Best Endpoint Detection & Response (EDR) Software

Endpoint detection and response (EDR) tools are the newest members of the endpoint security family. They combine elements of both endpoint antivirus and endpoint management solutions to detect, investigate, and remove any malicious software that penetrates a network’s devices. These tools give greater visibility of a system’s overall health including each specific device’s state. Companies use these tools to mitigate endpoint penetrations quickly and prevent data loss, theft, or system failures. They are typically used as a complement to larger security systems such as security information and event management (SIEM), vulnerability management, and incident response tools.

To qualify for inclusion in the Endpoint Detection and Response category, a product must:

  • Alert administrators when devices have been compromised
  • Search data and systems for the presence of malware
  • Possess analytics and anomaly detection features
  • Possess malware removal features

Endpoint Detection & Response (EDR) Software Grid® Overview

The best Endpoint Detection & Response (EDR) Software products are determined by customer satisfaction (based on user reviews) and market presence (based on products’ scale, focus, and influence) and placed into four categories on the Grid®:
  • Products in the Leader quadrant are rated highly by G2 Crowd users and have substantial Market Presence scores. Leaders include: Sophos Endpoint Protection, Symantec Endpoint Protection, McAfee Endpoint Protection, Webroot Endpoint Protection, and ESET Endpoint Security
  • High Performers are highly rated by their users, but have not yet achieved the Market Presence of the Leaders. High Performers include: Secdo
  • Contenders have significant Market Presence and resources, but have received below average user Satisfaction ratings or have not yet received a sufficient number of reviews to validate the solution. Contenders include: FortiClient
  • Niche solutions do not have the Market Presence of the Leaders. They may have been rated positively on customer Satisfaction, but have not yet received enough reviews to validate them. Niche products include: Cb Response, IBM BigFix, and Cb Defense
G2 Crowd Grid® for Endpoint Detection & Response (EDR)
Leaders
High Performers
Contenders
Niche
Market Presence
Satisfaction
Compare Endpoint Detection & Response (EDR) Software
    Results: 50

    Filters
    Star Rating

    Endpoint Detection & Response (EDR) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

    Symantec Endpoint Protection (SEP) is designed to protect against malware attacks including targeted attacks, advanced persistent threats, and zero-day threats with a layered approach to security at the endpoint. Superior protection that fuses essential and next-gen technologies in a multi-layered fashion. High-performance, lightweight single client, single management console across both physical and virtual protection and orchestrated response delivered at scale


    In a multi-vector attack, cybercriminals combine a variety of threat technologies, deployed in numerous stages, over multiple points of entry, or vectors, to infect computers and networks. To keep businesses, their users, and their devices safe, Webroot SecureAnywhere® Business Endpoint Protection offers a unique blend of layered multi-vector protection that stops threats across email, web browsing, files, URLs, ads, apps, and more.


    Provides continuous, updated, and powerful security against the entire spectrum of threats, from zero-day exploits to hacker attacks.


    ESET protects all of the most-used operating systems with the same level of functionality, leaving no potential entry point to your network unprotected. ESET’s powerful security management console gives you real-time information on the security state of your network, endpoints and mobile devices, including security and administration functionality that protects you against threats.


    Complete security that includes encryption, web filtering and patch assessment


    Integrated endpoint protection that provides automated next-generation threat protection, as well as visibility and control of your software and hardware inventory across the entire security fabric. Identify and remediate vulnerable or compromised hosts across your attack surface.


    Secdo is the only automated incident response platform, enabling security and IR teams to investigate and respond to incidents faster than ever. With a combination of zero-gap endpoint visibility, automated alert investigation, proactive threat hunting and surgical response and remediation, Secdo gives security professionals an all-in-one tool to slash incident response time to minutes and increase their effectiveness by an order of magnitude. Secdo’s agents records all endpoint and server activity and send it to a centralized server (either on-premise or in the cloud). Using its unique Causality Analysis Engine, Secdo ingests any alert from any source and automatically correlates the alerts with the endpoint data to provide the full context of the alerts, including the attack chain, root cause and damage assessment. Finally, Secdo provides a set of response and remediation tools allowing incident responders to remotely and surgically contain endpoints and run remediation actions across multiple endpoints.


    Cb Response is the market-leading incident response and threat hunting solution designed to provide responders with the most information possible, accompanied by expert threat analysis and armed with real-time response capabilities to stop attacks, minimize damage and close security gaps. Cb Response makes these teams more efficient, reducing investigations from days to hours, and more effective, enabling them to discover threats before attacks can exploit them. Cb Response also allows teams to connect to and isolate infected machines to prevent lateral movement and remediate devices without costly IT involvement.


    53% of breaches do not use malware. Streaming prevention through Cb Defense goes beyond machine-learning AV to stop all types of attacks before they compromise your systems. Cb Defense, with its breakthrough prevention model, market-leading detection and response capabilities and single lightweight agent, is the future of next-gen antivirus.


    IBM® BigFix® addresses a major challenge faced by many organizations — how to gain full visibility into the constantly changing endpoint landscape while bridging the gap between threat detection and remediation. See clearly: Discover and audit endpoints on or off the corporate network. Detect evasive attacks with behavioral analytics. Understand completely: Guided investigations to define the scope of detected attacks. Define what remediation action you need to take. Act precisely: Immediately contain and remediate attacks enterprise-wide. Continuously reduce your attack surface.


    Stop known and unknown threats on all platforms using sophisticated machine learning and intelligent automation. SentinelOne predicts malicious behavior across all vectors, rapidly eliminates threats with a fully-automated incident response protocol, and adapts defenses against the most advanced cyber attacks.


    Sophos Central allows for the management of multiple Sophos services including endpoint and server protection.


    CrowdStrike Falcon Host enables your security team to effectively and efficiently detect and block adversary activity.


    Cybereason automatically detects malicious activity and presents it in an intuitive way. It deploys easily with minimal organizational impact and provides end-to-end context of an attack campaign. Most organizations deploy Cybereason and start detecting attacks within 24 to 48 hours.


    FireEye Endpoint Security (HX series) products provide organizations with the ability to continuously monitor endpoints for advanced malware and indicators of compromise that routinely bypass signature-based and defense-in-depth security systems.


    Traps replaces traditional antivirus with multi-method prevention, a proprietary combination of advanced malware and exploit prevention methods that protect users and endpoints from known and unknown threats.


    An enterprise solution that allows you to query and modify your managed computer assets in seconds, regardless of the size of your network.


    EnCase Endpoint Security is the most complete threat detection and response solution—eliminating the time it takes to detect, validate, triage, investigate, and remediate known and unknown threats lurking across the enterprise, unseen by perimeter and network solutions. An organization’s security is simply not complete without endpoint visibility.


    Bromium has pioneered a completely new approach to defeat cyber attacks in real time and provide unmatched threat intelligence hardware-enforced isolation.


    SanerNow is a SaaS platform for endpoint security and management — a platform that hosts numerous tools to cover various endpoint security and management requirements. SanerNow addresses the following business cases: - Vulnerability Management - Patch Management - Compliance Management - Asset Management - Endpoint Management - Endpoint Threat Detection and Response


    All Domain Intrusion Detection, Investigation, and Containment


    CloudCare is a free, cloud-based, endpoint security administration platform that makes it significantly faster and easier to monitor threats, resolve issues, and deliver multiple layers of protection to your customers.


    Awake detects attacks that blend in with business-justified activity and enables conclusive and rapid response. With exhaustive intelligence from the network, Awake uniquely identifies mal-intent to stop insider attacks, file-less malware, and much more.


    BluVector Pulse delivers a fully turnkey sense and respond platform, automating the health and heartbeat monitoring and device management of the market-leading BluVector Cortex offering.


    Check Point Infinity is the only fully consolidated cyber security architecture that provides unprecedented protection against Gen V mega-cyberattacks as well as future cyber threats across all networks, endpoint, cloud and mobile. The architecture is designed to resolve the complexities of growing connectiviity and inefficient security


    Real-time, client-less, application-independent threat detection and protection based on innovative and patented technology.


    Cofense PhishMe uses industry-proven behavioral conditioning methods to better prepare employees to recognize and resist malicious phishing attempts–transforming one of your biggest liabilities into your strongest defense.


    Deep Discovery Inspector is available as a physical or virtual network appliance. It's designed to quickly detect advanced malware that typically bypasses traditional security defenses and exfiltrates sensitive data. Specialized detection engines and custom sandbox analysis detect and prevent breaches.


    Combining comprehensive coverage, unique detection and intelligence, and automated takedown, Digital Threat Protection offers a unique approach to combat attacks from the beginning, enabling organizations to focus on the future, not the fear of fraud.


