Cyber-attacks are continually evolving and so too is the approach organizations are taking to defend themselves, and nowhere is this more evident than in Endpoint Protection, Detection & Response (EPDR) technologies which show the shift from prevention or protection alone to a much more realistic and proactive approach that assumes breach and adds detection and response.

Most organizations now understand that 100% security is almost impossible to achieve, and although prevention is preferable with some types of malware attacks such as ransomware and wipers, in many cases determined attackers will succeed in getting their malware past perimeter defenses. It is therefore important to be able to detect the presence of malware and be able to respond quickly to contain it and limit its impact on business operations.

In the face of an increasing range of sophisticated and difficult to block malware, including ransomware, wipers, polymorphic viruses, worms, rootkits, botnets, file-less malware, and crypto-jackers, all end-user devices should have Endpoint Protection (EPP) installed, in addition to protections for servers and virtual desktops to cover all endpoint devices.

Endpoint Detection & Response (EDR) solutions add detection capabilities by looking for evidence of malware that may have slipped past EPP solutions and for signs of malicious insider activities.  EDR also adds response capabilities by providing alerts and reports, creating attribution theories with confidence levels, updating detection rules, shutting down offending processes, deleting or moving files, automatically quarantining of assets suspected of having been compromised, and even supporting rollback of compromised endpoints to known good states.

The most comprehensive EDR solutions offer customizable automation for investigations and remediation, perform continuous monitoring, support anomaly detection and categorization, proactively hunt for threats across an enterprise, and create cases before alerting human analysts. When analysts take the case, they find up-to-date event lists, correlation across all affected nodes, timeline views, and pertinent cyber threat intelligence (CTI).

Due to the complementary nature of EPP and EDR, many vendors are converging the two into tightly integrated Endpoint Protection, Detection and Response (EPDR) solutions that can help organizations to discover attacks automatically and enable security teams to understand what is happening from start to finish by consolidating all relevant security information relating to endpoint devices into a single view.

While the security of all endpoint devices is important, so too is the security of the network and cloud computing environments, but that is covered by the complementary set of security solutions, including Network Detection & Response (NDR), Cloud Workload Protection Platforms (CWPP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and Unified Endpoint Management (UEM).

Just as we have seen consolidation of EPP and EDR into EPDR, further consolidation in the security market is likely, with some vendors talking about eXtended Detection & Response (XDR), but this category of security tools is still nascent and far from being mature.

Securing endpoints has never been more important than it is now because IT endpoints are no longer just workstations and servers confined to corporate headquarters, branch offices, customer sites, and data centers. They can now be just about anything located anywhere, from employees’ homes to airports, hotels and in the cloud, and they may be devices owned by employees as a result of the bring your own device (BYOD) trend.

However, every endpoint represents a potential entry point for cyber attackers, and needs to be managed because in many ways endpoint devices have effectively become the new corporate network perimeter, and consequently they are increasingly coming under attack.

The proliferation of endpoint devices beyond desktops, laptops, tablets, and servers to include things like cloud devices, IoT devices, phones, and Point of Sale systems, is making it increasingly difficult to manage all the endpoints that are connecting to corporate networks.

Endpoint Protection Detection & Response (EPDR) agents are a must for every computing device that can run them. The evolution of EPDR into XDR has begun, and some vendors are well on their way, but many vendors have a long way to go on their roadmap for this to come to fruition.

— John Tolbert, Lead Analyst at KuppingerCole

Because we understand the importance of securing all endpoint devices, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats.


For a detailed analysis of essential EPDR capabilities, an overview of the EPDR market, and an analysis of the trends influencing this market segment, have a look at the newly published Leadership Compass on Endpoint Protection Detection & Response, which will help you to find the solution that best meets your needs.

To further expand your understanding of the security threats facing enterprises and solutions that can help in improving endpoint security, have a look at the Leadership Compasses on Endpoint Security: Anti-Malware and Unified Endpoint Management.

For another perspective on the EPDR, have a look at the Market Compass report on Endpoint Protection Detection & Response and for questions to ask vendors, vendor selection criteria, and other help in choosing the right solutions for your organization, have a look the Buyer’s Compasses on Endpoint Protection and Endpoint Detection & Response.

Leadership Briefs

To find out how endpoint protection can help improve an organization’s ability to respond to cyber incidents, have a look at this Leadership brief on Incident Response Management.

For a perspective on using endpoint protection in conjunction with network protection for a layered approach to security, have a look at this Leadership Brief entitled: Do I need Network Threat Detection & Response (NTDR)?, which can be read in conjunction with this Leadership Brief entitled: Do I Need Endpoint Detection & Response (EDR)?

For further clarity on the different types of endpoint security solutions, have a look at this Leadership Brief on The Differences Between Endpoint Protection (EPP) and Endpoint Detection & Response (EDR).


If you would prefer to listen to what our analyst have to say about endpoint protection, look at this presentation from the recent European Identity and Cloud (EIC) conference entitled: Unified Endpoint Management: Practical Considerations. For further perspectives on endpoint protection from our analysts, listen to these Analyst Chats on The Project Road Towards Zero Trust - What to Do and Where to Start and What (and why) is XDR?

Additionally, have a look at this panel discussion from KuppingerCole’s last Cybersecurity Leadership Summit on Redefining Endpoint Security - The Role of AI & Machine Learning and this vendor presentation on Managing Every Endpoint.


For short, incisive discussions on topics related to endpoint protection, have a look at these blog posts on The Evolution of Endpoint Security: Beyond Anti-Malware and What is XDR?


The topic of endpoint protection has been addressed in a range of webinars. Have a look at the list below and select those that are most relevant to your organization:

Tech Investment 

Organizations investing in technologies to provide endpoint security, can have a look at some of the related technology solutions that we have evaluated: