP TippingPoint.

Trend Micro: Strengths And Weaknesses

Strengths: In particular, Gartner praised the range of malware protection options from OfficeScan, the company's endpoint detection and response solution (which many others do not offer), its malware detection sandbox and its "very complete" Endpoint Application Control solution. Gartner also said the company's relationship with VMware has proven beneficial for anti-malware scanning, intrusion prevention and file integrity monitoring capabilities.

Weaknesses: Most of Gartner's cautions about Trend Micro concerned a list of integration it wished the vendor offered, including bringing anti-malware scanning capabilities to OfficeScan, policy-level integration and more variety of OS offerings for application control, encryption, DLP and device control. Gartner said Trend Micro could benefit from more granular product management of its Control Manager and a central database for its Endpoint Sensor alerts.

Intel Security: Leader

The second-largest EPP vendor on Gartner's list is Intel Security, which was named a "leader" on this year's Magic Quadrant list. Gartner praised the Santa Clara, Calif.-based vendor's extensive portfolio of security solutions, as well as its integration with its ePolicy Orchestrator (ePO) solution. The company has been shedding multiple product lines in recent months to accommodate its new strategy, but EPP is one area that has remained relatively untouched. Gartner said Intel Security (formerly McAfee) is a "good choice" for most organizations, but has particular appeal to large enterprises.

Intel Security

Strengths: Gartner praised Intel Security's wide range of solutions, as well as EPP integration with the company's ePO administrative platform, Global Threat Intelligence and Threat Intelligence Exchange. Benefits also included Intel Security's Advanced Threat Defense sandboxing solution as well as its Management for Optimized Virtual Environments anti-malware scanning.

Weaknesses: Intel Security is plagued by customer complaints based on its legacy multiple agent architecture, Gartner said. Gartner said the company shows slow evolution around its integration framework, upgrades required for detection and administration improvements as well as the requirement of Intel-based chipsets for some advanced capabilities.

Kaspersky Lab: Leader

Kaspersky, based in Moscow, is on the rise when it comes to endpoint protection platforms, Gartner said, based on its broad appeal and strong solutions in malware detection effectiveness, virtual server support, enterprise mobility management, integration application control and vulnerability analysis.

"Kaspersky Lab's global market share continues to grow rapidly, along with its brand recognition," the report said. "Gartner's Kaspersky-related inquiries show an increase over previous years."

Kaspersky Lab

Strengths: Gartner praised Kaspersky for its malware research team and wide variety of integration client management tools. It also had particular praise for Kaspersky's Automatic Exploit Prevention, Zero-Day Exploit and Targeted Attack Shield and Security for Virtualization technologies.

Weaknesses: Some fallings for Kaspersky included the company's lack of endpoint detection and response or malware sandboxing, as well as the long replacement cycle that will likely come with its upcoming Endpoint Security For Business 10 SP2 edition. Gartner said the company's client management tool is more ideal for SMBs and operations validation, rather than for the enterprise.

Symantec: Leader

2015 was a big year for Symantec, which pushed forward with its split from storage division Veritas (a split that was completed Jan. 29). The Mountain View, Calif.-based company remains a "good tactical choice for solid anti-malware endpoint protection," Gartner said, despite some hiccups around its ability to execute as it undergoes its transformational strategy. Gartner said the company also took a hit for some limited capabilities in some of its technologies, including application control and malware sandboxing. Despite that, Gartner said Symantec continues to be viewed as a top threat by its competitors in the space.


Strengths: Some of the strengths for Symantec in EPP include its layered defense capabilities, Security Technology and Response technology, and Cynic sandboxing platform. Gartner also highlighted the company's one-click application control, new Advanced Threat Protection technology and Synapse offering.

Weaknesses: Symantec's transformation has taken a hit on the company's technology direction, Gartner said, as "real product improvements will only result from a durable corporate strategy." Gartner said Symantec also has fallings on integration, an incomplete OS X offering and confusing removable media encryption.

Sophos: Leader

Gartner highlighted Sophos' release of Sophos Heartbeat as one of the company's 2015 highlights. The technology brings together network and endpoint security into a single solution for prevention, detection and response. Gartner said the Abingdon, U.K.-based company is a "good fit" for customers looking for a unified or simplified security solution, particularly those in the midmarket, which the company expanded into this year.


