The 2017 Gartner Magic Quadrant for Endpoint Protection Platforms has just been released, along with the tsunami of vendor posts, tweets and emails telling you that they “won” and everyone else “lost”. (Link at bottom)

But what is it all about and is any of it really relevant?

Yes and No.

The MQ is Gartner’s annual analysis of a sector. It’s based on their team doing a certain amount of analysis of each vendor and their products along with some vendor and customer interviews. It’s a far from exact science and if you ask any of the vendors listed in a MQ they’ll easily point out the deficiencies and merits of Gartner’s analysis of them. And today 1st Feb 2017, Gartner released their analysis of the Endpoint Protection Platforms sector, which to you and me is Antivirus.

Personally I have experience of a number of the products analysed in this report and I can see many debatable comments by Gartner. I won’t go into them in this post, but the general summary with any MQ is you have to take it with a grain, pinch or bucket of salt. Use it as a guide of who the main players are and hear one analyst’s point in time perspective.

Here’s my view of Gartner’s Magic Quadrants:

Top Right – Vendors with the big market share. If you’re in this or vertically close to it then you are a serious name.

Bottom Right – Vendors with great technology but their lack of vertical height shows their lack of customer sales. Newer vendors with cool tech will shoot to the right, and then start edging back left as the tech is seen as “Tried and trusted” rather than “bleeding edge cool”. Ultimately, if you’re in the bottom right quadrant, it’s nice to be far right, but you really want to edge as high as you can, as that’s where the market penetration (sales) is. Staying in the bottom right is a good recipe for acquisition by a top right vendor.

Top Left – Big sales, but with technology as cool as the sweater your Gran bought you for Christmas. Direction is important here. If someone slips left, from the top right into the top left (as Intel did this year) then customers are saying they don’t like the tech any more, but probably still renewing it. Move from the left to the right, towards the top right quadrant, as Microsoft have done, and you’re showing that people are warming up to your technology.

Bottom Left – Meh. Seriously, this is the holding zone. Fine to start off here, but if you’re still in this after one or two years then you’re not a real name in Enterprise protection, and most likely a home Antivirus player.

More Analysis

The big challenge with this market is that we have a conflation of antivirus (prevention) and Endpoint Detection and Response (Detection) products. Many organisations will use a blend of two of the vendors shown. So be aware that we have a whole basket of fruit here and you’re not necessarily comparing apples with apples.

Comparing this 2017 MQ to the 2016 one, the truth is that for most of the vendors listed, there’s not been much change. Several have had a bit of a shocker, and their marketing teams will be burning the midnight oil to issue rebuttals left, right and centre. Intel (McAfee) specifically will be deeply hurt by this report. Equally Trend will be gutted to have moved left too.

And the Winners Are….

Those having a good day are Microsoft, Cylance and SentinelOne. And they deserve it.

Microsoft have shifted a long way to the right from 2016 and showed they have got their act together when it comes to security. However good their tech though, many would still argue that their EPP products are not best-of-breed and aren’t really a competitor of the other vendors.

Cylance took the 2016 MQ by storm with innovative tech and in 2017 have done the almost impossible in the following year by moving up to be knocking on the door of the Top Right. It’s no surprise really. Their $177m of funding has helped push them into every global market and gain new customers hand over fist. This MQ recognises Cylance as one of the big boys in every sense.

SentinelOne have done very well too, shifting right and up. They have some innovative technology and an interesting spin on ransomware, providing a backup/restore type function when their product fails to detect the malware and gets infected. SentinelOne are enjoying the “cool honeymoon” phase and now need to start winning customers to break into the big boy category.

Putting it all Together

Most organisations I know are using one of the vendors in the top right, and are not happy with them. The products are failing to detect newer malware and infections are on the rise. The good news is that there is some great new technology out there, and I urge everyone to give it a try, and a damn good test. We have free malware and testing guides available at, so you’ve really got no excuse to not get your hands dirty.

[2017 Gartner Magic Quadrant for Endpoint Protection Platforms – courtesy of Cylance]

Reading Between the Lines of the Gartner MQ
Tagged on: