Blog Observatory

Endpoint Security: Platform Vendors Aiming for Disruption

Written by ETR Research | Mar 5, 2025 5:00:00 AM
This report summary focuses on Endpoint Cybersecurity software with data on the following vendors:
 
Bitdefender | Carbon Black (Broadcom) | Check Point Software | Cisco | CrowdStrike | Fortinet | MalwareBytes | Microsoft Defender | Palo Alto Networks | SentinelOne | Sophos | Symantec | Tanium | Trellix | Trend Micro
 

Endpoint security is essential in modern cybersecurity, protecting devices—such as laptops, mobile phones, servers, and Internet of Things (IoT) devices—that are connected to any network. The growth of remote work, trends towards cloud computing, and IoT use have underscored the need for effective endpoint security solutions. This field defends against threats like malware, ransomware, and zero-day vulnerabilities, focusing on devices rather than traditional network defenses. Modern endpoint tools, like Endpoint Protection Platforms (EPP), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR), combine to provide comprehensive protection for modern enterprises, with EPP leveraging antivirus with machine learning and behavioral analytics to detect threats, EDR scanning for real-time threats and neutralizing risks, and XDR integrating data across networks for comprehensive response.

This field has evolved from basic antivirus to sophisticated, AI-powered platforms that detect fileless malware and advanced threats without relying solely on known signatures. Leading platform-based solutions integrate EPP, EDR, and XDR with threat intelligence, layering defenses across an organization's digital landscape. As enterprises face growing cyber risks amid budget pressures, Endpoint security remains critical for preventing data breaches, ensuring compliance, and minimizing the financial impact of attacks.
 
 

Key Players Are Large, Next-Gen Platforms

The Endpoint Security market has rapidly become a battleground for established security vendors and new entrants alike. In ETR's recent Endpoint Security Observatory report, top contenders such as Microsoft Defender, CrowdStrike, and SentinelOne stand out for their strong momentum and presence in the field.

ETR's Observatory data captures insights from 328 IT decision-makers across large enterprises, Fortune 500 companies, and Global 2000 corporations. The results highlight the ongoing adoption of Endpoint tools and provide a detailed breakdown of vendor momentum, usage trends, and market positioning. Market position is determined solely by IT decision maker data.

The report categorizes vendors across different categories, reflecting their momentum and presence within the Endpoint Security space:

  1. Leaders like Microsoft Defender, CrowdStrike, and SentinelOne show strong adoption and market share, driven by comprehensive security solutions and deep integration capabilities.
  2. Advancing Vendors such as Tanium, Sophos, and MalwareBytes are gaining momentum but still lag in presence compared to market leaders.
  3. Pursuing Vendors, including Bitdefender, Trellix, and Broadcom are experiencing slower growth, with less impact in the market.

Our survey reveals that larger vendors with platform approaches are gaining the most traction in this part of the security software market. Companies like Palo Alto Networks and Zscaler consistently rank at the top in terms of innovation, ease of integration, and customer satisfaction, while Cloudflare and Fortinet are noted for their strong value-for-money offerings.

 

Competitive Strengths Vary Widely

The report also looks ahead, assessing which vendors are best positioned to benefit over the next 12 months. Larger platform providers, such as Palo Alto and Cloudflare, dominate future usage intentions, with companies like Cato Networks and Netskope trailing closely behind as they continue to expand.

One of the standout findings is the strong positioning of private firms like Cato Networks, which was rated highest for value for money among respondents. Similarly, Netskope has demonstrated significant innovation, placing it ahead of several more established competitors in terms of product updates and technical roadmaps.

The competitive landscape is crowded, with numerous vendors vying for leadership in the SASE market. Smaller players like Forcepoint and Akamai face challenges in scaling their offerings, though they continue to receive solid customer satisfaction scores in areas like technical support and implementation.

Some vendors, such as SonicWall and Symantec, appear to struggle with customer loyalty and ease of integration, possibly hindering their ability to compete against larger players with more comprehensive solutions.

 

Shift in CrowdStrike's Market Position

CrowdStrike remains a dominant Endpoint player, though recent challenges have dented its reputation. Previously topping Net Score rankings in last year's Endpoint Observatory, the company saw a decline after operational issues tied to a product update affected customer sentiment. Consequently, CrowdStrike's Net Score dropped by 20 percentage points, signaling rising customer concerns about the update process. Nonetheless, CrowdStrike still ranks fourth in spending intentions, valued for innovation, ROI, and integration. SentinelOne and Microsoft Defender have also gained momentum, with SentinelOne excelling in support and update satisfaction, while Defender benefits from seamless Microsoft integration, and delivering strong economic value.
 
 

Leading Platforms: Microsoft Defender, SentinelOne, Palo Alto Networks, Cisco, and Fortinet

Microsoft Defender capitalizes on its ecosystem integration, achieving high satisfaction in system compatibility and cost-effectiveness. SentinelOne, while innovative, shows slowing adoption, yet it remains competitive due to its product support and value. Palo Alto Networks, transitioning from network to broader security, scores well in support and integration but may face challenges around premium pricing. Cisco maintains a steady mid-range position, boosted by recent acquisitions, while Fortinet excels in value and support, securing a balanced yet less innovative profile.

 

Smaller but Advancing Vendors: Sophos, Tanium, MalwareBytes, and Check Point

Sophos and Tanium show moderate satisfaction, with Tanium noted for reliable support. MalwareBytes is viewed as accessible, though limited in technical support. Check Point maintains a balanced performance, though its integration capabilities face occasional hurdles.
 

Trailing but Active Vendors: Bitdefender, Trellix, Symantec, Carbon Black, and Trend Micro

Bitdefender and Trellix display average performance, with Trellix noted for integration ease. Symantec and Carbon Black struggle with innovation and face potential customer churn, while Trend Micro experiences low scores across key metrics, albeit with positive integration feedback.

 

Competitive Pressures Mounting Despite Macro Concerns

Endpoint security is crucial in today's interconnected world, where geopolitical threats increasingly exploit cyber tools. Businesses are prioritizing security upgrades, moving beyond traditional antivirus to advanced tools like Endpoint Protection Platforms (EPP), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR). Dominant players like CrowdStrike and SentinelOne provide comprehensive solutions, while network security firms like Palo Alto and Fortinet integrate endpoint modules, adding competition. As digital threats grow, endpoint security evolves to prevent costly breaches, ensure regulatory compliance, and avoid disruptions. Despite ongoing budget pressures within enterprises, robust endpoint protection remains vital for effective, resilient cybersecurity defense.
View full post