The 7 Best Endpoint Detection and Response Solutions of 2020

Get real-time IT monitoring and responses

We publish unbiased product reviews; our opinions are our own and are not influenced by payment we receive from our advertising partners. Learn more about how we review products and read our advertiser disclosure for how we make money.

According to the Hiscox Cyber Readiness Report, attacks on small businesses continue to increase, with 47% of companies reporting security events in 2019 compared to 33% in 2018. The mean cost of all incidents is $14,000, which is no small figure for companies struggling to maintain profitability in today's economy. 

Standard antivirus or internet security software simply can't protect companies from the types of malicious attacks that start on one device and quickly spread through an entire network. And with more employees working from home, it's harder to track what's happening throughout the system. However, endpoint detection and response (EDR) software not only stops malware but remediates the problem so you can isolate problem devices and continue working. 

We evaluated more than 30 EDR solutions to find the best services based on ease of deployment, functionality, and supported operating systems. Plus, we looked at pricing models, independent studies, and features to select winners in each category. 

The 7 Best Endpoint Detection and Response of 2020

Best Overall: Bitdefender GravityZone

Bitdefender GravityZone

Bitdefender GravityZone 

Bitdefender predicts, detects, and prevents attacks anywhere in less than three seconds, making it the most dynamic solution available.

Pros
  • 30-day free trial

  • No advanced IT knowledge needed

  • 24/7 phone and email support

Cons
  • May slow computers down somewhat

  • All admins have separate consoles that must be customized

  • No instant notifications

Since 2001 Bitdefender has consistently received high scores from independent third parties while continually updating its products for comprehensive cybersecurity. With no advanced IT knowledge required and affordable yearly plans, Bitdefender GravityZone is the best overall EDR provider. 

Bitdefender protects desktops, laptops, and mobile devices with its web-based software. It works on: 

  • Microsoft Windows
  • Linus
  • Mac
  • iOS
  • Android 

This all-in-one service provides real-time control and monitoring of on- and off-site devices through a unified management web console. Bitdefender GravityZone provides:

  • Antivirus software
  • Antimalware software
  • Firewall with intrusion detection and prevention
  • Anti-ransomware
  • EDR

Implementation is simple, as you only need to log into your account and download the link to install. You don't need any tech skills to manage your account, and the web console is immediately available to start protecting your business upon download. 

With Bitdefender, you pay one annual payment, but it's less expensive to opt for a two-year or three-year plan. The GravityZone packages have a minimum of three devices and a maximum of 100. The website provides a tool to find your yearly cost easily. For example, if you have three endpoints and one server, you'll pay:

  • One year: $110.99 plus tax
  • Two years: $177.99 plus tax
  • Three years: $221.99 plus tax

Top features include machine learning (ML) antimalware, anti-phishing and web security filtering, and endpoint control and hardening. Third parties, like AV-Test, Mitre, and AV-Comparatives, review the software regularly.

Best for Small Businesses: Kaspersky

Kaspersky

Kaspersky

Kaspersky protects every device in your small business while providing a cloud console for device and user management that is easy for the small business owner to understand.

Pros
  • 30-day free trial

  • Protects mobile and desktop devices

  • Offers online and offline protection

Cons
  • Resource intensive while scanning devices

  • False positives for specialty apps

  • 24/7 premium support is an add-on 

Founded in 1997, Kaspersky uses machine learning and real-time analysis to stop attacks. With its easy-to-use cloud console and low cost, Kaspersky is our pick as best for small businesses. 

Whether you need on-site or off-site security, Kaspersky covers all operating systems such as:

  • Microsoft Windows
  • Mac
  • Linus
  • iOS
  • Android

Kaspersky offers several solutions for small businesses, along with add-on services like managed EDR. Kaspersky software includes:

  • Ransomware detection
  • Antivirus software
  • Antimalware software
  • Network firewall
  • EDR

Installation and setup for Kaspersky are pretty straightforward. Use the online quick start guide to download the security center, then install software for your specific operating system. 

You can purchase Kaspersky through its website or go through their authorized reseller partners. With a Kaspersky EDR plan, you pay annually, and the following prices are based on a minimum of 10 devices:

  • Kaspersky Select: $404.20 for an EDR agent, ransomware detection, and cloud-assisted intelligence 
  • Kaspersky Advanced: $746.20 for role-based access control, encryption, vulnerability, and patch management
  • Kaspersky Total: If you need advanced security for web gateways and email servers, you must go through an authorized partner for a custom solution

With Kaspersky, you get endpoint hardening, automatic updates, mobile threat defense, and automatic rollbacks after attacks. The company received third-party testing from Mitre and ICSA Labs, giving it additional credibility.

