G2 Crowd gives a real-time look at how dreamforce sponsors and exhibitioners stack up.

Best Endpoint Detection & Response (EDR) Software

Endpoint detection and response (EDR) tools are the newest members of the endpoint security family. They combine elements of both endpoint antivirus and endpoint management solutions to detect, investigate, and remove any malicious software that penetrates a network’s devices. These tools give greater visibility of a system’s overall health including each specific device’s state. Companies use these tools to mitigate endpoint penetrations quickly and prevent data loss, theft, or system failures. They are typically used as a complement to larger security systems such as security information and event management (SIEM), vulnerability management, and incident response tools.

To qualify for inclusion in the Endpoint Detection and Response category, a product must:

  • Alert administrators when devices have been compromised
  • Search data and systems for the presence of malware
  • Possess analytics and anomaly detection features
  • Possess malware removal features
G2 Crowd Grid® for Endpoint Detection & Response (EDR)
Leaders
High Performers
Contenders
Niche
Market Presence
Satisfaction
Compare Endpoint Detection & Response (EDR) Software
    Results: 85

    Filters
    Star Rating

    Endpoint Detection & Response (EDR) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

    Symantec Endpoint Protection (SEP) is designed to protect against malware attacks including targeted attacks, advanced persistent threats, and zero-day threats with a layered approach to security at the endpoint. Superior protection that fuses essential and next-gen technologies in a multi-layered fashion. High-performance, lightweight single client, single management console across both physical and virtual protection and orchestrated response delivered at scale


    In a multi-vector attack, cybercriminals combine a variety of threat technologies, deployed in numerous stages, over multiple points of entry, or vectors, to infect computers and networks. To keep businesses, their users, and their devices safe, Webroot SecureAnywhere® Business Endpoint Protection offers a unique blend of layered multi-vector protection that stops threats across email, web browsing, files, URLs, ads, apps, and more.


    Provides continuous, updated, and powerful security against the entire spectrum of threats, from zero-day exploits to hacker attacks.


    Complete security that includes encryption, web filtering and patch assessment


    Integrated endpoint protection that provides automated next-generation threat protection, as well as visibility and control of your software and hardware inventory across the entire security fabric. Identify and remediate vulnerable or compromised hosts across your attack surface.


    VIPRE is a leading provider of advanced security products purpose-built to protect every major attack vector from today’s most costly and malicious online threats. Leveraging decades of proven industry expertise, our award-winning software portfolio includes comprehensive email and endpoint security, along with real-time threat intelligence and the industry’s premier sandbox for next-gen malware analysis.


    Sophos Central allows for the management of multiple Sophos services including endpoint and server protection.


    IBM® BigFix® addresses a major challenge faced by many organizations — how to gain full visibility into the constantly changing endpoint landscape while bridging the gap between threat detection and remediation. See clearly: Discover and audit endpoints on or off the corporate network. Detect evasive attacks with behavioral analytics. Understand completely: Guided investigations to define the scope of detected attacks. Define what remediation action you need to take. Act precisely: Immediately contain and remediate attacks enterprise-wide. Continuously reduce your attack surface.


    Secdo is the only automated incident response platform, enabling security and IR teams to investigate and respond to incidents faster than ever. With a combination of zero-gap endpoint visibility, automated alert investigation, proactive threat hunting and surgical response and remediation, Secdo gives security professionals an all-in-one tool to slash incident response time to minutes and increase their effectiveness by an order of magnitude. Secdo’s agents records all endpoint and server activity and send it to a centralized server (either on-premise or in the cloud). Using its unique Causality Analysis Engine, Secdo ingests any alert from any source and automatically correlates the alerts with the endpoint data to provide the full context of the alerts, including the attack chain, root cause and damage assessment. Finally, Secdo provides a set of response and remediation tools allowing incident responders to remotely and surgically contain endpoints and run remediation actions across multiple endpoints.


