Star Rating
Languages Supported

Endpoint Detection & Response (EDR) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Best Endpoint Detection & Response (EDR) Software

Endpoint detection and response (EDR) tools are the newest members of the endpoint security family. They combine elements of both endpoint antivirus and endpoint management solutions to detect, investigate, and remove any malicious software that penetrates a network’s devices. These tools give greater visibility of a system’s overall health including each specific device’s state. Companies use these tools to mitigate endpoint penetrations quickly and prevent data loss, theft, or system failures. They are typically used as a complement to larger security systems such as security information and event management (SIEM), vulnerability management, and incident response tools.

To qualify for inclusion in the Endpoint Detection and Response category, a product must:

Alert administrators when devices have been compromised
Search data and systems for the presence of malware
Possess analytics and anomaly detection features
Possess malware removal features

Top 10 Endpoint Detection & Response (EDR) Software

  • MVISION Endpoint Security
  • Sophos Intercept X: Next-Gen Endpoint
  • SentinelOne
  • Palo Alto Networks Traps
  • CB Response
  • Bitdefender GravityZone
  • FireEye Endpoint Security
  • Cisco AMP for Endpoints
  • Panda Security
  • SolarWinds N-central

Compare Endpoint Detection & Response (EDR) Software

G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our scoring methodologies.
Sort By:
Results: 75
View Grid®
Adv. Filters
(161)4.3 out of 5

McAfee Endpoint Security delivers industry-leading protection and operational simplicity for your diverse endpoint environment.

(92)4.2 out of 5
Optimized for quick response

Sophos Intercept X is the world’s most comprehensive endpoint protection solution. Built to stop the widest range of attacks, Intercept X has been proven to prevent even the most advanced ransomware and malware by leveraging a unique combination of next-generation techniques. This includes the ability to detect never-before-seen malware with deep learning, stop ransomware with Sophos anti-ransomware technology, and deny attacker tools with signatureless exploit prevention. Intercept X also inclu

(51)4.8 out of 5
Optimized for quick response

SentinelOne is the only cybersecurity solution encompassing AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. To learn more visit or follow us at @SentinelOne, on LinkedIn or Facebook. Our team

(32)4.7 out of 5

Traps replaces traditional antivirus with multi-method prevention, a proprietary combination of advanced malware and exploit prevention methods that protect users and endpoints from known and unknown threats.

(55)4.4 out of 5

CB Response is the market-leading incident response and threat hunting solution designed to provide responders with the most information possible, accompanied by expert threat analysis and armed with real-time response capabilities to stop attacks, minimize damage and close security gaps. CB Response makes these teams more efficient, reducing investigations from days to hours, and more effective, enabling them to discover threats before attacks can exploit them. CB Response also allows teams to

(34)4.1 out of 5

Bitdefender GravityZone combines all the security services organizations need into a single delivery platform to reduce their cost of building a trusted environment for all endpoints.

(14)4.2 out of 5

FireEye Endpoint Security (HX series) products provide organizations with the ability to continuously monitor endpoints for advanced malware and indicators of compromise that routinely bypass signature-based and defense-in-depth security systems.

(15)4.5 out of 5

Cisco Advanced Malware Protection (AMP) for Endpoints prevents threats at point of entry, then continuously tracks every file it lets onto your endpoints. AMP can uncover even the most advanced threats, including fileless malware and ransomware.

(84)4.3 out of 5

Panda Security, a WatchGuard Brand, has been providing advanced cybersecurity for over 30 years. Their Adaptive Defense 360 (AD360) Endpoint Protection Platform (EPP) suite, combines next-generation antivirus protection, endpoint detection and response (EDR), patch management, content filtering, email security, full disk encryption, and more, into one package. The AD360 platform touts a unique zero-trust security service that certifies the legitimacy and safety of all running applications thanks

(104)4.3 out of 5
Optimized for quick response

Join the thousands of MSPs and IT professionals who use SolarWinds N-central to remotely monitor and manage devices and complex networks. Built with security in mind, N-central provides the visibility and efficiency you need to scale. With the time you save, you can invest more in your business. N-central can help you: 1) Proactively monitor everything on your customer networks – not just servers and workstations – and troubleshoot quickly 2) Stay on top of threats with features like MFA, anti

(107)4.2 out of 5
Optimized for quick response

SolarWinds Remote Monitoring & Management offers a comprehensive set of tools to secure, maintain, and improve IT operations across client networks of all complexities and sizes. Trusted by over 20,000 MSPs globally and managing over 5 million devices and 160,000 SMBs, SolarWinds RMM offer powerful platforms with a tailored experience built for your business needs. Key features include... • Integrated single pane of glass, bringing everything you manage into one console • Simple, powerful

Endpoint security management is all about adequately securing such endpoints and thereby securing a network by blocking access attempts and such risky activities at endpoints.

(10)4.9 out of 5

ESET Enterprise Inspector is an Endpoint Detection & Response tool that works by collecting system data about what is happening on endpoints in real time. It enriches prevention capabilities with enhanced endpoint visibility, threat hunting and incident response features, focusing on identification of anomalous behavior, risk assessment and effective remediation. Due to its robust database engine, ESET Enterprise Inspector allows to perform forensic investigation of past incidents and has re

(7)4.1 out of 5

SanerNow is a SaaS platform for endpoint security and management — a platform that hosts numerous tools to cover various endpoint security and management requirements. SanerNow addresses the following business cases: - Vulnerability Management - Patch Management - Compliance Management - Asset Management - Endpoint Management - Application and Device Control - Software Deployment - Endpoint Threat Detection and Response

(7)4.1 out of 5
Optimized for quick response

Today’s digital forensics teams face many challenges in a world filled with an overwhelming amount of data. From multiple office locations to massive employee pools and remote workers, AD Enterprise provides deep visibility into live data directly at the endpoint, helping you conduct faster, more targeted enterprise-wide post-breach, HR and compliance investigations in a single, robust solution. With AD Enterprise, you can respond quickly, remotely and covertly while maintaining chain of custody

(5)4.2 out of 5

An enterprise solution that allows you to query and modify your managed computer assets in seconds, regardless of the size of your network.

(6)3.5 out of 5

BlackBerry Optics uses machine learning (ML) and artificial intelligence (AI) to identify and prevent widespread security incidents, providing consistent visibility, targeted threat hunting, and fast incident response.

(37)4.2 out of 5

BlackBerry Protect redefines what antivirus can and should do for your organization by leveraging artificial intelligence to detect AND prevent malware from executing on your endpoints in real time.

(4)4.6 out of 5

Helps financial institutions detect and prevent malware infections and phishing attacks, maximizing protection for their customers.

(4)5.0 out of 5

LMNTRIX has reimagined cybersecurity, turning the tables in favor of the defenders once again. We have cut out the bloat of SIEM, log analysis and false positives resulting in alert fatigue, and we created new methods for confounding even the most advanced attackers. We believe that in a time of continuous compromise you need continuous response – not incident response. Our approach turns inward and assumes that you’re already breached and that you’re continually going to be breached, so we tak

Detect, isolate, and eliminate intrusions across all endpoints using AI, automated incident generation, and unparalleled threat intelligence.

(3)4.7 out of 5

Cybereason automatically detects malicious activity and presents it in an intuitive way. It deploys easily with minimal organizational impact and provides end-to-end context of an attack campaign. Most organizations deploy Cybereason and start detecting attacks within 24 to 48 hours.

(4)3.3 out of 5

The endpoint detection and remediation market is a crowded space with several great options for large organizations. However, most require analysts with security expertise, only integrate with enterprise products, and come at a steep price point.

Proofpoint Enterprise Archive is a cloud-based archiving solution that simplifies legal discovery, regulatory compliance, and end-user information access without the headaches of managing an archive in-house.

(3)4.8 out of 5

Worry-Free Services infuses high-fidelity machine learning with other detection techniques for the broadest protection against ransomware and advanced attacks.

(2)4.8 out of 5

EnCase Endpoint Security is the most complete threat detection and response solution—eliminating the time it takes to detect, validate, triage, investigate, and remediate known and unknown threats lurking across the enterprise, unseen by perimeter and network solutions. An organization’s security is simply not complete without endpoint visibility.

(3)4.8 out of 5

FortiEDR delivers advanced, real-time threat protection for endpoints both pre- and post-infection. It proactively reduces the attack surface, prevents malware infection, detects and defuses potential threats in real time, and can automate response and remediation procedures with customizable playbooks.

Symantec Protection Suite Enterprise Edition combines best-of-breed products to secure your endpoint and email infrastructure. It delivers protection against complex malware, data loss, and spam threats along with industry-leading messaging protection.

(3)3.0 out of 5

CounterTrack EPPl is a solution that empowers security teams to counter advanced endpoint threats in real-time to delivers unprecedented visibility and context around targeted, persistent threats for a comprehensive approach to endpoint detection and response.

(1)3.0 out of 5

Endgame Platform is an endpoint security platform that prevents all device compromise, stops ongoing attacks, and automates the hunt for the next generation of attacks.

Select Grid® View
Select Company Size
G2 Grid® for Endpoint Detection & Response (EDR)
Filter Grid®
Filter Grid®
Select Grid® View
Select Company Size
Check out the G2 Grid® for the top Endpoint Detection & Response (EDR) Software products. G2 scores products and sellers based on reviews gathered from our user community, as well as data aggregated from online sources and social networks. Together, these scores are mapped on our proprietary G2 Grid®, which you can use to compare products, streamline the buying process, and quickly identify the best products based on the experiences of your peers.
High Performers
Sophos Intercept X: Next-Gen Endpoint
MVISION Endpoint Security
Panda Security
CB Response
Bitdefender GravityZone
FireEye Endpoint Security
SolarWinds Remote Monitoring & Management
Palo Alto Networks Traps
SolarWinds N-central
Comodo Endpoint Security Manager
Cisco AMP for Endpoints
Market Presence

Learn More About Endpoint Detection & Response (EDR) Software

What is Endpoint Detection & Response (EDR) Software?

EDR software is used to help companies identify and remediate threats related to network-connected endpoints. These tools inform security professionals of vulnerable or infected endpoints and guide them through the remediation process. After incidents have been resolved, EDR tools help teams investigate issues and the vulnerable components that allowed an endpoint to become compromised.

Continuous monitoring is one of the core capabilities of endpoint detection technologies. These monitoring features provide complete and continuous visibility across a company’s network-connected endpoints. Individuals can monitor behaviors, vulnerabilities, and activity for abnormalities. When abnormalities are identified, the detection portion of EDR technology transitions to the response portion.

Endpoint response begins with alerting and containment. Security professionals are alerted of threats present to their systems and isolate potentially compromised endpoints from further network access; this helps prevent one infected endpoint from becoming hundreds. Once systems are properly organized to contain malware and threat actors, security teams can work to remove malware and prevent future access from actors to endpoint devices.

EDR tools store threat data related to security incidents, improving a team's ability to defend against threats in the future by helping them identify root causes and threat actors. Additionally, zero-day exploits may be identified and other vulnerabilities may be remediated as a result. This will help defend against third-party privilege escalation, malware injection, and unapproved endpoint control from occurring in the future. Some EDR products provide machine learning capabilities to analyze events, improve threat hunting, and reduce false positives by automating protection and remediation processes.

Key Benefits of EDR Software

  • Monitor endpoints and detect issues or security incidents
  • Remediate present threats to endpoints
  • Investigate incidents to identify causes
  • Contain threats and restrict access to other endpoints or networks

Why Use Endpoint Detection & Response (EDR) Software?

Endpoints are some of the most vulnerable components of a business' network structure. One vulnerable endpoint could cause a company’s entire network, databases, and sensitive information to become exposed or stolen. EDR tools will help secure individual endpoints, detect issues as they arise, and contain threats that make their way beyond traditional security structures.

Endpoint protection is even more relevant when considering the growing popularity of bring-your-own-device (BYOD) policies. When employees are in complete control over downloads, applications, and updates, security must be a priority. Everyday professionals are not the most security-savvy individuals and may unintentionally compromise their device or put business information at risk.

Zero-day threats — While traditional prevention tools such as antivirus software or firewall technology are helpful as the first line of defense, zero-day threats are bound to occur. The nature of these threats means they are yet to be discovered and therefore cannot be defended against. EDR solutions will help identify new threats as they arise and remediate them before damage occurs.

Visibility and control — Continuous monitoring and endpoint visibility help defend against traditional malware and sophisticated threats. Monitoring can help identify known threats as they arise but also detect minute details that indicate the presence of advanced threats. Hackers are always developing new ways to enter networks undetected through fileless malware or malicious code injection. Monitoring capabilities will improve a team’s ability to detect anomalies caused as a result of outside actors and threats.

Analysis and deterrence — EDR software improves a security organization’s ability to review the data associated with security events, data breaches, and network attacks. The data collected from these events can be reviewed back to the initial onset and used to identify the vulnerability or exploit used. Once identified, security teams and software developers can work collectively to resolve flaws and prevent similar attacks from occurring in the future.

What are the Common Features of Endpoint Detection & Response (EDR) Software?

Detection — Detection capabilities come as a result of monitoring practices. Monitoring is used to collect information about properly functioning systems and can be applied as a reference for abnormal behavior or functionality. Once identified, IT and security professionals are alerted and directed through the review and resolution processes.

Containment — Once threats are present within an endpoint device, access must be restricted from the greater network and additional endpoints. Often referred to as quarantine features, these capabilities can help protect a network as soon as a threat is detected.

Remediation — As threats are discovered, they must be dealt with. EDR software provides individuals and security teams to track incidents back to their onset and identify suspicious actors or malware.

Investigation — After incidents occur, EDR software will collect large amounts of data associated with the endpoint device and provide a historical record of activities. This information can be used to quickly identify the cause of an incident and prevent its reoccurrence in the future.

Additional EDR Features

Behavioral analysis — Behavior analysis capabilities allow administrators to gain valuable insights related to end-user behavior. This data can be used as a reference for monitoring features to compare against and detect anomalies.

Real-time monitoring — Real-time and continuous monitoring capabilities allow security professionals to constantly monitor systems and detect anomalies in real time.

Threat data documentation— Event data recording capabilities automate the collection and curation of incident data. This information can be used to alert security teams of the performance and health of a company's endpoint-enabled devices.

Data exploration — Data exploration features allow security teams to review data associated with security incidents. These data points can be cross-referenced and analyzed to provide insights on how to better protect endpoints in the future.

Potential Issues with Endpoint Detection & Response (EDR) Software

Endpoint variety — Endpoints come in many shapes and sizes, from laptops and servers to tablets and smartphones. A business should be sure that all types of endpoints connected to its network are compatible with a chosen EDR solution. This is especially important for businesses with a large number of BYOD devices that run different operating systems and applications.

Scalability — Scale refers to the size and scope of your network of connected endpoints. It’s a major consideration because some EDR tools may only facilitate monitoring on a specific number of devices or limit the number of concurrent investigations or remediations. Companies with large pools of endpoints should be sure the solutions they consider can handle the number of endpoints and provide adequate monitoring for the scale of their business and projected growth.

Efficacy — Efficacy refers to the actual functional benefit of using a software solution. Companies may be wasting their time if security teams are inundated with false positives or conflicting results. This is a key identifier in user reviews and third-party evaluations that buyers should consider when evaluating a product.

Administration and management — Companies adopting EDR for the first time should be sure they have sufficient staff equipped with skills relevant to using EDR software. Smaller, growing businesses may not be best suited for adopting complex security systems and may be better served using managed services until the need for security matches their ability to deliver.