Magic Quadrant for Endpoint Protection Platforms

The endpoint protection market is transforming as new approaches challenge the status quo. We evaluated solutions with an emphasis on hardening, detection of advanced and fileless attacks, and response capabilities, favoring cloud-delivered solutions that provide a fusion of products and services.

Market Definition/Description

This document was revised on 23 August 2019. The document you are viewing is the corrected version.
An endpoint protection platform (EPP) is a solution deployed on endpoint devices to harden endpoints, to prevent malware and malicious attacks, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents when they evade protection controls. Traditional EPP solutions have been delivered via a client agent managed by an on-premises management server. More modern solutions utilize a cloud-native architecture that shifts the management, and some of the analysis and detection workload, to the cloud.
Security and risk management leaders responsible for endpoint protection are placing a premium on detection capabilities for advanced fileless threats and investigation and remediation capabilities. Data protection solutions such as data loss prevention (DLP) and encryption are also frequently part of EPP solutions, but are considered by buyers in a different buying cycle.
Protection for Linux and Mac is increasingly common, while protection for mobile devices and Chromebooks is increasing but is not typically considered a must-have capability.
While protection for virtual, Windows and Linux servers is common, the evolutionary shift from hardware servers to virtual machines (VMs), containers and private/public cloud infrastructure means that server workloads now have different security requirements compared to end-user-focused, interactive endpoints.As a result, specialized tools to address the modern hybrid data center that utilizes both the cloud and on-premises deployments are diverging into a new market Gartner calls cloud workload protection platforms .Gartner recommends that organizations separate the purchasing decisions for server workloads from any product or strategy decisions involving endpoint protection due to the largely divergent nature of their features and management.
This is a transformative period for the EPP market, and as the market has changed, so has the analysis profile used for this research. In the 2019 Magic Quadrant for Endpoint Protection Platforms, capabilities traditionally found in the endpoint detection and response (EDR) market are now considered core components of an EPP that can address and respond to modern threat

Vendor Strengths and Cautions


Bitdefender is a private software company that offers an EPP and EDR in one platform, GravityZone Ultra, and one agent across endpoints, and physical, virtual or cloud servers, delivered via a cloud or on-premises management.
Bitdefender has been consistently growing its enterprise segment presence and licenses its core engine to an extensive range of security products. It launched a managed detection and response (MDR) service providing proactive alerting, assistance with alert investigation and periodic health checks. It also added a confidence score.
Bitdefender is a good choice for organizations that value malware detection accuracy and agent performance, as well as full support for data center and cloud workloads from a single solution.


  • Bitdefender has a large R&D team that focuses on threat research and that is a consistent top performer in malware protection tests.
  • Bitdefender offers a single modular agent for physical, virtual and cloud platforms, and a single SaaS console for all endpoint/server security administration.
  • Low-overhead EDR supported by several detection layers and automated response actions enable enterprises and midmarket organizations to benefit from EDR.
  • Gartner clients praise Bitdefender for its ease of use, deployment and customer support.
  • Bitdefender provides a series of features that can decrease the attack surface of the endpoint, including application whitelisting. GravityZone provides integrated vulnerability and configuration monitoring and can provide patch management with an add-on license. It also provides full-disk encryption, web content filtering and device control.


  • The Bitdefender EDR capability lacks numerous common features for advanced security operations center (SOC) users such as analyst workflow, automatic indicator of compromise (IOC) or threat feed integration, custom query and blocking rules, contextual information, and guided investigation.
  • Bitdefender Patch Management module, firewall module and sandbox analysis feature are not available for the Linux platform yet, nor do they interoperate with other client management tools for remediation purposes.
  • Anomaly detection and Bitdefender’s MDR offering are new and unproven in the market.
  • EDR capabilities are only available in the cloud platform. The app whitelisting capability is only available with the on-premises platform.
  • While Bitdefender has taken steps to grow its enterprise presence and sales operations, mind share among Gartner clients remains low.

To read full download the whitepaper:
Magic Quadrant for Endpoint Protection Platforms