    Cb Response is the market-leading incident response and threat hunting solution designed to provide responders with the most information possible, accompanied by expert threat analysis and armed with real-time response capabilities to stop attacks, minimize damage and close security gaps. Cb Response makes these teams more efficient, reducing investigations from days to hours, and more effective, enabling them to discover threats before attacks can exploit them. Cb Response also allows teams to connect to and isolate infected machines to prevent lateral movement and remediate devices without costly IT involvement.


    53% of breaches do not use malware. Streaming prevention through Cb Defense goes beyond machine-learning AV to stop all types of attacks before they compromise your systems. Cb Defense, with its breakthrough prevention model, market-leading detection and response capabilities and single lightweight agent, is the future of next-gen antivirus.


    Stop known and unknown threats on all platforms using sophisticated machine learning and intelligent automation. SentinelOne predicts malicious behavior across all vectors, rapidly eliminates threats with a fully-automated incident response protocol, and adapts defenses against the most advanced cyber attacks.


    The artificial intelligence built into Intercept X is a deep learning neural network, an advanced form of machine learning, that detects both known and unknown malware without relying on signatures.


    CloudCare is a free, cloud-based, endpoint security administration platform that makes it significantly faster and easier to monitor threats, resolve issues, and deliver multiple layers of protection to your customers.


    Cybereason automatically detects malicious activity and presents it in an intuitive way. It deploys easily with minimal organizational impact and provides end-to-end context of an attack campaign. Most organizations deploy Cybereason and start detecting attacks within 24 to 48 hours.


    FireEye Endpoint Security (HX series) products provide organizations with the ability to continuously monitor endpoints for advanced malware and indicators of compromise that routinely bypass signature-based and defense-in-depth security systems.


    Traps replaces traditional antivirus with multi-method prevention, a proprietary combination of advanced malware and exploit prevention methods that protect users and endpoints from known and unknown threats.


    An enterprise solution that allows you to query and modify your managed computer assets in seconds, regardless of the size of your network.


    EnCase Endpoint Security is the most complete threat detection and response solution—eliminating the time it takes to detect, validate, triage, investigate, and remediate known and unknown threats lurking across the enterprise, unseen by perimeter and network solutions. An organization’s security is simply not complete without endpoint visibility.


    Detect, isolate, and eliminate intrusions across all endpoints using AI, automated incident generation, and unparalleled threat intelligence.


    Bromium has pioneered a completely new approach to defeat cyber attacks in real time and provide unmatched threat intelligence hardware-enforced isolation.


    Panda Endpoint Protection provides centralized protection for all of your Windows, Mac and Linux workstations, including laptops, smartphones and the leading virtualization systems.


    SanerNow is a SaaS platform for endpoint security and management — a platform that hosts numerous tools to cover various endpoint security and management requirements. SanerNow addresses the following business cases: - Vulnerability Management - Patch Management - Compliance Management - Asset Management - Endpoint Management - Endpoint Threat Detection and Response


    Easy to use security-as-a-service for organizations with limited IT security resources



    Syniverse is a global transaction processor that connects more than 1,500 mobile service providers, enterprises, ISPs and OTTs in nearly 200 countries and territories, enabling seamless mobile communications across disparate and rapidly evolving networks, devices and applications.


    Proofpoint Targeted Attack Protection (TAP) stays ahead of today's attackers with an innovative approach that detects, analyzes, and blocks advanced threats before they reach the inbox.


    All Domain Intrusion Detection, Investigation, and Containment


    High end Herd Management and Farm Automation for beef fattening farms. Especially designed for mid-large scale farm operations. From feed bunk management to abattoir automation.. Probably the most advanced Herd management on the market.


    Awake detects attacks that blend in with business-justified activity and enables conclusive and rapid response. With exhaustive intelligence from the network, Awake uniquely identifies mal-intent to stop insider attacks, file-less malware, and much more.


    With Azure Advanced Threat Protection, the power and scale of the cloud help you safeguard against threats that are increasing in frequency, severity, and sophistication.


    BluVector Pulse delivers a fully turnkey sense and respond platform, automating the health and heartbeat monitoring and device management of the market-leading BluVector Cortex offering.


