Join the 1500 companies using G2 Track to manage SaaS spend, usage, contracts & compliance.

Best Endpoint Detection & Response (EDR) Software

Endpoint detection and response (EDR) tools are the newest members of the endpoint security family. They combine elements of both endpoint antivirus and endpoint management solutions to detect, investigate, and remove any malicious software that penetrates a network’s devices. These tools give greater visibility of a system’s overall health including each specific device’s state. Companies use these tools to mitigate endpoint penetrations quickly and prevent data loss, theft, or system failures. They are typically used as a complement to larger security systems such as security information and event management (SIEM), vulnerability management, and incident response tools.

To qualify for inclusion in the Endpoint Detection and Response category, a product must:

  • Alert administrators when devices have been compromised
  • Search data and systems for the presence of malware
  • Possess analytics and anomaly detection features
  • Possess malware removal features
G2 Grid® for Endpoint Detection & Response (EDR)
Leaders
High Performers
Contenders
Niche
Momentum Leaders
Momentum Score
Market Presence
Satisfaction
content
Star Rating

Endpoint Detection & Response (EDR) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Endpoint Detection & Response (EDR) Software

Results: 75
G2 takes pride in showing unbiased ratings on user satisfaction. G2 does not allow for paid placement in any of our ratings.
Results: 75
Filter Results
Filter by:
Sort by
Star Rating
Sort By:

    Symantec Endpoint Protection (SEP) is designed to protect against malware attacks including targeted attacks, advanced persistent threats, and zero-day threats with a layered approach to security at the endpoint. Superior protection that fuses essential and next-gen technologies in a multi-layered fashion. High-performance, lightweight single client, single management console across both physical and virtual protection and orchestrated response delivered at scale

    Webroot Endpoint Protection
    (88)4.7 out of 5
    Optimized for quick response
    Optimized for quick response

    In a multi-vector attack, cybercriminals combine a variety of threat technologies, deployed in numerous stages, over multiple points of entry, or vectors, to infect computers and networks. To keep businesses, their users, and their devices safe, Webroot SecureAnywhere® Business Endpoint Protection offers a unique next gen blend of layered multi-vector protection that stops threats across email, web browsing, files, URLs, ads, apps, and more.

    To stop the widest range of threats, Sophos Intercept X employs a comprehensive defense-in-depth approach to endpoint protection rather than simply relying on one primary security technique. This is the “the power of the plus” – a combination of leading foundational (traditional) and modern (next-gen) techniques. Intercept X integrates the industry’s top-rated malware detection and exploit protection with built-in endpoint detection and response (EDR). Drive threat prevention to unmatched levels. The artificial intelligence built into Intercept X is a deep learning neural network, an advanced form of machine learning that detects both known and unknown malware without relying on signatures. Deep learning makes Intercept X smarter, more scalable, and higher-performing than endpoint security solutions that use traditional machine learning or signature-based detection alone.

    Traps replaces traditional antivirus with multi-method prevention, a proprietary combination of advanced malware and exploit prevention methods that protect users and endpoints from known and unknown threats.

    Integrated endpoint protection that provides automated next-generation threat protection, as well as visibility and control of your software and hardware inventory across the entire security fabric. Identify and remediate vulnerable or compromised hosts across your attack surface.

    Bitdefender GravityZone combines all the security services organizations need into a single delivery platform to reduce their cost of building a trusted environment for all endpoints.

    Kaspersky Endpoint Security for Business offers a tightly integrated combination of superior security technologies and far-reaching systems management capabilities, which can all be controlled via a single management console.

    A group of defense and intelligence experts saw savvy attackers compromising endpoints seemingly at will. Traditional approaches failed to provide sufficient protection. They founded SentinelOne to develop a dramatic new approach to endpoint protection. It’s one that applies AI and machine learning to thwart known and unknown threats. Our team understands how much endpoints matter. When attackers come after our privacy, intellectual property, infrastructure, and collaborative modes of working, they assault more than just data. We’re under attack, and so are our values. That’s why we’re dedicated to keeping our breakthrough platform ahead of threats from every vector. Gartner, NSS Labs, and industry leading organizations recognize that our approach sets us apart.

    53% of breaches do not use malware. Streaming prevention through Cb Defense goes beyond machine-learning AV to stop all types of attacks before they compromise your systems. Cb Defense, with its breakthrough prevention model, market-leading detection and response capabilities and single lightweight agent, is the future of next-gen antivirus.

    Cb Response is the market-leading incident response and threat hunting solution designed to provide responders with the most information possible, accompanied by expert threat analysis and armed with real-time response capabilities to stop attacks, minimize damage and close security gaps. Cb Response makes these teams more efficient, reducing investigations from days to hours, and more effective, enabling them to discover threats before attacks can exploit them. Cb Response also allows teams to connect to and isolate infected machines to prevent lateral movement and remediate devices without costly IT involvement.

    Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise orchestration across siloed IT and Security organizations, simplifying security management and making response effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives.

    Provides continuous, updated, and powerful security against the entire spectrum of threats, from zero-day exploits to hacker attacks.

    Proofpoint Threat Response Auto-Pull (TRAP) enables messaging and security administrators the ability to automatically retract threats delivered to employee inboxes and emails that turn malicious after delivery to quarantine. It is also a powerful solution to retract messages sent in error as well as inappropriate, malicious, or emails containing compliance violations and also follows forwarded mail and distribution lists and creates an auditable activity trail. With Proofpoint Threat Response Auto-Pull, you can protect your people, data, and brand from today’s threats by: • Automatically pulling malicious or unwanted messages from an end-users inbox. • Enriching each message by checking every domain and IP address against premium intelligence feeds. • Including built-in reporting, showing stats like: Email quarantine success or failures, email retraction read status, targeting by active directory attribute • Reducing the remediation time needed from hours to minutes.

    FireEye Endpoint Security (HX series) products provide organizations with the ability to continuously monitor endpoints for advanced malware and indicators of compromise that routinely bypass signature-based and defense-in-depth security systems.

    An enterprise solution that allows you to query and modify your managed computer assets in seconds, regardless of the size of your network.

    Endpoint security management is all about adequately securing such endpoints and thereby securing a network by blocking access attempts and such risky activities at endpoints.

    Panda Endpoint Protection provides centralized protection for all of your Windows, Mac and Linux workstations, including laptops, smartphones and the leading virtualization systems.

    Check Point Endpoint Security combines data security, network security, threat prevention technologies and remote access VPN into one package for complete Windows and Mac OS X protection.

    Cisco Advanced Malware Protection (AMP) for Endpoints prevents threats at point of entry, then continuously tracks every file it lets onto your endpoints. AMP can uncover even the most advanced threats, including fileless malware and ransomware.

    Cybereason automatically detects malicious activity and presents it in an intuitive way. It deploys easily with minimal organizational impact and provides end-to-end context of an attack campaign. Most organizations deploy Cybereason and start detecting attacks within 24 to 48 hours.

    Detect, isolate, and eliminate intrusions across all endpoints using AI, automated incident generation, and unparalleled threat intelligence.

    EnCase Endpoint Security is the most complete threat detection and response solution—eliminating the time it takes to detect, validate, triage, investigate, and remediate known and unknown threats lurking across the enterprise, unseen by perimeter and network solutions. An organization’s security is simply not complete without endpoint visibility.

    CylancePROTECT redefines what antivirus can and should do for your organization by leveraging artificial intelligence to detect AND prevent malware from executing on your endpoints in real time.

    Deep Discovery Inspector is available as a physical or virtual network appliance. It's designed to quickly detect advanced malware that typically bypasses traditional security defenses and exfiltrates sensitive data. Specialized detection engines and custom sandbox analysis detect and prevent breaches.

    enSilo offers a complete endpoint security and malware protection solution, designed to stop malware post-infection real-time from causing harm and tampering or exfiltrating data from endpoints.

    ESET Enterprise Inspector is ESET's Endpoint Detection and Response (EDR) tool for identification of anomalous behavior, identification of breaches, risk assessment, and further forensic investigation that features response capabilities to mitigate the discovered threats.

    CrowdStrike Falcon endpoint protection unifies the technologies required to successfully stop breaches: next-generation antivirus, endpoint detection and response, IT hygiene, 24/7 threat hunting and threat intelligence. They combine to provide continuous breach prevention in a single agent.

    Proofpoint Enterprise Archive solutions provide automated social media content supervision, remediation, and record retention - all from a common interface.

    SanerNow is a SaaS platform for endpoint security and management — a platform that hosts numerous tools to cover various endpoint security and management requirements. SanerNow addresses the following business cases: - Vulnerability Management - Patch Management - Compliance Management - Asset Management - Endpoint Management - Endpoint Threat Detection and Response

    Symantec Protection Suite Enterprise Edition combines best-of-breed products to secure your endpoint and email infrastructure. It delivers protection against complex malware, data loss, and spam threats along with industry-leading messaging protection.

    Trend Micro Endpoint Security provides immediate protection for enterprise endpoints lowering infections by instantly securing end-points from sophisticated cybercriminal attacks

    All Domain Intrusion Detection, Investigation, and Containment

    GFI EndPointSecurity could save your business. It gives you control of all your portable devices from one central control panel. Data theft is prevented, and harmful new software and files are blocked from your network. GFI EndPointSecurity is packed with features that protect and secure your data. Access Control allows you to grant or deny access to any known device on your network. You control which devices are blocked by class, physical port or device ID. You control access duration. Grant devices access for two hours, one week, or any time period. And Access Control can block unknown devices automatically. So your data is always fully secured.

    SNOW is an endpoint detection/response solution in the form of a lightweight cross platform sensor. Operating on a host based managed system, it proactively searches through networks 24/7 to provide the ultimate protection against todays most sophisticated cyber security threats.

    Awake detects attacks that blend in with business-justified activity and enables conclusive and rapid response. With exhaustive intelligence from the network, Awake uniquely identifies mal-intent to stop insider attacks, file-less malware, and much more.

    BluVector Pulse delivers a fully turnkey sense and respond platform, automating the health and heartbeat monitoring and device management of the market-leading BluVector Cortex offering.

    Comodo provides Advanced Endpoint Protection Solution for Small Medium Enterprise that solve malware problem quickly with complete security from known and unknown threats from automatic containment and crowd-sourced intelligence knowledge base.

    CounterTrack EPPl is a solution that empowers security teams to counter advanced endpoint threats in real-time to delivers unprecedented visibility and context around targeted, persistent threats for a comprehensive approach to endpoint detection and response.

    Cynet converges multiple technologies (EPP, EDR, UBA, Deception, Network Analytics and vulnerability management), with a 24/7 cyber SWAT team, to provide unparalleled visibility and defend all domains of your internal network: endpoints, network, files and users, from all types of attacks.

    SparkCognition is a leader in cognitive computing analytics that develops AI-Powered cyber-physical software for the safety, security, and reliability of IT, OT, and the IIoT. SparkCognition builds artificial intelligence solutions for applications in energy, oil and gas, manufacturing, finance, aerospace, defense, and security.

    Sequreteks EDPR helps organizations to Detect, Protect and Respond against zero-day threats, advanced persistent threats, ransomware attacks and other malware. EDPR is the first product in the industry to achieve efficiency and sophistication in product design that combines a multitude of technologies.

    Endgame Platform is an endpoint security platform that prevents all device compromise, stops ongoing attacks, and automates the hunt for the next generation of attacks.

    IntSights is revolutionizing cyber security with a first of its kind Enterprise Threat Intelligence & Mitigation platform that delivers proactive defense by transforming threat intelligence into automated security action. It monitors your external risk profile, aggregates and analyzes tens of thousands of threats, and automates the risk mitigation lifecycle.

    Falcon Complete™ changes the game by making endpoint security powerful and easy for all organizations. Falcon Complete combines CrowdStrike’s industry-leading protection technologies with the people, expertise and processes necessary to provide the most effective, worry-free approach to endpoint security.

    CrowdStrike® Falcon Insight™ eliminates silent failure by providing the highest level of real-time monitoring capabilities that span across detection, response and forensics.

    Enterprise-grade protection to secure networks, emails and endpoints for growing mid-market organizations.

    G Data Endpoint Protection helps protect clients directly from threats and exploiting vulnerabilities, including proactive protection against malware, including an effective client firewall and efficient patch management to prevent vulnerabilities in installed programs from becoming an attacker's gateway.