WithSecure’s perspective on the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms report

A Gartner Magic Quadrant is a culmination of research in a specific market, giving you a wide-angle view of the relative positions of the market’s competitors.1
In this article, we explore a recently published 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms report that included 15 major vendors.1
WithSecure was included as one of only 4 European headquartered vendors. We believe the inclusion of WithSecure highlights our commitment to delivering European cyber security solutions to empower the mid-market with a user-centric and easy-to-use platform that delivers advanced cyber security capabilities – not just products.
"This marks the 15th time2 WithSecure has been included in a Gartner® Magic Quadrant™ for EPP, which we feel solidifies our reputation as one of the trusted global vendors recognized in this report.
We believe this recognition validates our strategic shift and product-market fit for mid-sized companies looking for a European cyber security option."
Nina Laaksonen
Chief Product Officer, WithSecure
Endpoint Protection Platforms category continues to evolve
The Endpoint Protection Platforms, or EPP, is a category which replaced the original antivirus solutions category more than a decade ago. Based on the report, EPP solutions commonly have integrated endpoint detection and response (EDR) functionality enabling real-time telemetry collection, detection customization, post-incident investigation and response.3
The report acknowledges that vendors increasingly integrate EPPs with broader workspace security platforms and Threat Detection, Investigation, and Response (TDIR) capable products to reduce operational complexity and help optimize cyber security technology stacks.3 The TDIR sounds very similar to the promise of XDR solutions, and even though it includes XDR, some other capabilities are included as well, such as Managed Detection and Response (MDR), Identity Threat Detection and Response (ITDR) for identity-based threats, and even SIEM/SOAR for more general purpose log collection, automation and orchestration.
Workspace security on the other hand, looks more holistically at a user’s workspace in hybrid work scenarios by considering personal or enterprise devices and PCs or mobile devices.
Focus on minimal effective security
Even though Gartner and the Magic Quadrant™ reports commonly address primarily the needs of large enterprises, there is some guidance for mid-sized organizations as well.
“To manage cost and complexity, midsized organizations with limited resources should evaluate EPP products within a workspace security strategy. Such organizations should aim for a minimal effective workspace security stack, which is highly integrated rather than using a disjointed best-of-breed product approach.”3
Also, we believe the cyber security industry is finally dispelling the myth of "more is more". Security professionals are now guided by a new 'north star' – pursuing the right, minimum effective security to safeguard business outcomes. This is very important guidance especially for mid-sized businesses that are often underserved, under-resourced, and overwhelmed in the realm of modern IT security. Threat Detection, Investigation, and Response (TDIR) rightfully includes Managed Detection and Response services that are often the right answer for organizations with limited in-house resources.
The role of managed services for effective security operations?
For small teams, managed services might be the only option. Managed services can also co-exist with the existing team to bring world-class expertise, dramatically reduce costs, add focus, and increase effectiveness of security operations.
The report highlights how resource-constrained organizations often seek partner- and vendor-delivered service wrappers, choosing from outcome-driven Managed Detection and Response (MDR) or co-managed security monitoring service options. Organizations expect their providers to perform investigation, containment and exposure reduction, regularly allowing providers to perform remote responses to disrupt or contain threats. Many of these response actions are centered around EPPs but expand to a broader set of Threat Detection, Investigation, and Response (TDIR) capable controls.3
Increasingly proactive security with exposure management capabilities
The report noted “most vendors are also expanding agent-based vulnerability and exposure assessment and prioritization”3 and the EPP market definition already noted “assessment of endpoints for software and OS vulnerabilities and misconfigurations, as well as built-in or integrated patch management and virtual patching capabilities.”1
WithSecure has been helping its customers to quickly address software vulnerabilities already since 2014 by including patch management as a standard feature in its EPP product, followed by more comprehensive vulnerability assessment capabilities acquired in 2015. The launch of Elements Exposure Management in 2024 combined many existing capabilities to provide a 360° view of cyber risks across cloud services, identities, managed devices and network. Notably, WithSecure’s approach is not limited to exposures discovered by WithSecure’s endpoint agent, but it also covers unmanaged endpoints, like IoT devices, identities and cloud misconfigurations, making comprehensive exposure management capabilities available on the unified Elements Cloud platform.
Europe’s most trusted cyber security companies
WithSecure continues to be very ambitious and driven to provide the best security outcomes with technology and co-security services that benefit our mid-market customers.
"By 2029, 30% of midsized organizations will converge workspace, data security and identity security capabilities into a workspace security platform, enabling holistic protection and centralized policy management."
– Gartner®3
We will continue to strengthen WithSecure’s reputation through innovation, as well as a deep commitment to both customers and partners. Our focus on delivering flexible, user-centric solutions tailored to the mid-market has driven significant improvements, and there are many areas in which WithSecure considers itself a visionary, for example, its Exposure Management with patent-pending capabilities for model and visualize potential attack paths, response actions for Entra ID to mitigate identity threats and flexible MDR services delivered as part of our Co-Security Services.
Even though the Gartner Magic Quadrant report is an insightful and impartial guide to the market, WithSecure recommends also considering other industry analysts and independent evaluations to complement the report.
You can learn more about how to protect your organization against cyber threats with a unified protection, detection, and response delivered by WithSecure™ Elements Extended Detection and Response (XDR) at www.withsecure.com/xdr.
1 Gartner Glossary for Magic Quadrant reports. www.gartner.com/en/research/methodologies/magic-quadrants-research
2 WithSecure has been recognized in every report since 2012. Additionally, WithSecure has been recognized in 2007 and 2009, as well.
3 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. Evgeny Mirolyubov, Franz Hinner, Deepak Mishra. 14 July 2025.
Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.