    Cb Predictive Security Cloud collects and analyzes unfiltered endpoint data to make predictions about, and protect against, future, and unknown attacks.


    Check Point Infinity is the only fully consolidated cyber security architecture that provides unprecedented protection against Gen V mega-cyberattacks as well as future cyber threats across all networks, endpoint, cloud and mobile. The architecture is designed to resolve the complexities of growing connectiviity and inefficient security


    Real-time, client-less, application-independent threat detection and protection based on innovative and patented technology.


    With Proofpoint Cloud Account Defense (PCAD), you can protect your people and your organization from Microsoft Office 365 account compromise.


    Proofpoint Cloud App Security Broker (PCASB) helps you secure applications such as Microsoft Office 365, Googles G Suite, Box, and more.


    Cofense PhishMe uses industry-proven behavioral conditioning methods to better prepare employees to recognize and resist malicious phishing attempts–transforming one of your biggest liabilities into your strongest defense.


    Proofpoint Data Discover simplifies and automates PCI, PII and PHI discovery


    Deep Discovery Inspector is available as a physical or virtual network appliance. It's designed to quickly detect advanced malware that typically bypasses traditional security defenses and exfiltrates sensitive data. Specialized detection engines and custom sandbox analysis detect and prevent breaches.


    Our Digital Compliance solutions provide automated social media content supervision, remediation, and record retention - all from a common interface


    Our Digital Discover solutions protect your brand and the people who trust it from suspicious and infringing social accounts, mobile apps, and domains.


    Our Digital Protection solutions provide real-time security for branded social media accounts and employee social media programs across all major social networks.


    Combining comprehensive coverage, unique detection and intelligence, and automated takedown, Digital Threat Protection offers a unique approach to combat attacks from the beginning, enabling organizations to focus on the future, not the fear of fraud.


    Proofpoint Domain Discover for Email gives you the actionable intelligence to preemptively stop impostor emails before they reach your inbox.


    This powerful breach detection solution enables analysts to hunt, analyze and visualize all activity relevant to an IT system threat or breach.


    Proofpoints e-discovery and Analytics capabilities provide greater insight for your litigation readiness strategy. That means more control with less cost and risk.


    Proofpoint Email DLP simplifies data loss prevention by giving you complete visibility and control of email leaving your enterprise.


    Proofpoint Email Fraud Defense gives you the visibility, tools, and services to authorize legitimate email and block fraudulent messages before they reach the inbox.


    ET Intelligence helps prevent attacks and reduce risk by helping you understand the historical context of where these threats originated, who is behind them, when have they attacked, what methods they used, and what they're after.


    IntSights is revolutionizing cyber security with a first of its kind Enterprise Threat Intelligence & Mitigation platform that delivers proactive defense by transforming threat intelligence into automated security action. It monitors your external risk profile, aggregates and analyzes tens of thousands of threats, and automates the risk mitigation lifecycle.


    ESET Enterprise Inspector is ESET's Endpoint Detection and Response (EDR) tool for identification of anomalous behavior, identification of breaches, risk assessment, and further forensic investigation that features response capabilities to mitigate the discovered threats.


    Falcon Complete™ changes the game by making endpoint security powerful and easy for all organizations. Falcon Complete combines CrowdStrike’s industry-leading protection technologies with the people, expertise and processes necessary to provide the most effective, worry-free approach to endpoint security.


    CrowdStrike Falcon endpoint protection unifies the technologies required to successfully stop breaches: next-generation antivirus, endpoint detection and response, IT hygiene, 24/7 threat hunting and threat intelligence. They combine to provide continuous breach prevention in a single agent.


    CrowdStrike® Falcon Insight™ eliminates silent failure by providing the highest level of real-time monitoring capabilities that span across detection, response and forensics.


    Farsight Security provides rapid threat detection and response to rapidly identify and react to incursions of your internet presence and brand.


    FinalCode Express Edition consists of a Base Plan (essential IRM functionalities) and seven individually-priced optional subscriptions that can be added based on organizational requirements.