Best for Cloud Hosting: Cybereason

Cybereason

Cybereason

Protect your remote assets, on-premise devices, and cloud network with Cybereason.

Pros
  • Instant remediation tools

  • Collects 100% of event data in real-time

  • Top ranking by Forrester

Cons
  • No free trial

  • Takes 24 to 48 hours to start detecting attacks

  • May be buggy immediately after OS updates

Cybereason is a newcomer to the market, as it was founded in 2012. However, it quickly made its presence known with automatic processes that eliminate threats and prevent data loss. With several deployment options, including cloud-first deployment, Cybereason is best for cloud hosting in our review. 

You can use Cybereason on operating systems such as: 

  • Mac
  • Microsoft Windows
  • Linux
  • iOS
  • Android

Cybereason offers several different service options:

  • Root cause analysis
  • Whitelisting and blacklisting
  • Malware detection
  • Antivirus software
  • Host-level firewall management
  • EDR

Although installation is fairly simple, and the software is easy to use, it does take 24 to 48 hours to set it up and start monitoring your systems. 

Cybereason offers four Cybereason Defense Platform plans, along with many add-on solutions such as threat hunting and incident response services. Once you choose your desired features, Cybereason gives volume-based discounts. For instance, you may pay an estimated $50 per endpoint per year for a few devices versus paying $25 per endpoint if you have more than 10,000 devices. Plans include:

  • Professional: Includes threat intelligence and next-generation antivirus (NGAV)
  • Enterprise: Adds on EDR and deep response services
  • Ultimate: Provides managed detection and response and cyber posture assessment
  • Managed: Fully managed solution with endpoint and mobile threat defenses

With Cybereason, you get real-time, multi-stage attack details, automatic or one-click remediation, and anomaly and malware detection. Both Mitre and SC Labs independently review Cybereason, along with industry validation from Gartner.

Best Premium Option: CrowdStrike Falcon

Crowdstrike Falcon

Crowdstrike Falcon

Replace your existing security systems with one unified and feature-rich platform that gives companies more bang for their buck.

Pros
  • Consumes 1% or less of CPU

  • 15-day free trial

Cons
  • Only Google Chrome browser can access admin UI

  • No included firewall

  • No on-premises management console

Since 2011, CrowdStrike has been an industry leader for its unified set of cloud-delivered technologies. Although the company offers various solutions, CrowdStrike Falcon delivers premium features in a tidy, all-in-one system, making CrowdStrike Falcon the clear winner for our best premium option. 

CrowdStrike Falcon supports Microsoft Windows, Linux, and Mac operating systems. To get services for Android or iOS, you'll need to add Falcon for mobile. 

With CrowdStrike Falcon, you get a centralized software solution with available features like: 

  • Falcon Prevent: Next-generation antivirus software
  • Falcon Discover: Security hygiene
  • Falcon Insight: EDR 
  • Falcon Search: Threat intelligence
  • Falcon OverWatch: Threat hunting

You don't need any on-premise equipment, so you can download and deploy CrowdStrike Falcon within minutes, not days. 

Choose from à la carte features, add-on services, or bundled plans. CrowdStrike's packages require an annual payment and cover five to 250 endpoints. Plans include:

  • Professional: $8.99 per endpoint per month for Falcon Prevent
  • Enterprise: $15.99 per endpoint per month for Falcon Prevent and Falcon Insight
  • Premium: $18.99 per endpoint per month for Falcon Prevent, Falcon Insight, and Falcon Discover
  • Complete: For fully managed and custom services, you can contact the company to set up your personalized package

CrowdStrike Falcon provides machine learning and indicators of attack (IOA) detection for on- and off-line endpoints. Plus, you get real-time and historical visibility into managed and unmanaged assets. The services meet compliance according to independent third-party testers like Mitre, SE Labs, AV comparatives, and AV-Test.

Best Value: Infocyte

Infocyte

Infocyte

Infocyte is the only company providing a guaranteed first-hour response while offering affordable plans.

