Join the 1500 companies using G2 Track to manage SaaS spend, usage, contracts & compliance.

Best Endpoint Detection & Response (EDR) Software

Endpoint detection and response (EDR) tools are the newest members of the endpoint security family. They combine elements of both endpoint antivirus and endpoint management solutions to detect, investigate, and remove any malicious software that penetrates a network’s devices. These tools give greater visibility of a system’s overall health including each specific device’s state. Companies use these tools to mitigate endpoint penetrations quickly and prevent data loss, theft, or system failures. They are typically used as a complement to larger security systems such as security information and event management (SIEM), vulnerability management, and incident response tools.

To qualify for inclusion in the Endpoint Detection and Response category, a product must:

  • Alert administrators when devices have been compromised
  • Search data and systems for the presence of malware
  • Possess analytics and anomaly detection features
  • Possess malware removal features
G2 Grid® for Endpoint Detection & Response (EDR)
High Performers
Momentum Leaders
Momentum Score
Market Presence
Star Rating

Endpoint Detection & Response (EDR) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Endpoint Detection & Response (EDR) Software

Results: 75
G2 takes pride in showing unbiased ratings on user satisfaction. G2 does not allow for paid placement in any of our ratings.
Results: 75
Filter Results
Filter by:
Sort by
Star Rating
Sort By:

    GFI EndPointSecurity could save your business. It gives you control of all your portable devices from one central control panel. Data theft is prevented, and harmful new software and files are blocked from your network. GFI EndPointSecurity is packed with features that protect and secure your data. Access Control allows you to grant or deny access to any known device on your network. You control which devices are blocked by class, physical port or device ID. You control access duration. Grant devices access for two hours, one week, or any time period. And Access Control can block unknown devices automatically. So your data is always fully secured.

    KF Web Server is a free HTTP Server that can host a number of web sites.

    Lastline Detonator integrates Lastline's unmatched advanced malware analysis and protection capabilities seamlessly into your existing security products. It puts the years of research on evasive malware by Lastline's team of internationally recognized experts at your fingertips.

    LightCyber is a security platform protecting enterprises from persistent threats and targeted attacks.

    Automatically learns from human analysts and automates detection and response, never having analysts repeat the same investigations ever again.

    Matrix42, the leading provider of workspace management solutions, has entered into a strategic partnership with enSilo and now offers the innovative security company's products exclusively in Central Europe and integrates enSilo into its comprehensive Workspace Management Suite

    Metapacket is a proxy platform that detects & prevents malwares from exfiltration, rendering malware useless.

    Morphisec Endpoint Threat Prevention thwarts hackers with their own strategies like deception, obfuscation, modification, and polymorphism.

    Whether in DETECT or PREVENT mode, managed by us or you, the Nyotron War Room provides you in-depth details about an attack as it happens: where the attack is happening, if it is spreading to other endpoints, what the nature of the threat is, how it got in, and how it spread.

    Promisec Integrity offers customers the same nimble agentless functionality as our on-premise solution, but through a browser interface to enable antivirus validation, unauthorized software discovery, and patch management validation.

    Designed from the ground up for the managed service provider. Delivered as a Software-as-Service from the cloud to customer endpoints, RocketCyber helps MSPs streamline detection and response capabilities and build security into monthly core services.

    RSA ECAT is an endpoint threat detection and response solution that exposes targeted, advanced malware, highlights suspicious activity for investigation, and instantly determines the scope of a compromise to help security teams stop advanced threats faster.

    RSA NetWitness Logs & Packets is a security solution that identifies every threat and offers different solutions.

    R-Scope puts networks under a microscope so that customers can respond to both known and zero-day attacks before they become crises.

    The Secureworks Counter Threat Platform™ (CTP™) combines the speed and scalability of machine learning with the insight of human intelligence.

    Accelerite Sentient is an endpoint detection and response tool that pulls together real-time information from enterprise endpoints, and enables security and IT staff to identify critical security threats and vulnerabilities in their endpoints within seconds

    Smart eVision is a new generation of information presentation platform that can quickly integrate a variety of information, intuitively and interactively present financial, business, production, quality, personnel and other related operational management information, and can be equipped with mobile devices to provide a new human-computer interaction interface

    Dangerous end users with too much privilege. Unused, often obsolete, protocols. Unauthorized software. With Third Wall, you can lock down, enforce policies and passwords, eliminate many gaping vulnerabilities.

    ThreatBook TDP is a microstep online threat detection platform dedicated to accurately discovering internal missing hosts and helping security teams locate threats quickly and accurately.

    Triumfant AtomicEye provides continuous protection from advanced malware threats – stopping criminal activity at the point of infiltration and instantly repairing the machine and any collateral damage within minutes of an attack.

    TXHunter provides an easy to use and convenient tool for conducting threat incident investigations remotely. If any endpoint system or server is suspected of having been attacked, TXHunter can simply take a snapshot of the suspicious system and automatically conduct an incident investigation. If the investigation process identifies suspicious files or URL links, it will automatically launch the TXSandbox for a behavior analysis.

    The Versive AI Platform was developed to provide large enterprises with solutions that empower their teams to achieve world-class results.

    VMRay Analyzer provides best-in-class threat detection and mitigation capabilities, a fast and powerful tool for a rapidly evolving threat landscape. Unlike traditional malware analysis systems, VMRay Analyzer cannot be evaded by malware because of its unique hypervisor-based approach – nothing is modified in the target environment being monitored.

    Ziften isa security solution that provides teams with continuous endpoint visibility to view the full context of security landscape, amplify teams abilities, and establish organizational resiliency.