Strengths: Gartner praised Sophos' new Heartbeat offering, saying the union of network and endpoint security is a win for the company. Gartner also highlighted the company's user threat quotient and application risk index, easy-to-use management interface, prepackaged reporting capabilities, scanning optimization and mobile security offerings.

Weaknesses: Gartner cautioned that Sophos is rarely reported as a "shortlist vendor" by Gartner clients, pointing to a heavy focus on the midmarket from both technology and marketing as a possible reason why. Gartner also said performance tests for the company's technology "remain in the middle of the pack" and the company's network-to-endpoint security platform is still a "work in progress."

ESET: Visionary

While its U.S. presence isn't as strong (though it is on the rise), ESET, Bratislava, Slovakia, has a "substantial" install base in EMEA, Gartner said. The company landed in the "visionary" category this year, a move that was the result of its push in malware effectiveness and overall company focus and strategy, Gartner said. The company still has a ways to go around market-leading features, Gartner said, but can be a "good shortlist option for organizations seeking an effective, lightweight anti-malware solution."


Strength: Gartner praised ESET's broad endpoint security capabilities as well as its anti-malware engine, which is said is "consistently a strong performer in test results." Gartner also highlighted its cloud-augmented malware protection system and its network-traffic-based signatures and botnet protection analysis.

Weaknesses: On the flip side, Gartner said ESET does not yet have a cloud-based management console and was "late to market with industry-leading functions," such as virtualization and enterprise mobility management. It also said the company's SysInspector does not provide vulnerability or configuration information.

Panda Security: Visionary

Panda Security, based in Spain, is a "good shortlist entry" in some European geographies, Gartner said, and is "rapidly advancing the state of the art in cloud-based EPP." In particular, Gartner highlighted the addition of features around a full process inventory attestation service, EPP, email, web gateways and PC management. Gartner said those features, combined with its cloud-based management console, make Panda Security popular with SMBs in the geographies it is strong in.

Panda Security

Strengths: Gartner praised many aspects of Panda Security's technology, including its Adaptive Defense product, its automated classification process for executables, its managed whitelisting, and traditional malware detection capabilities. Gartner also said the cloud-based management platform interface is strong, the company has good third-party API support and a competitive pricing structure.

Weaknesses: On the downside, Gartner said the vendor has been slow to expand beyond EMEA. While 60 percent of the company's revenue comes from the enterprise, Gartner said the company's solutions are primarily designed for SMBs. From a technology perspective, Gartner said the company's scan process is run with low priority and the vendor is more focused on the endpoint than the server.

F-Secure: Visionary

While F-Secure was "hampered by low growth and limited market presence" as well as its slow development of advanced capabilities, Gartner said the Finland-based company did nab a spot as a "visionary" on its Magic Quadrant this year. The reason for the placement is the company's "excellent track record for malware testing results" and strong showing in the SMB market, the research firm said.


Strengths: On the positive side, Gartner praised F-Secure's "consistently good malware test results and performance tests." The research firm also highlighted the company's Software Updater, its Security for Virtual and Cloud Environments solution, and its advanced threat protection solution. Gartner also praised the company's new interface for its cloud-based management portal.

Weaknesses: Gartner said F-Secure still has a ways to go with improvements to its management interface, as well as further investments to make to its advanced protection techniques. Gartner said it has seen "very little awareness or brand recognition" for the company outside Europe.

Cylance: Visionary

One of the youngest companies on the Gartner Magic Quadrant list, Cylance has been blasting into the market with its next-generation endpoint solution, landing $42 million in Series C funding in July and naming a massive partnership with Dell in November. Gartner said Cylance is the "fastest-growing EPP startup in the last 10 years." The Irvine, Calif.-based company has done away with signatures for its technology, relying instead on a machine-learning algorithm. Gartner said that type of approach has a strong appeal with companies that are resource-constrained or have disconnected systems.


Strengths: Gartner praised the company's algorithm technology, saying it was "very accurate at detecting new variants and repackaged versions of existing malware" and is lightweight because of the lack of signatures. Gartner also highlighted that the company's technology is easy to deploy and provides information on what to do with detected problems.

Weaknesses: On the downside, Gartner said the company is rapidly growing, and is "likely to suffer from at least some growing pains" in the years to come. It said Cylance can have some false positives and provides only anti-malware capabilities that might be evaded as the technology grows more popular.