Pros
  • Free trial of Enlist plan

  • 60 minutes or less incident response

  • Offers an agentless option

Cons
  • Does not quarantine malware

  • Capabilities may differ by the operating system

  • Limited support for IoT and mobile

Founded in 2014, Infocyte is a newer company focusing on helping companies with high-value assets. Its low cost per node or device and premium features make it the winner of our best value category. 

You can use Infocyte as a standalone system or an add-on to your existing security system, and it works on Mac, Microsoft Windows, and Linux. 

With Infocyte, you get software focused on detection and response. It offers: 

  • Behavioral antivirus software
  • Real-time monitoring
  • Forensics
  • EDR
  • Malware prevention and detection

Setting up the software and integrating it with your existing security system takes a bit longer than other methods. However, Infocyte's agentless option means you can deploy its services from the cloud without any installation. 

Infocyte pricing is billed annually and priced per node. You can choose from three solutions:

  • Enlist: For $2 per node per month, you get continuous monitoring, asset and application discovery, and incident response and automation actions 
  • Patrol: For $3 per node per month, Infocyte adds application programming interface (API) access and integrations, along with reporting options about vulnerabilities
  • Command: This plan goes through authorized partners and provides managed detection and response services 

With Infocyte, you can click to respond to threats, meaning you can terminate processes or isolate hosts from your cloud console. It also offers AI-driven analysis, AI and ML threat detection, and real-time monitoring. Although Infocyte received a mention in a recent Gartner report, it doesn't yet have the number of licenses required to receive a full review.

Best for Remote Workforces: ESET

Eset

Eset

Quickly transfer or add new devices while remotely managing access via your web browser.

Pros
  • Low system CPU impact

  • Console comes in 21 languages

Cons
  • No whitelisting capability

  • Limited remediation options

Founded in 1987, ESET is a trusted name in the industry. With its cloud-based or on-premise options, an administrator can easily oversee all devices, making ESET the winner in our best for remote workforces category. 

ESET supports virtual workplaces by working on operating systems like:

  • Microsoft Windows
  • Mac
  • Linux
  • Android
  • iOS
  • Email servers

All ESET plans include software solutions such as:

  • Malware protection
  • Host-based intrusion prevention
  • Ransomware prevention
  • EDR

With no hardware or software required, it only takes minutes to deploy ESET EDR software, giving you a single point of network security management. 

ESET offers solutions for small businesses with up to 250 seats, midsize companies needing 251 to 999 seats, and enterprise solutions for 1,000 plus seats. You'll pay yearly, with the small business plans below covering five devices:

  • Endpoint Protection: $190 for multi-platform endpoint security, including data passing through servers like OneDrive and anti-theft features 
  • Remote Workforce Security: $334.50 for cloud-based sandbox testing and analysis, encryption for disks, partitions, and drives
  • Two-Factor Authentication: $349.50 with user identity validation via cell phone for on-premise software and Office 365, Google Apps, and Dropbox

You get interactive charts and tables with real-time updates, alerts when suspicious activity is detected, and flexible management from your administrative console. Third-party testing has been completed by AV-Test, AV-Comparatives, VB Spam Test, and SE Labs.

Best for Enterprise Capabilities: Sophos Intercept X

Sophos Intercept X

Sophos Intercept X

Sophos Intercept X delivers enterprise-grade features for a comprehensive view of your network.

Pros
  • 30-day free trial

  • Visually appealing UI

  • You can roll back changes after an attack

Cons
  • Low-bandwidth locations may run slower

  • Linux may include fewer admin features

  • Only basic workflows supported

Since 1985 Sophos has repeatedly received high ratings in tests while continuously improving its threat detection services. With advanced software and access to 90 days of historical data, Sophos is our review's best choice for enterprise capabilities. 

Deploy Sophos to your Microsoft Windows, Mac, or Linux machines, and you'll get a complete EDR solution including: 

  • Anti-ransomware
  • Forensic-level analysis
  • Virus clean
  • Malware detection

You can install and deploy your Sophos software within minutes regardless of the option chosen. The company offers three bundled packages available for purchase through one of its authorized partners. Pricing is based on the annual manufacturer suggested retail price (MSRP) cost for 500 to 999 users with a 36-month contract. Plans include: 

  • Intercept X Advanced: $28 per user per year for ransomware protection, deep learning malware detection, anti-exploit, and fileless attack prevention
  • Intercept X Advanced with EDR: $44 per user per year, adds EDR, malware analysis, forensic data export, and endpoint isolation 
  • Sophos Managed Threat Response: $75 per user per year for 24/7 expert threat hunting and remediation 

Sophos features CryptoGuard, which prevents malicious and spontaneous encryption and reverts files to safe states, along with artificial intelligence (AI) and machine learning (ML) malware detection, and false-positive suppression. The company has been tested by AV-Comparatives, AV-Test, MRG Effitas, and SE Labs.

