Endpoint protection sales will continue to see double-digit growth, Gartner predicted as it named the same six vendors as ‘Leaders’ in its Magic Quadrant for the sector for a fourth year running.
The $18bn endpoint protection market is set for a shake up in the coming years as “rapid AI adoption” and “emerging supplier sovereignty requirements” reshape buyer priorities, the analyst said.
Currently growing at around 14% annually, endpoint protection sales will swell by a CAGR of around 11% through 2028 to hit $26bn, Gartner predicted.
Leaders lowdown
CrowdStrike and Microsoft hold an estimated 40% share of the spoils between them, it noted.
And it was this duo whose dots were also positioned furthest to the right and top of Gartner’s research this time around (with CrowdStrike seemingly extending its margin over the latter compared with 2025).
The achievement was immediately flagged up by CrowdStrike CEO George Kurtz, who described endpoint as “the decisive battleground in security”.
They were joined in the Leaders’ box by Palo Alto Networks, SentinelOne, TrendAI and Sophos in a line-up that has remained identical since 2023.
Leaders “consistently demonstrate progress across all criteria” related to the two axes of ‘Ability to Execute’ and ‘Completeness of Vision’. They hold “significant mind and market share”.
ESET was named as a ‘Challenger’ (mature product but “often late in addressing emerging needs”), while Bitdefender and Check Point were given the status of ‘Visionaries’ (deliver new and emerging capabilities ahead of competitors but may lack track record or market share).
Fortinet, Trellix, WithSecure and Broadcom also made the cut as ‘Niche Players’ (offer solid products, but rarely lead the way in introducing new capabilities or marketshare). Cisco and Cybereason were dropped from the quadrant altogether.
Rationalisation, sovereignty and AI
Turning to market trends, Gartner noted that some established endpoint protection vendors are responding to efforts among cybersecurity leaders to rationalise their cybersecurity vendors by incrementally expanding their product footprint.
Over the last 12 months, CrowdStrike has acquired SGNL, Seraphic Security, Onum and Pangea, it noted.
“There were 400 reported mergers of cybersecurity companies in 2025, and the top 10 cybersecurity enterprise software security vendors continue to grow their revenue,” Gartner said.
Heightened geopolitical instability is also driving stronger technological sovereignty requirements, Gartner added.
This was one area in which market leader CrowdStrike was marked down, with Gartner complaining its customers “still have limited choices for cloud-hosting points of presence outside Germany and the US”.
The rapid adoption of various forms of AI by organisations is outpacing the speed of cybersecurity control planning, deployment and fine tuning, the analyst also noted.
But although vendors are increasingly investing in generative and agentic AI to improve product usability, adoption by security teams remains limited, Gartner said.
“Today’s generative AI features primarily focus on administrative assistance, such as incident summarisation and documentation discovery,” it said.
