I'd love to invite our next speaker to the stage. We're making a bit of a pivot, looking to the Brilliant Basics, but a new approach to that. So over to you, Martin. Nothing fundamentally new. I look a bit at Endpoint Protection, Detection & Response, it looks like I'm scaring away people. Probably they have heard me too often, but it doesn't matter. But one thing I'd like to add, maybe, and by the way, I think we were the first one who had women in our events at the European Identity Conference that usually runs in May.
I think that there's one more thing just to keep in mind in that context, where we should be a bit more active, I think, in bringing people in that is handicapped people, which never pops up as a topic, but it's something we should really keep in mind. And there are a lot of opportunities, plenty of opportunities, depending on the type of handicapped. That's something which is very much to my heart, because we are light years away from an acceptable level of inclusion or inclusivity here. That's just as a side note, maybe on that.
So I'm Martin Kupinger, I'm one of the founders of Kupinger Coal Analysts, working as a principal analyst, so doing quite some research and other things here. And I want to look a bit at Endpoint Protection, Detection & Response. I'll probably not spend too much time on the reading out of slides, but talking a bit more openly about some of my thoughts I have on this. I think we all know that endpoint security is an important thing, and we have different types of threats here, which is on the one hand, we all know ransomware, and some of you may have been hit already, others not.
We have this risk of just devices disappearing. So I myself had this a couple of years ago in the train from, I think, back from Essen to Stuttgart, and there in Cologne, my rucksack just disappeared. I learned there are groups that enter crowded trains, run through, grab some luggage and disappear again. So that also meant that my notebook disappeared, amongst other stuff, the keys to my house, all the things that happened. So since then, I'm much more careful and have every relevant things always very close to me.
So there are these situations, and when you look at, take Zero Trust, and I still believe in Zero Trust, by the way, because I believe it's still a very good principle, a very good concept. To me, Zero Trust, at the end, starts with the identity and with the device.
So Martin, identity, logs into his device, or also indicates on his device, then goes over network to system, etc. So the entire thing starts, and when we look at the typical attack chains, then they come in via identity or endpoint or both based attacks. We look at this market of EPDR, which is something which helps us in tackling ransomware. It's one of the important elements in that. It's not the only element in that, for sure.
We all know that we need to have a quite broad set of things, and we need to have sort of a very good understanding also of our risks and where we stand and which vulnerabilities we have, which risks we have, etc. As someone from Wilkan here, it might be very worth to look at what they do to understand also risk exposure. So basically, we have a lot of things. What I particularly like are things like sandboxing. So let the bad stuff explode in a contained environment, for instance. That's something I feel very relevant. So basically, EPDR is one part of a ton of solutions.
This is by far not complete, this picture. But these letter soup things, we all know, are there and they are complex. And we have clearly also our identity management or IGA coming in from a governance perspective. Then we have the broader what fits into XDR, how do things relate to each other. We have the new ITDR thing in there. And EPDR is one of these elements, which is part of this bigger picture. And when we look at it, it relates to a certain extent to unified endpoint management, which also has elements of at least the endpoint protection platforms, the EPP part.
And as I've said, ITDR coming in newly, which also is sort of the identity side of the DR story, which is, by the way, just as a side note, ITDR has a lot to do with UBA, but it's just a smarter name. It's all technology-wise evolving, but at the end of the day, also the name is just smarter. Because as I always say, when you talk to a German organization about user behavior analytics, then you scare them away because of the workers council. If you say we are detecting and defending against identity-based threats, you're doing the same, but it sounds better.
So terminology can really play an important role here. When we look at this market, there are a ton of things. And if you're honest, basically a lot of the features we have here on the EPP list are to a certain extent more effectively DR features, so detection at least, because a lot of these things really are more on the detection side. So we have sort of a blurring line, if we're honest. A blurring line between this protection and detection. And we clearly can always argue about, is this really a protection feature or is this a detection feature?
So when you sandbox, you protect, but if something happens in the sandbox, you detect. So blurring lines. As I've said, it all started back in the days with the first anti-virus stuff, etc., into anti-malware, into endpoint protection platforms that had a bit of broader capabilities. And then we added basically other things like firewalls and URL filtering, and whatever is very important for countering ransomware, the system file integrity monitoring. And on the other hand, we have the model detect and response, which also goes into forensics, responses, playbooks, etc.
So how do we react on things we identify? So there's a different angle, but as I've said, some of the things we have probably more on the protection side basically are factually also a bit more on the detection side. But what we have nowadays is quite a number of players that have relatively comprehensive solutions. And I think there's also logic in going into a more comprehensive set of solutions.
So first, you need it. You need a lot of capabilities because we have a broad variety of attacks. We need different mechanisms to counter attacks. So signature-based anti-malware still plays a role. It's just a lot of noise filtered out, so to speak. But we have the other types of attacks where we need other types of analytics, other types of capabilities. And so we need more capabilities, which means we need more comprehensive solutions.
And I'm a big fan of looking at to which extent can we integrate such capabilities because I think there are two challenges when we have too many point solutions. The one is cost. So at the end of the day, if you have a lot of different elements, then at some point the cost will be higher than for an integrated solution. The second is operations. So bringing them together, integrating them, running different solutions is a challenge. And the one which I feel is a bit overlooked is the number of agents. Endpoint agents have a slight tendency to interfere with other agents.
