ETR-logo-Observatory_white.png

Endpoint Security

Platform Vendors Aiming for Disruption

Share this summary
linkedin-white-100.pngX-white-100.pngfacebook-white-100.png
This report focuses on Endpoint Cybersecurity software with data on the following vendors:
Bitdefender | Carbon Black (Broadcom) | Check Point Software | Cisco | CrowdStrike | Fortinet | MalwareBytes | Microsoft Defender | Palo Alto Networks | SentinelOne | Sophos | Symantec | Tanium | Trellix | Trend Micro
Endpoint security is essential in modern cybersecurity, protecting devices—such as laptops, mobile phones, servers, and Internet of Things (IoT) devices—that are connected to any network. The growth of remote work, trends towards cloud computing, and IoT use have underscored the need for effective endpoint security solutions. This field defends against threats like malware, ransomware, and zero-day vulnerabilities, focusing on devices rather than traditional network defenses. Modern endpoint tools, like Endpoint Protection Platforms (EPP), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR), combine to provide comprehensive protection for modern enterprises, with EPP leveraging antivirus with machine learning and behavioral analytics to detect threats, EDR scanning for real-time threats and neutralizing risks, and XDR integrating data across networks for comprehensive response.
This field has evolved from basic antivirus to sophisticated, AI-powered platforms that detect fileless malware and advanced threats without relying solely on known signatures. Leading platform-based solutions integrate EPP, EDR, and XDR with threat intelligence, layering defenses across an organization's digital landscape. As enterprises face growing cyber risks amid budget pressures, Endpoint security remains critical for preventing data breaches, ensuring compliance, and minimizing the financial impact of attacks.

Key Players Are Large, Next-Gen Platforms

The Endpoint Security market has rapidly become a battleground for established security vendors and new entrants alike. In ETR's recent Endpoint Security Observatory report, top contenders such as Microsoft Defender, CrowdStrike, and SentinelOne stand out for their strong momentum and presence in the field.
ETR's Observatory data captures insights from 328 IT decision-makers across large enterprises, Fortune 500 companies, and Global 2000 corporations. The results highlight the ongoing adoption of Endpoint tools and provide a detailed breakdown of vendor momentum, usage trends, and market positioning. Market position is determined solely by IT decision maker data.
Positioning for the above was determined purely by ETR’s proprietary surveys powered by the ETR Community. The full methodology and graphic explanation are available on our Methodology page.
The report categorizes vendors across different categories, reflecting their momentum and presence within the Endpoint Security space:
  1. Leaders like Microsoft Defender, CrowdStrike, and SentinelOne show strong adoption and market share, driven by comprehensive security solutions and deep integration capabilities.
  2. Advancing Vendors such as Tanium, Sophos, and MalwareBytes are gaining momentum but still lag in presence compared to market leaders.
  3. Pursuing Vendors, including Bitdefender, Trellix, and Broadcom are experiencing slower growth, with less impact in the market.
Our survey reveals that larger vendors with platform approaches are gaining the most traction in this part of the security software market. Companies like Palo Alto Networks and Zscaler consistently rank at the top in terms of innovation, ease of integration, and customer satisfaction, while Cloudflare and Fortinet are noted for their strong value-for-money offerings.
“Okay, what's your evaluation of alternative vendors?” And this is the list that came up. Microsoft seems to be the number one, and that's probably because they're already embedded. It’s the devil you already know, not that they're the. Sentinel[One] probably has the next best offering, but Fortinet and Palo Alto, all three of those are tied. There does seem to be other options for customers out there.

