top of page

Forrester Names Microsoft a Leader in The 2022 Enterprise Detection and Response Wave™ Report



Microsoft are excited to share that they have been named a leader in The Forrester Wave™: Enterprise Detection and Response, Q1 2022.

Microsoft received one of the highest scores in the strategy category and strength of current offering category. In the Forrester Wave™ assessment, Microsoft Defender for Endpoint received the highest score possible in 15 separate criteria including endpoint telemetry, investigation capabilities, threat hunting capabilities, user experience, product vision, and innovation roadmap.

“Microsoft has made itself a powerhouse in security innovation and EDR. Microsoft has a vision to protect all endpoints through a combination of prevention, detection, and auto-remediation,” writes analyst Allie Mellen in the report. “Its roadmap includes continued progress on Linux and Mac feature capabilities, IT and security collaboration, and XDR capabilities.”

This is the ninth Forrester™ Wave report that Microsoft Security is a Leader. Microsoft is the only vendor to be recognized as a Leader in the Forrester Wave™: Enterprise Detection and Response, Q1 2022, the Forrester New Wave™: for Extended Detection and Response, Q4 2021, and the Forrester Wave™: Security Analytics Platform Providers, Q4 2020. Microsoft attributes this success to our focus on empowering defenders through world-class threat intelligence and best-of-breed capabilities that break down boundaries between previously disparate security tools to deliver integrated security information and event management (SIEM) and extended detection and response (XDR).

Endpoints are frequent targets of new, sophisticated malware and ransomware attacks. Today’s organizations need a new approach for prevention and protection and Microsoft gives security operations teams full visibility of not just endpoint information but also signals from identity, cloud applications, and email in Microsoft Defender 365 to help security teams more rapidly detect and evict threats.

Microsoft has been investing heavily in multi-platform support for Microsoft Defender for Endpoint over the past three years and now offers comprehensive protection for the platforms you need including macOS, Linux, Android, and iOS while continuing to deliver differentiated protection for Windows.

The Forrester Wave™ report mentions several features of the Microsoft EDR offering in its report profile:

  • Auto-generated, human-readable detection names and a replay of the attack story to assist with the investigation, helping companies see exactly what happened in an attack and in what order.

  • Telemetry aligned to MITRE ATT&CK, with a native sandbox feature, response recommendations, remote shell capabilities, and custom scripting.

  • Ability to search telemetry by type or search raw telemetry for 30 days by default, as well as schedule queries.

Microsoft is dedicated to protecting companies from real cyberattacks and has committed USD20 billion over the next five years to deliver product excellence, innovation, and cutting-edge technology, according to the Forrester report. That’s an increase from the USD1 billion per year spent on cybersecurity since 2015. Microsoft’s endpoint security vision includes an end-to-end endpoint protection suite, reduced response time, coverage for all platforms, and a single, integrated solution across all assets. Reference customers interviewed by Forrester said Microsoft’s USD20 billion investment was a key reason why they chose to work with Microsoft.

Microsoft Recognised as a Leader in XDR in Q4 2021

In Q4 of 2021, Microsoft was named a Leader in the Forrester New Wave™: for Extended Detection and Response (XDR) Providers, Q4 2021. Microsoft’s strategy for XDR is to create the most comprehensive solution—collecting signals from multi-platform sources, including Windows, Linux, iOS, Android, and macOS, and multicloud deployments like Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) coupled with built-in AI, automation, and prevention capabilities.

“Customer references cite the united technology stack as Microsoft’s biggest strength,” writes Forrester in the Q4 report. “They especially highlight Microsoft’s detection engineering quality as adding consistent, cutting-edge value.”

The report cited Microsoft for:

  • Offering robust, native endpoint, identity, cloud, and Office 365 correlation with singular and cross-telemetry detection, investigation, and response for its native offerings in one platform.

  • Providing the best fit for companies moving to or already on an E5 license, stating “Clients get the most value by adopting the entire suite.”



bottom of page