Analytics Key to Enterprise Security Choices, Research Firm Says

Research firm Forrester introduced a new Wave report on Enterprise Detection and Response (EDR) vendors, advising clients that analytics is key to differentiating various offerings in the space.

"As the enterprise detection and response (EDR) space continues to evolve, security analytics will dictate which providers will lead the pack," the firm says in the "Forrester Wave: Enterprise Detection And Response, Q1 2020" report.

"Vendors that can differentiate with superior security analytics position themselves to successfully deliver detection, triage, and response capabilities to their customers."

Differentiating themselves in the initial report by being placed in the Leaders section of the report are CrowdStrike, Microsoft, and Trend Micro. Strong Performers include SentinelOne, Cybereason, Bitdefender, VMware Carbon Black, and Elastic, while Kaspersky, McAfee, Palo Alto Networks, and BlackBerry Cylance are Contenders. The for-pay report is available in free complimentary editions from some vendors studied in the report.

Forrester Wave: EDR
[Click on image for larger view.] Forrester Wave: EDR (source: Forrester).

Vendor profiles of the leaders included the following:

  • CrowdStrike continues to lead on strategy and execution.
  • Microsoft wins on features and native integration.
  • Trend Micro delivers XDR functionality that can be impactful today.

Speaking about those three "Leaders" and all the others, the report's author notes that "any one of these vendors could be the right choice for you" in an introductory post, but the research also offers insights into the evolving space that sees competitors striving to stretch their wares beyond the endpoint.

"Extended detection and response (XDR) is a next-generation capability EDR vendors will bring to maturity over the next two years by integrating endpoint, network, and application telemetry into their solutions," the report says. "While the current state of these capabilities is very nascent, security pros can position themselves for long-term success by recognizing that the underlying security analytics capabilities that enable detection, triage, and response will form the engine for integrating these other technologies into their EDR solutions."

With that in mind, Forrester advised security pros to choose providers that can:

  • Empower SOC analysts with incident-driven security analytics.
  • Provide a prescriptive remediation plan and the ability to orchestrate it.
  • Facilitate advanced use cases for MITRE ATT&CK.

Forrester advised that the report should only be used as a starting point for enterprises evaluating EDR providers.

About the Author

David Ramel is an editor and writer for Converge360.


Subscribe on YouTube