Webroot: Visionary

Gartner named Webroot a "visionary" in its Magic Quadrant for endpoint protection platforms. The research firm said Webroot's SecureAnywhere Business Endpoint Protection distinguishes itself with its behavior-based approach that "provides a high degree of confidence and detection accuracy." Webroot, Broomfield, Colo., has also been expanding into the Internet of Things market, launching in 2015 a security toolkit for partners and creating a position for vice president of IoT strategic partnerships.


Strengths: Gartner said Webroot's behavioral analytics technology is a big win for the security vendor, as it is one of the only ones to focus primarily on that area. Gartner also praised the company's rapid remediation tools, remote management tools, cloud-based management consoles and enterprise mobility management capabilities, factors that resulted in it receiving "the highest satisfaction scores from reference customers."

Weaknesses: Gartner didn't have an extensive list of cautions for Webroot, although it did say that the company's solution is primarily an anti-malware utility (without many other features), only provides basic investigation capabilities and does not protect specialized servers.

Bitdefender: Visionary

Bitdefender has been making upgrades to its enterprise business, Gartner said, and is a "consistently solid performer in anti-malware test results." The company launched into the "visionary" category this year because of its "increased evaluation weight on malware effectiveness and company focus."

"Bitdefender still generates the majority of its revenue from consumer sales, but the gap between consumer sales and enterprise sales narrowed in 2015," the report said.

The Romanian company's solution is a solid choice for SMBs that are looking for accuracy and performance, Gartner said.


Strengths: Positives of the Bitdefender technology include "very good malware detection capabilities," management interface enhancements, OEM solutions and cloud support. Gartner also said the company received "high marks" for its support and service.

Weaknesses: Gartner cautioned that Bitdefender lacks a full-feature parity between operating systems and has a pricing structure that is "at the upper end of the average." Bitdefender has also been expanding into the U.S. and EMEA but "significant work remains" for the vendor in those regions, Gartner said.

SentinelOne: Visionary

Another startup to make the "visionary" ranking on this year's Magic Quadrant, SentinelOne has made a name for itself in the EPP space with its behavioral-based detection technology. Based in Mountain View, Calif., the company raised $25 million in Series B funding this fall that it says it will put toward continuing to displace anti-virus vendors. The company is a "rapidly growing startup developed to reinvent endpoint protection," Gartner said, and is a good fit for companies looking for a "fresh approach" and an integrated solution.


Strengths: Gartner praised SentinelOne's strong management console, automated migration capabilities, and complete endpoint visibility on multiple operating systems. Gartner said the company's behavioral analysis technology "performs well in AV tests without relying on traditional signatures, IOCs or whitelisting."

Weaknesses: Gartner cautioned that SentinelOne is missing capabilities such as extended EPP functionality and support for Linux, virtual servers and Exchange. A younger company than most on the list, Gartner said SentinelOne is also a "rapidly growing startup and is likely to suffer from at least some growing pains."

Microsoft: Niche

Microsoft sits on the edge between "niche" and "challenger" on the 2016 Gartner Magic Quadrant, falling into the "niche" category this year from "challenger" in 2015. Gartner said it named the Redmond, Wash.-based company as a "niche" because it is a "reasonable solution" for companies that have invested in the Windows ecosystem and have already deployed Microsoft System Center Configuration Manager as well as other security controls. Gartner said it is often an "attractive shortlist candidate."


Strengths: With a wide range of endpoints due to the Windows ecosystem, Gartner said Microsoft sees a big boost for its malware lab. Overall, Gartner said the solution is lightweight and easy to deploy for companies who have already deployed the System Center ConfigMgr. It is also free for companies who have the Enterprise Client Access License. With the launch of Windows 10, Gartner said Microsoft also added many new capabilities.

Weaknesses: On the flip side, Gartner said Microsoft relies heavily on signatures, making test results "very low." It said Microsoft also lacks other security capabilities and for the most part delivers security improvements with its core operating system.

Qihoo 360: Niche

Based in China, Qihoo 360 is not as well known in the U.S. market. The company does have a strong presence in China, though, Gartner said, with more than 500 million users. Gartner said Qihoo 360 is a "good shortlist candidate" for companies in the region, but that the company is looking to expand globally.

Qihoo 360

Strengths: Gartner praised the company's large install base. The company's technology has benefits around network bandwidth saving, enterprise mobility management solutions, managed public cloud, and a free offering for SMBs.