Competitive Strengths Vary Widely

The report also looks ahead, assessing which vendors are best positioned to benefit over the next 12 months. Larger platform providers, such as Palo Alto and Cloudflare, dominate future usage intentions, with companies like Cato Networks and Netskope trailing closely behind as they continue to expand.
One of the standout findings is the strong positioning of private firms like Cato Networks, which was rated highest for value for money among respondents. Similarly, Netskope has demonstrated significant innovation, placing it ahead of several more established competitors in terms of product updates and technical roadmaps.
The competitive landscape is crowded, with numerous vendors vying for leadership in the SASE market. Smaller players like Forcepoint and Akamai face challenges in scaling their offerings, though they continue to receive solid customer satisfaction scores in areas like technical support and implementation.
Some vendors, such as SonicWall and Symantec, appear to struggle with customer loyalty and ease of integration, possibly hindering their ability to compete against larger players with more comprehensive solutions.

Shift in CrowdStrike's Market Position

CrowdStrike remains a dominant Endpoint player, though recent challenges have dented its reputation. Previously topping Net Score rankings in last year's Endpoint Observatory, the company saw a decline after operational issues tied to a product update affected customer sentiment. Consequently, CrowdStrike's Net Score dropped by 20 percentage points, signaling rising customer concerns about the update process. Nonetheless, CrowdStrike still ranks fourth in spending intentions, valued for innovation, ROI, and integration. SentinelOne and Microsoft Defender have also gained momentum, with SentinelOne excelling in support and update satisfaction, while Defender benefits from seamless Microsoft integration, and delivering strong economic value.

Leading Platforms: Microsoft Defender, SentinelOne, Palo Alto Networks, Cisco, and Fortinet

Microsoft Defender capitalizes on its ecosystem integration, achieving high satisfaction in system compatibility and cost-effectiveness. SentinelOne, while innovative, shows slowing adoption, yet it remains competitive due to its product support and value. Palo Alto Networks, transitioning from network to broader security, scores well in support and integration but may face challenges around premium pricing. Cisco maintains a steady mid-range position, boosted by recent acquisitions, while Fortinet excels in value and support, securing a balanced yet less innovative profile.

Smaller but Advancing Vendors: Sophos, Tanium, MalwareBytes, and Check Point

Sophos and Tanium show moderate satisfaction, with Tanium noted for reliable support. MalwareBytes is viewed as accessible, though limited in technical support. Check Point maintains a balanced performance, though its integration capabilities face occasional hurdles.

Trailing but Active Vendors: Bitdefender, Trellix, Symantec, Carbon Black, and Trend Micro

Bitdefender and Trellix display average performance, with Trellix noted for integration ease. Symantec and Carbon Black struggle with innovation and face potential customer churn, while Trend Micro experiences low scores across key metrics, albeit with positive integration feedback.

Competitive Pressures Mounting Despite Macro Concerns

Endpoint security is crucial in today's interconnected world, where geopolitical threats increasingly exploit cyber tools. Businesses are prioritizing security upgrades, moving beyond traditional antivirus to advanced tools like Endpoint Protection Platforms (EPP), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR). Dominant players like CrowdStrike and SentinelOne provide comprehensive solutions, while network security firms like Palo Alto and Fortinet integrate endpoint modules, adding competition. As digital threats grow, endpoint security evolves to prevent costly breaches, ensure regulatory compliance, and avoid disruptions. Despite ongoing budget pressures within enterprises, robust endpoint protection remains vital for effective, resilient cybersecurity defense.
To dive deeper into the ETR Observatory's insights and uncover the full competitive landscape, use the form below check out the full report.
contact us
Press Need a quote, image, or additional information for an article, reach out to our press team at press@etr.ai
Reprints If you would like permission to reprint this report or our ETR Observatory Scope graphic, please send your request to reprints@etr.ai
ETR Insights Team Contact a member of our ETR Insights team to discuss all the details from this analysis or request custom research.
  • Erik Bradley, Chief Strategist & Research Director epb@etr.ai
  • Daren Brabham, PhD, VP Research Analyst dbrabham@etr.ai
  • Jake Fabrizio, Principal Research Analyst jf@etr.ai
  • Doug Bruehl, Principal Research Analyst dbruehl@etr.ai
Interested in reviewing the complete survey results? Fill out the firm below and someone from our team will reach out to you.
Submit
Back to Summary | About ETR | Key Terms | Methodology