Endpoint protection platforms (EPPs) play a vital role in securing managed endpoints, including desktop PCs, laptop PCs, servers, and mobile devices. These platforms are specifically designed to prevent a wide array of known and unknown malicious attacks while offering the capabilities to investigate and remediate incidents that evade protection controls.
At the heart of EPPs are core capabilities such as the prevention of, and protection against, security threats—including malware that employs file-based and fileless exploits—as well as the ability to control scripts and processes. EPPs can also detect and prevent threats using behavioral analysis of device activity, application, identity, and user data, while providing the means to further investigate incidents and obtain remediation guidance when exploits bypass protection controls.
EPPs often include optional capabilities, such as risk reports based on inventory, configuration, and policy management of endpoint devices; management and reporting of operating system (OS) security control status, including disk encryption and local firewall settings or substitute functionality; and facilities to scan systems for vulnerabilities and report on or manage the installation of security patches.
Some EPPs also incorporate endpoint detection and response (EDR), extended detection and response (XDR), managed services, and extended OS compatibility for mobile devices, containers, virtual instances, and end-of-life or rare operating systems.
The latest Gartner Magic Quadrant for Endpoint Protection Platforms, shown below and released at the end of December of 2022, maps out the top players’ strengths and weaknesses to help organizations make informed decisions about it’s endpoint security needs.