Malwarebytes scores very low on Gartner's MQ for Endpoint Protection

[riahc3]

 

 

What is up with this? Malwarebytes has scored VERY low (1st or 2nd worst....). 

 

Expected much better than this

[exile360]

Greetings,

I'm not certain how they are making their determinations, however I do find it interesting that they list Microsoft as one of the leaders.  If that criteria is anything to go by, then theoretically no Windows users should be infected since MS is apparently one of the best endpoint protection providers, however I know this not to be the case by the fact that countless users relying on Defender get infected every day (along with many of the other products that were ranked highly).  I suspect that they are basing it on some arbitrary set of recommendations/requirements and for whatever reason they don't consider Malwarebytes to rank very highly.  This is in stark contrast to one of their previous rankings where I recall that they had Malwarebytes ranked as a visionary and leader, but I guess things have changed.

[David H. Lipman]

I'm sorry... what does that chart mean ?

• What is "Completeness of Vision" ?
• What is "Ability to Execute" ?
• From what is the data derived ?
• What information is is it supposed to purport and what are we, the viewer, intended to take-away or assess from it ?

 

Edited November 22, 2019 by David H. Lipman
Edited for content, clarity, spelling and grammar

[exile360]

I found more info courtesy of a link provided by Microsoft that points here.

Apparently this is all about enterprise EDR solutions, so it isn't even relevant to the consumer product at all.  They're looking for manageability, historical client data, custom event tracking/blocking and other such items that don't apply to a consumer use case at all.  I also think they might have missed the fact that Malwarebytes' EDR solution includes a utility called Timeliner that actually does store historical data for analyzing attack events as well as rollback for ransomware attacks, at least based on what I gleaned from their description of Malwarebytes in the link above regarding the results.

[sman]

Seems to be about this report in "https://www.gartner.com/doc/reprints?id=1-1OCBC1P5&ct=190731&st=sb"

 

[David H. Lipman]

Very subjective at best.

 

[exile360]

Yes, that's the page I linked to above that I picked up from Microsoft's article here.  Gartner is factoring things like marketing, sales and a company's financials/size.  These are not factors that are directly related to security or the efficacy of a security solution in any way so it seems their analysis isn't necessarily about which products are the most effective, just which products meet their requirements and criteria and most of their requirements only apply to enterprise environments.

Here's what they had to say about Malwarebytes in their report:

Malwarebytes

Malwarebytes is best known for its malware removal capabilities, but it has a growing presence in endpoint protection and an emerging Endpoint Protection and Response solution. Both EPP and EDR modules are delivered via a single agent and are managed through a single, cloud-based management dashboard. Malwarebytes Breach Remediation (MBBR) provides an agentless remediation capability. Malwarebytes also offers an on-premises, managed EPP product.

Malwarebytes will appeal to organizations of all sizes that have limited cybersecurity resources and high remediation expenses.

Strengths

• Gartner clients praise Malwarebytes for its simplicity to use and its intuitive dashboard, as well as for its detection rates on long-tail malware and its malware remediation capabilities.
• Malwarebytes provides advanced remediation capabilities such as the ability to interact with processes, view and modify the registry, send and receive files, and run commands and scripts remotely.
• Malwarebytes’ Endpoint Protection and Response product can roll back the changes made by ransomware, including restoring files that were encrypted in the attack. This action can be performed remotely from the cloud management console up to 72 hours after the attack, without the need for any local access to an endpoint.
• Malwarebytes enterprise products integrate with operations suites such as IBM BigFix, Tanium, Phantom, ForeScout and Microsoft’s System Center Configuration Manager (SCCM) through Malwarebytes Cloud Platform’s available APIs.
• Its EPP capabilities do not require an internet connection to provide threat protection, allowing for protection for organizations with untethered endpoints that do not have network connectivity.

Cautions

• Malwarebytes is one of the smaller vendors in this analysis, and it lacks the scale of global operations of larger peers. Malwarebytes does not provide any managed services directly.
• Malwarebytes does not participate in regular tests of its anti-malware effectiveness. It only appeared in the NSS Labs test.
• Some large enterprise features, such as extensive role-based administration and support for non-Windows endpoints, are missing. Malwarebytes does not support application control or offer any vulnerability or configuration management capability.
• While Malwarebytes has gained recognition among Gartner clients for its malware prevention and remediation capabilities, it does not offer enterprise-grade EDR capabilities beyond attack visualization. It does not retain historic data, or enable hunting queries, searching for specific processes, alert automation and customized rules for event blocking.
• Although Malwarebytes has made some improvements to its cloud-based management dashboard, it is still lacking in visual reporting and quick-view dashboards.