The sudden surge in remote working and increased complexity of endpoint attacks prompt the need for better-automated threat prevention, detection, and remediation. These trends pushed the more mature endpoint detection and response (EDR) concept to reach wide adoption, which paved the way for more integrated solutions such as extended detection and response (XDR) and secure access service edge (SASE), according to a recent research from Gartner.

“The biggest changes that we've seen are endpoint security technologies moving further along in the Hype Cycle,” Gartner VP Chris Silva said. Endpoint security antivirus software gave way to endpoint security tools (ETP), and now the technology shifted to EDR, which is a direct response to human-operated ransomware and fileless malware that currently threaten organizations, he explained.

EDR offers a layer of protection that can detect and investigate security events, contain attacks, and produce remediation guidance. The technology is in the fourth stage of the Hype Cycle for endpoint security, and less than two years from reaching the plateau of productivity, which is the last stage in the cycle, according to Gartner.

Silva added that EDR “went from some distant technological thing not many folks were looking at or buying … to now being the primary tool to deal with the threats.”

“Certainly the next evolution will be from EDR to XDR,” Silva said.

Gartner placed XDR in the first stage of the Hype Cycle: innovation trigger. Silva anticipates it will take up to 10 years to reach its plateau, and up to three years to become the primary interest driver in the market.

The technology combines information from multiple resources including the endpoint and network to detect threats. It integrates functions from security information and event management (SIEM),  security orchestration, automation, and response (SOAR), to EDR, cloud access security broker (CASB), and firewall. This trend is in line with organizations’ increased interest in pursuing a vendor consolidation strategy, according to a recent Gartner survey.

The definition of XDR can differ from vendor to vendor Silva said. "From Gartner's point of view, we want to see network infrastructure, the endpoints plus mobile [detections] all coming together, so we have a true broad sense of any part of the user-facing environment."

Several security vendors including Palo Alto Networks, Fortinet, Cisco, VMware, and FireEye already launched or increased investments in XDR platforms. However, Gartner’s report concluded “only a small list of vendors can truly offer an XDR product.”

But "some of the bigger network vendors like Palo Alto Networks and Cisco, have enough parts to make a credible run at XDR now,” Silva said, adding there's still room for growth in either endpoint-centric or network-centric detection vendors.

These network-centric and endpoint-centric players are on two coasts that haven’t met in the middle to offer an XDR platform, he explained.

Development will initially occur through partnerships, but “network vendors are going to have to make acquisitions of endpoint tech [vendors], and the endpoint vendors are going to in turn need to make some acquisitions of mobile threat defense [MTD] to get a better visibility to drive an XDR message," Silva said.

Secure enterprise communications, or VPNs, were removed from Gartner's Hype Cycle this year “because the remote access conversations are almost always and should be focused on zero-trust network architecture (ZTNA) and SASE,” Silva said.

Gartner’s research indicates both ZTNA and SASE are gaining adoption as they mature, though at different rates. 

“Zero trust is a little bit more real than a true SASE,” Silva explained. SASE is fully intelligent and can make decisions around access automatically, but “the logic and the segmentation of users in the network, in many cases, it's not rich enough yet to support SASE,” he added.

“SASE is going to be a little bit of a further frontier from those doing zero-trust [strategy] today,” he concludes.

ZTNA also plays a crucial role in any SASE platform, Palo Alto Networks SVP and GM Anand Oswal explained in a recent blog post. “ZTNA offers organizations scalable remote access, consistent identity-based access control, and continuous trust assessment wherever data or users are," he wrote.

Other technologies and practices that enable remote work are experiencing a drastic increase in adoption, including business email compromise (BEC), CASB, bring your own PC (BYOPC), unified-endpoint management (UEM), and desktop as a service (DaaS). 

Unifed endpoint security (UES), which combines elements of EDR, endpoint protection platforms (EPP), and MTD, is the latest concept entering Gartner's Hype Cycle.