A few years ago (2016), my esteemed colleague Doug Cahill and I spoke with 30 enterprise organizations about their endpoint security requirements and strategies. Based upon these discussions, we came up with a concept called the endpoint security continuum.\u00a0On one end of the continuum lies advanced threat prevention. This software is sometimes referred to as \u201cnext-generation AV\u201d because it uses technologies such as machine learning and threat intelligence integration to improve the threat prevention capabilities of traditional AV products.The other end of the continuum features advanced detection and response, which the industry has since dubbed endpoint detection and response (EDR). Rather than block exploits and malware, EDR focuses on monitoring endpoints to detect suspicious activities and capture data for forensic and security investigations.At the time, Doug and I reached a few conclusions:75 to 80 percent of the market would lean toward advanced prevention, while 20 to 25 percent of organizations would focus on EDR. The bias toward advanced prevention was because few organizations had the technical chops or resources for a complex EDR project.Eventually, vendors would seek to bridge the endpoint security continuum by offering product suites that span from advanced prevention to EDR. When this happened, organizations would buy the whole enchilada.\u00a0Fast forward to 2018, and I\u2019m happy to say that our hypotheses are playing out \u2014 sort of. According to ESG research:87 percent of organizations plan to buy a comprehensive endpoint security suite that covers the entire endpoint security continuum from advanced prevention to EDR.When asked to identify the most attractive functionality of a comprehensive endpoint security suite, 28 percent of cybersecurity professionals said EDR. This was the highest percentage of any potential response. So, after advanced prevention capabilities, EDR is becoming a requirement.So, next-generation AV products will bundle in EDR and offer the whole thing as a comprehensive endpoint security suite, right? Well, kind of. It\u2019s true that most organizations want EDR functionality, but it\u2019s also true that a large percentage of these organizations still don\u2019t have the skills and resources for a full-blown EDR deployment.3 types of EDR products\u00a0Given this market reality, Doug and I believe that EDR will undergo market segmentation and end up with categories such as these:Enterprise EDR. These products will collect, process and analyze all endpoint activity. Furthermore, enterprise EDR will be anchored by on-premises infrastructure (i.e. collectors, servers, storage, etc.). This will remain a niche market (around 20 to 25 percent), focused on large organizations in regulated and highly secure industries.EDR light. In this model, EDR will be \u201ctrigger-based.\u201d When a behavioral analytics, SIEM, or UEBA rule fires, EDR light will start collecting behavioral data on suspected systems. This is like the way some organizations use PCAP technologies today. EDR light will be especially attractive to organizations building a security operations and analytics platform architecture (SOAPA), as endpoint security data will support other analytics. Many enterprise and mid-market organizations (40 to 50 percent of the market) will choose this option.Managed EDR. This is sort of a \u201ctweener\u201d for organizations that want full (or close to full) EDR but don\u2019t have the skills or resources to pull it off. The managed EDR market will further evolve into subsegments. Some service providers will focus only on detection, while some will push all the way to response and remediation. Some will offer managed EDR as part of a larger managed detection and response (MDR) offering. Some will delve into managed threat hunting. All in all, 25 to 40 percent of the market will go for some form of managed EDR.\u00a0It's also likely that some product and service providers will offer a full menu of options ranging from products to fully managed services. These hybrid offerings will appeal to large global organizations that need various capabilities in different locations.\u00a0Rather than default to a product, security managers really need to assess their needs, resources, and skills before making an EDR decision. There will be a lot of options to choose from, so CISOs must choose wisely.