Endpoint security comes in many different shapes and sizes:

  • “Endpoint Protection Platforms (EPP)”
  • “Antivirus (AV)”
  • “Endpoint Detection and Response (EDR)”
  • “Next-Generation Endpoint Solutions”

The list goes on.

Faced with so many different options, it can be tricky to know which type of endpoint security tool is right for your organization. What does EPP do that EDR doesn’t, and vice-versa? The answers are not so obvious for organizations that are just beginning to look at endpoint security. Furthermore, security teams are wary of deploying multiple endpoint protection tools. It just means more “stuff” on the endpoint, and another management console to look after.

This situation has sparked a move by many endpoint security vendors to add new capabilities to their tools in order to bring a more comprehensive endpoint security platform to the market. Traditional EPP vendors are adding post-execution detection and response capabilities usually associated with EDR products. EDR vendors are adding more preventative features usually associated with EPP products.

This consolidation of features in the endpoint security space is addressed in a recent Gartner report entitled, “The Evolving Effectiveness of Endpoint Protection Platforms.” In this assessment, Mario de Boer of Gartner defines the different technologies out in the marketplace today, and compares different solutions from a wide range of endpoint security vendors. The centerpiece of his assessment looks at how each of these vendors provide capabilities in three main categories: attack surface reduction, pre-execution endpoint protection techniques, and post-execution endpoint protection techniques.

Gartner clients or subscribers can access the paper here (“Gartner for Technical Professionals” access is required). It’s a great read and a great resource, especially for security teams that are just beginning their research into the right endpoint security solution for their organization. I’m also happy to report that Cisco’s next-generation endpoint security solution, AMP for Endpoints, is well-represented in this assessment. To learn more about Cisco AMP for Endpoints, and how it can provide attack prevention, detection, and response, visit www.cisco.com/go/ampendpoint.


John Dominguez

Product Marketing

Cisco Security Business Group