Unified endpoint management (UEM) tools: What’s new in Gartner’s Magic Quadrant 

CISOs across industries are looking to improve how resilient their endpoints are and to reduce costs, and are consolidating their tech stacks. They aim to strengthen integration between unified endpoint management (UEM), endpoint security and analytics. With IT and security budgets stretched thin and a new wave, growing quickly, of more automated, malware-free intrusions that are responsible for 71% of all detections indexed, there is a need to save on costs while making the current tech stack as effective as possible. 

Consolidation and its effects on leading UEM vendors’ strategies is a core theme that resonates through Gartner’s latest Magic Quadrant for Unified Endpoint Management Tools. IBM, Ivanti, ManageEngine, Matrix42, Microsoft and VMware have made product, service and selling moves in response to how focused CISOs are on consolidation. 

Gartner dropped Blackberry and Citrix from this year’s Magic Quadrant. Gartner says BlackBerry was unable to meet its inclusion criteria for macOS management. Citrix is no longer in the MQ, as it announced on July 1, 2022 that it would no longer be selling Citrix Endpoint Management, turning its attention to zero-trust network access (ZTNA) and desktop-as-a-service (DaaS) technology investments.

CISOs push for consolidation 

Getting greater value from their tech stacks while reducing costs dominates CISOs’ priorities today. Cyberattackers continue to hone AI and machine learning skills, leading to an arms race that enterprises struggle to keep up with. The latest additions to Gartner’s MQ further validate that CISOs see integrating their tech stacks’ core applications as the best possible strategy today, outside of getting more funding for the latest detection, response and endpoint technologies.

“If I have five different agents, five different vendors on an endpoint, that’s a lot of overhead support to manage, especially when I have all these exceptional cases like remote users and suppliers. So number one is consolidate,” said Kapil Raina, vice president of zero trust, identity and data security marketing at CrowdStrike.

There’s ample room for consolidation as the number of security controls per device is increasing, up to an average of 11.7 per device, according to Absolute Software’s 2021 Endpoint Risk Report.

CISOs look to UEM vendors to provide greater integration and cost savings, another dominant theme of this year’s MQ. 

“They want to get more value,” Raina told VentureBeat. “In the last month, I cannot tell you how many customers came to us and said, ‘I’m already using these third-party services. I love that I have everything in the cloud and one agent, can I do more with it? Can I solve more problems? Can I get rid of another solution to solve the problem with the architecture I know and love?’ So, number one is consolidation that saves on operational costs.” 

What’s new this year 

According to Gartner’s analysis, organic growth in existing enterprises is the primary catalyst of the market’s growth, driven by additional deployments for Windows and macOS devices and mobile. In addition, their clients are asking for guidance on improving patching and managing corporate-owned endpoints of remote employees to support remote and hybrid work. 

New strategic planning assumptions for the UEM market

New this year are two strategic planning assumptions for the market. Gartner’s MQ predicts, “over the next three to five years, we anticipate the inability of enterprise IT leaders and managed service providers to scale staffing levels and skill sets to meet ever-increasing business and cybersecurity needs [and these] demands will catalyze the adoption of intelligence and automation.” Gartner calls the next phase “autonomous endpoint management (AEM).”

The first new strategic planning assumption is that “by 2027, unified endpoint management (UEM) will converge to drive autonomous endpoint management, reducing human effort by at least 40%.” The second is that “by 2025, more than 90% of clients will use cloud-based UEM tools to manage the majority of their estate, up from 50% in early 2022.”

Intelligence and automation are setting a new standard in UEM

IBM, Ivanti and VMware’s improvements in intelligence and automation over the last year are new to this year’s MQ and shared across quadrant leaders. Gartner finds that “security intelligence and automation remains a strength as IBM continues to build upon rich integration with QRadar and other identity and security tools to adjust policies to reduce risk dynamically. In addition, recent development extends beyond security use cases into endpoint analytics and automation to improve DEX.” 

Through its series of successful acquisitions, including RiskSense, MobileIron, Cherwell Software and Pulse Secure, Ivanti looks to provide CISOs with the consolidated tech stack they’re looking for. For example, the RiskSense acquisition strengthened Ivanti’s intelligence and automation product capabilities. Gartner observed that “Ivanti Neurons for Unified Endpoint Management is the only solution in this research that provides active and passive discovery of all devices on the network, using multiple advanced techniques to uncover and inventory unmanaged devices. It also applies machine learning (ML) to the collected data and produces actionable insights that can inform or be used to automate the remediation of anomalies.” In addition, Gartner says, “Ivanti continues to add intelligence and automation to improve discovery, automation, self-healing, patching, zero-trust security and DEX via the Ivanti Neurons platform. Ivanti Neurons also bolsters integration with IT service, asset and cost management tools.”

VMware’s product strategy before the Broadcom acquisition in May 2022 reflects CISOs’ priorities for consolidating tech stacks. Gartner notes, “Workspace ONE includes Workspace ONE Freestyle Orchestrator, a low-code automation workflow designer that can take action on devices and applications based on triggers from UEM events and data.” In addition, VMware concentrated on integrating automation, intelligence and reporting — core to what CISOs are looking for. 

Gartner says, “Workspace ONE Essentials editions include Workspace ONE Intelligence for insights and reporting and rule-based automation. The Enterprise Edition adds use-case focused solutions to measure and improve DEX, Risk Analytics for continuous verification, based on machine learning and risk scores from device context and user behavior.”

Honorable mentions

While Blackberry was excluded from the MQ this year due to not meeting the macOS management requirement, Gartner recognized the company’s expertise in bring-your-own-device (BYOD) customer use cases. 

Gartner also notes that “BlackBerry also includes integration with its Cylance security solutions, offering tight alignment across endpoint management and security,” which is encouraging given the $1.4B Blackberry paid for Cylance. 

Tanium was excluded from the MQ due to not having MDM capabilities. However, Gartner did mention that “Tanium has a strong capability to discover devices, identify vulnerabilities and patch a wide variety of device types in almost any network scenario.” 

Few vendors are getting zero trust right

Ivanti and VMware are the only two vendors Gartner gives a neutral to positive review for their zero-trust capabilities. Gartner’s statement in the MQ that “Ivanti continues to add intelligence and automation to improve discovery, automation, self-healing, patching, zero-trust security and DEX via the Ivanti Neurons platform” reflects the success Ivanti is having with multiple acquisitions over the last few years. CISOs prioritizing consolidation need to keep zero trust as a priority. Their influence on the UEM vendor landscape is significant and growing.

IBM, Ivanti and VMware’s approach to integrating more automation and intelligence into their UEM platforms is what the market needs. However, Gartner’s take on the UEM market shows that vendors must improve integration and endpoint resilience. Additional vendors include Absolute Software with its Resilience platform, Cisco AI Endpoint Analytics, CrowdStrike Falcon, CyCognito, Delinea, FireEye Endpoint Security, Venafi, ZScaler and others.