What Is Endpoint Detection and Response Software?

Endpoint detection and response software detects suspicious activity, stops the malicious activity, and alerts administrators when an event occurs. While antivirus software blocks threats, EDR solutions find threats hidden on devices. Furthermore, EDR systems use artificial intelligence and machine learning to analyze endpoints to find anomalies, giving administrators time to respond and isolate a possible threat before it results in a data breach or leaks into your network. 

Many systems go beyond prevention and detection by providing remedial options to quarantine the problem device from the network quickly, then wipe it clean so your employees can get back to work. 

What Is an Endpoint Attack?

Endpoint attacks threaten devices attached to your networks, like computers, laptops, and smartphones. An attack may affect hardware such as server systems or cloud environments, including shared folders and storage. 

Small and midsize businesses (SMBs) and enterprises face increased and highly sophisticated attacks stemming from macro viruses, user logins, email, or employees clicking on links. The most common types of endpoint attacks consist of: 

  • Ransomware: Malicious software locks your systems by encrypting data and demanding a ransom in return for restoration.
  • Eavesdropping attack: With an eavesdropping attack, hackers intercept network traffic to get passwords, confidential data, or banking or credit card numbers.
  • Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks: These flood your systems and overwhelm resources, so you can't use your services. 
  • Phishing and spear-phishing attacks: Also called spoofing, it’s where hackers pretend to be a trusted source, like an email from your bank, and upon opening the email, malware enters devices, leading to financial scams or other threats.
  • Man-in-the-middle (MitM) attack: This type of attack is when a hacker gets into a session and pretends to be the server to overwhelm resources and launch a DDoS attack. 
  • Drive-by attack: Also called zero-day attacks, it’s where hackers exploit an unsecured app, web browser, or website. People who view the site may be redirected to a hacker's link or have malicious scripts installed on their device.
  • Structured query language (SQL) injection attack: Hackers add SQL commands to database-driven websites to extract or modify data. 
  • Password attack: Brute force or dictionary attacks attempt to gain access to passwords to gain entry into restricted content. 
  • Cross-site scripting (XSS) attack: Attackers use a malicious script to access and control devices, capture screenshots, or get network information. 

What Does Endpoint Detection and Response Software Cost?

EDR pricing differs by volume, features, and add-on services. Furthermore, many EDR providers work with authorized partners so you can select a local service to purchase your product from. 

You get managed services at the high end, including teams that hunt for threats and handle remediation for you. At the lower end, you get fewer remediation options. Prices start as low as $24 per user per year and go up to $228 per user per year. 

Is It Worth Paying for Endpoint Detection and Response Software?

Having work computers or your entire network locked from use can threaten not only your business data and productivity but shut down your company. Recovering from advanced cyberattacks is expensive and time-consuming. 

With the range of solutions offered for EDR, you can get antivirus software, antimalware, and anti-ransomware bundled into one program for just a few more dollars than what you're paying for antivirus software. However, lower-end products rely on you or your IT team to respond to alerts, so someone in your organization will need to oversee the software. 

Fortunately, most solutions work in the background, and you won't notice it's there unless you're attacked. You'll be able to see where the attack is coming from and take action to prevent it from worming its way into your entire system.  

How We Chose the Best Endpoint Detection and Response

After looking at more than 30 EDR systems and reading through analyses by Gartner and Forrester, we narrowed our list down to seven fantastic solutions. However, to make this list, all software had to work across multiple operating systems, provide a range of detection, prevention, and response features, while offering simple interfaces. We further considered cost as well as the ease of use for administrators to monitor results.

Article Sources

Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy .
  1. Hiscox. "Hiscox Cyber Readiness Report 2019." Accessed October 26, 2020.

  2. Gartner. "Gartner Magic Quadrant for Endpoint Protection Platforms August 2019." Accessed October 26, 2020.