    Proofpoint Information Archiving solutions provide automated social media content supervision, remediation, and record retention - all from a common interface.


    Integrated DLP allows you to deploy data security for a fraction of the cost and time of traditional enterprise DLP solutions.


    Proofpoint Intelligent Supervision helps streamline compliance. Its fully integrated with Enterprise Archive for easy capture, review and reporting


    Lastline Detonator integrates Lastline's unmatched advanced malware analysis and protection capabilities seamlessly into your existing security products. It puts the years of research on evasive malware by Lastline's team of internationally recognized experts at your fingertips.


    Automatically learns from human analysts and automates detection and response, never having analysts repeat the same investigations ever again.


    Proofpoint Mail Routing Agent (MRA) provides secure, scalable, reliable email routing and management for even the most complex email infrastructures.


    Matrix42, the leading provider of workspace management solutions, has entered into a strategic partnership with enSilo and now offers the innovative security company's products exclusively in Central Europe and integrates enSilo into its comprehensive Workspace Management Suite


    Identify and block apps known to be malicious and those with risky behaviors that may lead to spear-phishing attacks and expose sensitive data


    Morphisec Endpoint Threat Prevention thwarts hackers with their own strategies like deception, obfuscation, modification, and polymorphism.


    Whether in DETECT or PREVENT mode, managed by us or you, the Nyotron War Room provides you in-depth details about an attack as it happens: where the attack is happening, if it is spreading to other endpoints, what the nature of the threat is, how it got in, and how it spread.


    Proofpoint Phishing and Security Awareness solutions, powered by Wombat Security, provide unique and effective anti-phishing filtering.


    Proofpoint Premium Threat Information Service provides deeper understanding of the ongoing threat landscape and your organization's place in it, enabling you.


    Promisec Integrity offers customers the same nimble agentless functionality as our on-premise solution, but through a browser interface to enable antivirus validation, unauthorized software discovery, and patch management validation.


    Promon INSIGHT gives you crucial time to react to emerging threats. With the ability to silently report back to servers, hackers performing targeted attacks won't even be aware that they have been detected.


    RSA ECAT is an endpoint threat detection and response solution that exposes targeted, advanced malware, highlights suspicious activity for investigation, and instantly determines the scope of a compromise to help security teams stop advanced threats faster.


    Open source email server and solutions from Proofpoint


    Accelerite Sentient is an endpoint detection and response tool that pulls together real-time information from enterprise endpoints, and enables security and IT staff to identify critical security threats and vulnerabilities in their endpoints within seconds


    Protecting your social infrastructure and ensuring compliance is critical to maximizing your social media investment


    Personal Webmail Defense (PWD) protects you and your employees across personal webmail and browsing activities across the broader web.


    Proofpoint Targeted Attack Protection SaaS Defense safeguards your organization against hidden threats in cloud-based file-storage apps.


    Dangerous end users with too much privilege. Unused, often obsolete, protocols. Unauthorized software. With Third Wall, you can lock down, enforce policies and passwords, eliminate many gaping vulnerabilities.


    ThreatBook TDP is a microstep online threat detection platform dedicated to accurately discovering internal missing hosts and helping security teams locate threats quickly and accurately.


    Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently.


    Proofpoint Threat Response Auto-Pull (TRAP) enables messaging and security administrators to move malicious or unwanted messages to quarantine, after delivery. It follows forwarded mail and distribution lists and creates an auditable activity trail.


    Triumfant AtomicEye provides continuous protection from advanced malware threats – stopping criminal activity at the point of infiltration and instantly repairing the machine and any collateral damage within minutes of an attack.


    Veriato RansomSafe is a software to ransomware defense. It combines just-in-time data protection with mechanisms to detect and shut down attacks before they hold the business hostage.


    The Versive AI Platform was developed to provide large enterprises with solutions that empower their teams to achieve world-class results.


    Ziften isa security solution that provides teams with continuous endpoint visibility to view the full context of security landscape, amplify teams abilities, and establish organizational resiliency.