    This powerful breach detection solution enables analysts to hunt, analyze and visualize all activity relevant to an IT system threat or breach.


    IntSights is revolutionizing cyber security with a first of its kind Enterprise Threat Intelligence & Mitigation platform that delivers proactive defense by transforming threat intelligence into automated security action. It monitors your external risk profile, aggregates and analyzes tens of thousands of threats, and automates the risk mitigation lifecycle.


    ESET Enterprise Inspector is ESET's Endpoint Detection and Response (EDR) tool for identification of anomalous behavior, identification of breaches, risk assessment, and further forensic investigation that features response capabilities to mitigate the discovered threats.


    Farsight Security provides rapid threat detection and response to rapidly identify and react to incursions of your internet presence and brand.


    FinalCode Express Edition consists of a Base Plan (essential IRM functionalities) and seven individually-priced optional subscriptions that can be added based on organizational requirements.


    Integrated DLP allows you to deploy data security for a fraction of the cost and time of traditional enterprise DLP solutions.


    Lastline Detonator integrates Lastline's unmatched advanced malware analysis and protection capabilities seamlessly into your existing security products. It puts the years of research on evasive malware by Lastline's team of internationally recognized experts at your fingertips.


    Automatically learns from human analysts and automates detection and response, never having analysts repeat the same investigations ever again.


    Matrix42, the leading provider of workspace management solutions, has entered into a strategic partnership with enSilo and now offers the innovative security company's products exclusively in Central Europe and integrates enSilo into its comprehensive Workspace Management Suite


    Whether in DETECT or PREVENT mode, managed by us or you, the Nyotron War Room provides you in-depth details about an attack as it happens: where the attack is happening, if it is spreading to other endpoints, what the nature of the threat is, how it got in, and how it spread.


    Promisec Integrity offers customers the same nimble agentless functionality as our on-premise solution, but through a browser interface to enable antivirus validation, unauthorized software discovery, and patch management validation.


    Promon INSIGHT gives you crucial time to react to emerging threats. With the ability to silently report back to servers, hackers performing targeted attacks won't even be aware that they have been detected.


    RSA ECAT is an endpoint threat detection and response solution that exposes targeted, advanced malware, highlights suspicious activity for investigation, and instantly determines the scope of a compromise to help security teams stop advanced threats faster.


    Accelerite Sentient is an endpoint detection and response tool that pulls together real-time information from enterprise endpoints, and enables security and IT staff to identify critical security threats and vulnerabilities in their endpoints within seconds


    The artificial intelligence built into Intercept X is a deep learning neural network, an advanced form of machine learning, that detects both known and unknown malware without relying on signatures.


    Syniverse is a global transaction processor that connects more than 1,500 mobile service providers, enterprises, ISPs and OTTs in nearly 200 countries and territories, enabling seamless mobile communications across disparate and rapidly evolving networks, devices and applications.


    ThreatBook TDP is a microstep online threat detection platform dedicated to accurately discovering internal missing hosts and helping security teams locate threats quickly and accurately.


    Triumfant AtomicEye provides continuous protection from advanced malware threats – stopping criminal activity at the point of infiltration and instantly repairing the machine and any collateral damage within minutes of an attack.


    The Versive AI Platform was developed to provide large enterprises with solutions that empower their teams to achieve world-class results.


    VIPRE is the highest-rated, award-winning endpoint security product for businesses, as well as home users, delivering the best protection at the best price. VIPRE is powered by the most sophisticated advanced machine learning, one of the world’s largest threat intelligence clouds and real-time behavior monitoring to protect millions of users from ransomware, zero-day attacks, phishing, exploit kits, mobile threats and other malware that easily evade traditional signature-based antivirus. The company is also a proud Advanced Technology Partner of Amazon Web Services. Easy to use, VIPRE deploys in minutes to deliver unmatched protection without slowing down PCs. VIPRE is headquartered and supported in the U.S. and all customers receive free, U.S.-based technical support. VIPRE Endpoint Security - Cloud Edition touts the first major innovation in cloud-based antivirus in recent years. VIPRE Cloud allows users to access, drill down and act upon a potential breach before any damage occurs, any time, any place, for true 24/7 protection.


    Ziften isa security solution that provides teams with continuous endpoint visibility to view the full context of security landscape, amplify teams abilities, and establish organizational resiliency.


    Kate from G2 Crowd

    Learning about Endpoint Detection & Response (EDR)?

    I can help.
    Get FREE professional recommendations in just a few minutes.