So the more agents you have, the more trouble you have. So reducing the number of agents is an advantage. So you should also keep this in mind because there might be really just conflicting things. And that also speaks for integrated solutions aside of the deployment issues, etc., the update, patching issues you have. From that perspective, there's a real logic. And usually these solutions then come with a certain level of good authentication, APIs, SOAR integration, also SIEM integration surely, and all the other stuff that comes with this type of solution.
So we have quite a set of features, innovative features, things like advanced pre-execution heuristic detection models. So trying to detect something or at least predict that that might be something bad, even while you don't know it exactly. So try to avoid that something even explodes in the sandbox or so. We see a lot about endpoint browser protection. I think we can have very different opinions on that. I'm not exactly sure whether I will ever become a believer in these enterprise browser things because clearly the price we need to pay is also again deployment, etc., might be compatibility.
Even if it's Chromium, there might be delays in what is supported, etc. So there are a couple of challenges we are facing. So this is something where I think we also should be very careful and evaluate for which use cases we accept the trade-off or not. So I think there's also a bit of a potential lock-in risk in these things, etc. Wait and see and then you whatever. We have seen this so frequently. Then something new pops up in technology and then it's not supported, but the CEO wants the newest gadget and then you're in discussion because you won't allow it and blah, blah, blah.
We've seen that before. We did our leadership compass, looked at quite a number of vendors. In the rating finally ended this group. Some are in the vendors to watch section. I think one or two or three weren't overly happy with our perspective on them. So that sometimes happens. But I think we always tend to stand. I don't want to go into detail. I think you should have or can have potentially also highlighting our membership, etc., access to all our research.
The one thing I just want to point out is in the product leadership, we have sort of a bubble of a lot of vendors, which is interesting because I think there are two things which are interesting in that. The one is none of our vendors achieved a really high rating. So most are just product leaders, but not sort of on the top of the product leadership. So not on the top of the chart, which means all of them have some way to go. So none is perfect. They are probably all have their strengths and their weaknesses. So some are better in this area. Some are better in that area.
We clearly can discuss about all of these vendors. Crowd strike is, in this case, a little lower because when we did this, it was just around the incident. So we thought about how to handle that. We kind of have very different positions on that. What does it mean? Is this something which was a one-time incident or not? You could argue it's not a first time for the crowd strike CTO to have such an incident. In a former life at another vendor, he had a similar thing. So you can argue it's a one-time thing which will never happen again or not. We don't know.
I think there are a lot of learnings, hopefully for every vendor in space, on how do you update things, et cetera. So at least we must be in a situation where, to my perspective, we must be in a situation where when we see an update causes trouble and it starts in New Zealand, goes to Australia, and then to Southeast Asia, and at latest I would say around India, they should have stopped it, which would be super simple to do. Super simple.
Because the only thing you need to do is to monitor what is happening, to have sort of a kill switch where before the update, so the update had been deployed before, but if you're before the execution of the update and just text back, should I do it or is there something critical? So it would be very easy to build something like that. But it's not really rocket science. So I think hopefully all of the vendors learn from that and how to do it better. Also just checking for zeros might be very helpful aside of that. But I think things can be done better.
On the other hand, I'm long enough in the industry to have seen quite a number of updates causing problems. I remember several Windows updates in the past, so in the XT times, et cetera, and before, which also killed a lot of systems.
So anyway, when we look at the market overall, we have a number of strong products, none of them perfect, so you really need to be very focused. In our leadership compass, you will find spider charts and a lot of information about vendors that help you picking which one is the right one for your use case. It's essential to have it. And I expect to see more integration into XDR. I would say we will see two types of XDR. The one is really the suite approach, which is currently more popular amongst the medium-sized to small businesses.
And one will be the sort of having a logical XDR in the sense of you have different elements which you bring together into your own integrated XDR solution because most organizations don't start on the green field, but you have certain elements you might then combine into something which basically ends up in being your XDR solution. So this is a very short overview about some of my perspectives on the market. Thank you. Do we have any questions from the audience? Yes. You're not supposed to ask questions to me. I'll try there, if you will.
So you mentioned zero trust in the beginning of your presentation. Wouldn't you assume that EPDR as a concept is an opposite of zero trust? And you should always assume breach and never trust someone telling you that your device is safe? You could say it's sort of a verification element as well. So you can turn it over that way that you say you're verifying that things are okay, that they're going well. And it's not that you – I would say if you just say, I have EPDR installed and I forget everything, which is not the sense of EPDR because you have to detect response.
So for EPP, you could argue that way that you say, okay, I have my EPP installed and everything is well and I trust in it. Then it wouldn't be really zero trust. But latest was the DR part. You're looking at what is happening. Is there something going on? Do I need to do something? So I would say this is one element of many. So zero trust never is done by a single tool. I think honestly the area where I feel it's maybe least zero trust, that is set TNA.
Because in set TNA, so zero trust network access, we basically say we build a trusted connection over the network, which is, so to speak, the opposite of zero trust. Clearly set TNA helps in a full set CST model as one of the elements to secure things. But we just shouldn't blindly then think, okay, we have a secure connection and we can forget about everything because it's secure. That's not the right way of thinking.
Yes, I think zero trust basically is layer security. And a lot of analytics, monitoring, anomaly detection, and so on. Thank you. Any other questions? All right.
Then, thank you very much, Martin. Another round of applause.
