The ETR Observatory for Endpoint Protection Platforms (EPP) is now available. Backed by ETR data, the vendors covered in this report are positioned in Leading, Advancing, Tracking, or Trailing vectors according to momentum and presence in the market. The plotting of the vendors in the subsector is based exclusively on the data, not opinions or vendor influence.
While no single report could encompass all factors at play with endpoint protection platforms, this Observatory features the most comprehensive and current end-user data and feedback about the product marketplace. In addition to relying upon ETR’s industry-leading evaluation and spending intentions data, this report also leverages a new syndicated data set: the ETR Market Array. This debut ETR Market Array for Endpoint Protection Platforms (EPP) study was designed specifically for the endpoint market, targeting security professionals and capturing spending and usage metrics, as well as product feature rankings, ROI, Net Promoter Scores (NPS), and more for the endpoint players encompassed in this Observatory. This report utilizes some of that market intelligence data; in addition, the full Market Array study on Endpoint Protection Platforms is available separately.
This Observatory for EPP vendors categorizes the vendor group in two ways. First, we break down the data-driven plotting of each vendor into our four Observatory Scope vectors. Second, we sort the vendors by their historical entry into the endpoint protection marketplace, beginning with the first generation of vendors with a pre-existing history in antivirus that are still serving the market today. Next, we identify the interesting subgroup of vendors that were originally utilized for their networking acumen before developing endpoint security functionality, including Cisco, Palo Alto Networks, Fortinet, and Check Point. Then, we focus on the next generation of endpoint players robustly driving the ongoing evolution of the market, including CrowdStrike, SentinelOne, Tanium, and others. Lastly, we touch upon mobile-native players like Lookout and Zimperium
Figure 1. Positioning for the ETR Observatory for EPP was determined purely by ETR’s surveys powered by the ETR Community. The full methodology and graphic explanation are available on our About the Observatory page.
The plotting of vendors across the Observatory Scope is supported wholly by ETR’s exclusive market intelligence and spending intentions data sets (see Figure 1 above). The Leading vector in this period consisted of CrowdStrike, Microsoft Defender, Palo Alto Networks, and Fortinet. CrowdStrike led in Momentum, while Microsoft Defender dominated in Presence. Palo Alto Networks was solidly positioned in the middle of this group in both measures, while Fortinet, who has been called a “Swiss army knife of tech vendors” due to its broad product offerings, captured enough Momentum and Presence to take the fourth and final spot within the Leading vector.
The Advancing and Trailing vectors were less populated. SentinelOne broke into the Advancing category due to elevated Momentum, which was the second highest but failed to reach the Leading category because of lower overall Presence. Tanium joins SentinelOne in the Advancing vector based on the fifth-highest Momentum but still trails many peers in Presence. Occupying the Tracking vector is the well-established Cisco, where the vendor was ranked in the top three in Presence but was shy of the Leading vector due to lower Momentum.
In this ETR Observatory, numerous vendors fell within the Trailing vector. While Tanium, Trellix, Carbon Black, Trend Micro, and Sophos all held positive Market Array Net Scores, their relative position was much lower than peers. Malwarebytes had a Net Score of zero, whereas Check Point exhibited negative spending intention levels.
In Figure 2 above, we exhibit the Market Array Net Score for each vendor within the EPP marketplace. This tracks the forward-looking spending trajectory for each vendor’s endpoint security offerings and differs from ETR’s TSIS, which tracks overall spending projections at the company and sector-wide levels. The data visualized in this figure will be referenced throughout this Observatory report.
CrowdStrike leads with a 61.4% Net Score, driven by the highest level of Increase spend (58% of the vendor’s unique respondents). SentinelOne’s Net Score comes in second and stands out with the highest expected Adoption percentage at 13%. Meanwhile, the ubiquitous Microsoft Defender rounds out the top three with a Net Score slightly below 50%, highlighted by the lowest level of Negative spend (Decrease + Replace). The peloton of vendors resting in the middle has spending scores ranging from 37% to 16% and consists of (in order) Tanium, Palo Alto Networks, Fortinet, Trellix, and Cisco. Palo Alto Networks, Fortinet, and Cisco all stand on solid footing, with 88%, 89%, and 84% (respectively) of their unique respondents citing either stable or increased spending intent on their vendor’s endpoint products. That is a remarkable feat for all three vendors within an EPP-specific study, considering their origins in the networking sector before branching into security.
On the other end of the spectrum, Symantec (Broadcom), Check Point, and Trellix (formerly McAfee and FireEye) captured the highest anticipated Replacement rates among their respective respondents, ranging from 13% to 12% to 11%, respectively. Trellix is a curious case since its 11% Replacement rate is offset by an equal 11% of its respondents showing intent to Adopt the product. Lastly, given the recent acquisition of Carbon Black (VMware) by Broadcom, that vendor’s relatively high Replacement rate of 8% is of interest, as anecdotal commentary from ETR Insights guests highlights concern regarding the private equity owner’s intentions with the long-tenured endpoint player. One CISO for a large consumer enterprise directly stated, “We have Carbon Black, but the acquisition by VMware and now private equity has us really concerned about the long-term health of that product. So, our intention is probably to change it.”
Beyond product-level spending intentions, the full ETR Markey Array data for Endpoint Protection Platforms also tracks key competitive intelligence such as usage expansion, ROI, Stickiness vs. Churn, Vendor Strengths, NPS scores, and much more. The syndicated Market Array data is a new debut product for ETR and is only available to subscribers; reach out to our service team if you would like complimentary access.
The above is only a brief synopsis. To access the debut Market Array data on Endpoint Protection vendors, ITDM feedback, and analysis conclusion, please access the full report. This report focuses on Endpoint Protection Platforms and includes the following vendors: Carbon Black (VMware) | Check Point | Cisco | CrowdStrike | Cybereason | Cylance (Blackberry) | Fortinet | Lookout | Malwarebytes | Microsoft Defender | Palo Alto Networks | SentinelOne | Sophos | Symantec (Broadcom) | Tanium | Trellix | TrendMicro | Zimperium
Enterprise Technology Research (ETR) is a technology market research firm that leverages proprietary data from our targeted IT decision maker (ITDM) community to provide actionable insights about spending intentions and industry trends. Since 2010, we have worked diligently at achieving one goal: eliminating the need for opinions in enterprise research, which are often formed from incomplete, biased, and statistically insignificant data. Our community of ITDMs represents $1+ trillion in annual IT spend and is positioned to provide best-in-class customer/evaluator perspectives. ETR’s proprietary data and insights from this community empower institutional investors, technology companies, and ITDMs to navigate the complex enterprise technology landscape amid an expanding marketplace. Discover what ETR can do for you at www.etr.ai