Weaknesses: On the downside, Gartner said Qihoo 360 is very focused on China, with very little presence outside the region. Gartner said the company also is predominantly consumer-focused and the technology falters in the areas of advanced detection techniques, an immature enterprise product and a lack of integration.

IBM: Niche

Gartner said IBM's EPP solutions are a good fit for companies that are already looking to invest in the company's IBM BigFix client management tool.

"The complete set of solutions from IBM, both native and repackaged, represent a significant capability set that will be welcomed by large, complex organizations," the report said.

Gartner named Armonk, N.Y.-based IBM a "niche" player on its 2016 Magic Quadrant for endpoint protection platforms, instead of the "visionary" it was named last year. The reason for the drop, according to Gartner, is that IBM is "not showing leadership on pushing the state of the art in this market."


Strengths: Gartner said IBM has a "significant capability set" with its broad ecosystem of solutions, including BigFix and Trusteer Apex integrations. Gartner also praised the company's fingerprinting, serialization of anti-virus scans, caching of files, and ability to show performance metrics over time.

Weaknesses: Gartner said IBM struggles in competitive bids where it doesn't already have its technology installed. It said it also lacks capabilities around investigation, malware sandboxing, endpoint detection and response, and antivirus protection for specialized servers. It is also reliant on Trend Micro for its signature database, Gartner said.

Check Point Software Technologies: Niche

One of the bigger vendors in the security space, Check Point Software Technologies is relatively new to the EPP market. Gartner named it once again as a "niche" player in 2016, the same designation it gained in 2015. Check Point, Tel Aviv, Israel, first dove into the EPP market in 2004 with its acquisition of ZoneAlarm, although it has largely failed to expand its market share since. Gartner said the company suffers from "poor marketing and channel execution" around the technology, although it would still be appealing to companies looking for an EPP solution with network-based detection.

Check Point Software Technologies

Strengths: Gartner praised Check Point's endpoint URL filtering capability, data capture on Antivirus Software Blades, and endpoint management console.

Weaknesses: Check Point didn't provide much information to Gartner, making a full evaluation of its progress difficult, Gartner said. From what it could tell, Gartner cautioned that the vendor relies on Kaspersky's engine and signatures and has seen a lack of development around its application control capabilities and for virtualized environments.

LANdesk: Niche

LANdesk, based in Salt Lake City, landed a "niche" ranking on this year's Magic Quadrant. Last year it was a "visionary" on the list. Gartner said the company offers a wide range of security solutions under its LANdesk Security Suite, which customers can also use to manage other vendor solutions. Gartner said the company's ranking fell this year over last because of the "lack of focus on the needs of the security role and continued low market and mind share." That being said, Gartner said the company's solutions appeal to businesses with a "blend of technology solutions from different vendors."


Strengths: LANdesk's strengths include a management solution that can manage other vendor solutions, as well as a strong partner program, application control capabilities, virtualization capabilities and automated provisioning and state management, according to Gartner.

Weaknesses: Gartner said LANdesk faltered this year on its ranking as the company's technology showed a "lack of focus" and "continued low market and mind share." Gartner said the company's solution lacked capabilities on some managed platforms, malware sandboxing, and lacked an anti-malware optimization protection for virtual environments. Pricing is also more expensive than others, Gartner said.

Heat Software: Niche

Heat Software was another EPP vendor that dropped into the "niche" category on this year's Magic Quadrant, a change Gartner said was due to a shift in buying focus to malware detection capabilities. It was formed by the merger of FrontRange and Lumension, the latter of which was named a "challenger" in last year's Magic Quadrant. Gartner said the company's EPP solution appeals to mostly current Heat Software customers.

Heat Software

Strengths: Gartner said some highlights of Heat Software's EPP offering includes its strong framework for hardening and isolating endpoints from malware, management of third-party vendors and risk scoring of new applications. Gartner said the company has also benefited from switching from Norman to Bitdefender for its anti-malware engine.

Weaknesses: On the downside, Gartner said Heat Software struggles with a lack of brand awareness. Technically, it lacks an anti-malware engine of its own and does not offer application control, device control, or antivirus on multiple operating systems. Other weaker areas include support for forensic investigation, security state assessment, a lack of a personal firewall and no anti-virus for specialized servers.