Gartner Research

How to Optimize the Cost of Endpoint Protection

Published: 17 August 2020


Security and risk management leaders should use these optimization best practices to reduce the cost of the endpoint protection platforms in their organizations.


Key Challenges
  • Organizations often underestimate their leverage when negotiating with vendor sales representatives.

  • Vendor sales representatives are excellent at hiding their corporate insecurities, and buyers rarely exploit the increasing competitive market by seeking quotes from multiple vendors and resellers.

  • Users often focus their price negotiations on volumes and discounts; however, there is a need for other effective strategies to optimize costs, such as vendor consolidation and looking into lower-cost vendors.

  • The decision between on-premises and cloud-managed is often perceived to be architectural, which overlooks the cost-savings aspect.


Security and risk management leaders responsible for endpoint security should:

  • Use the “start early and finalize later” approach, and always negotiate with multiple vendors and resellers. Don’t let the preferred vendor take your business for granted.

  • Focus cost optimization efforts on the total cost of ownership, including the administration and operational expense, not just the subscription costs.

  • Investigate the utilization rate of licensed functions in endpoint protection platform suites, and talk to the business about current and future license volumes.

  • Take advantage of the relationships with their other strategic vendors by bundling EPP products into larger security or infrastructure contracts, when possible.


After COVID-19, Gartner estimates that worldwide spending on information security will reach $142 billion in 2020, which is an increase of 4.2% compared with 2019; however, this is down from pre-COVID-19 estimated growth of 9.1%. Endpoint protection spending is expected to experience a slight decline in 2020, with a return to moderate growth in 2021.

A Gartner survey conducted in March and April of 2020 shows that 51% of organizations have business operations discontinued or are severely restricted as a result of COVID-19. Even pre-COVID-19, roughly 80% of organizations were pursuing a security vendor consolidation strategy or planning to pursue one during the next two to three years.

In the endpoint protection platform (EPP) market, average prices were already increasing significantly, due to the addition of endpoint detection and response (EDR) and support capabilities. As a result, many post-COVID-19 organizations are likely to be working to reduce costs as much as possible.

The following best practices (see Figure 1) can help endpoint security buyers optimize the cost of endpoint protection.

Figure 1: Plan to Negotiate


The first step is to conduct an inventory of the current environment and determine the real future requirements. Security and risk management (SRM) leaders should review:

  • The types of OS or assets to be covered

  • Different geographical presences and their sizes

  • IT support structure

  • Threat exposure and threat models

  • Existing EPP license entitlements and volumes

  • Deployed EPP components and volumes

  • Integration with existing devices or technology — such as security information and event management (SIEM) systems or firewalls

  • Nature of workforce (remote or on-premises)

Gartner’s Adaptive Security Architecture (see ) provides a framework of 12 critical capabilities that a modern security architecture should encompass. Organizations can assess the features and functions provided by their current security solutions against these capabilities. These assessments will help organizations focus on current usage, entitlements and future needs, and better prepare for negotiations.

First, evaluate needs and map them with the different capabilities already available as a part of existing licenses. For example, Microsoft offers EPP capabilities as a part of the default and/or premium package/license. Some EPP suites provide additional licenses for encryption and data loss prevention (DLP) and licenses for exchange and storage in the suite. Ensure that the organization is using existing entitlements before buying new ones, and use those existing entitlements to influence negotiations.

This is a good time to evaluate the incumbent vendor’s position in the market.

  • If the vendor is publicly traded, review its published financial results from the latest quarter, as well as its future goals, to better understand how motivated the salesperson may be to make the deal. Underperforming vendors are under pressure to retain customers and to increase the installed base, leading to stronger discounting levels.

  • The days right before a vendor’s end of year and end of quarter are often good times to look for additional discounts or to drive a harder bargain, because sales people are scrambling to meet sales targets.

  • Review test scores (, and other evaluations (e.g.,Mitre) to see how they are doing relative to peers. Vendors that are struggling to show positive test scores or multiple awards are more likely to use price as an incentive over vendors that can more easily demonstrate value and positive market growth.

The average annualized list prices for EPP suites with equivalent functionality for 5,000 seats and a three-year term range from a high of $53 per seat per year to a low of $16 per seat per year. However, actual street prices (i.e., quotes) are often 25% to 35% lower than list prices. This means that an enterprise could save considerably by moving from the most expensive to the least expensive EPP suite.Not all solutions are equal in functions and value for the money. However, there are lower-cost providers that have functions that are similar to the more-expensive solutions, and not all organizations take advantage of the more advanced features of the premium solutions.

Take advantage of increasing free security functionality in the OS. Microsoft Defender (see ) and Macintosh XProtect provide no-cost, anti-malware protection. Microsoft BitLocker and Mac FileVault provide full disk and file and folder encryption, and are included with Windows licenses. They can replace most dedicated encryption products. At a minimum, the threat of migrating to OS-based tools should be used as a negotiating tactic.

Don’t just shortlist vendors identified as leaders in Gartner’s Magic Quadrant (see ), particularly during a highly evolving market and a period of new security spending. These vendors offer more advanced or complete solutions; however, some organizations could end up paying for premium functionality that they never fully exploit.

Switching to the lowest-cost provider is not without trade-offs. Lower-cost providers may lack advanced management and varying depth of protection. If nothing else, evaluating a low-cost provider may result in better justification for purchasing a higher-cost solution and a low price point to use in negotiations.

Review the overall endpoint protection strategy and the products that have been deployed. Organizations have a tendency to add layers of security based on specific events. Reevaluate what those are and whether they are still necessary. For example, a traditional AV product + an EDR + approved list + a clean-up tool can all be consolidated.

Multiple products from multiple vendors are more expensive to acquire due to the lack of suite and volume pricing, and they require more administration effort and training. The total cost of ownership (TCO) of a suite is often lower than equal point products, due to volume pricing, lower administration effort and vendor management. At the same time, the suites may offer better protection, due to the synergy among the products across different layers.

Keep in mind that suite packaging is in constant flux. Premium add-on features that initially cost extra are often included in subsequent packages, as vendors try to reduce the complexity of their pricing schemes and offer new customers more value. However, we often see resellers just offer renewing customers the same packages they already own. Check the vendor’s website for new packages, and ask resellers to quote relevant new packages as well.

Organizations may also be able to take advantage of their relationships with their other strategic vendors (such as Cisco, Microsoft, Symantec, Palo Alto Networks, FireEye, Dell and IBM) by bundling EPP products into larger infrastructure software/service contracts. This will increase the total contract value and may make additional discount levels available. In some instances, Gartner has seen endpoint products with discounts of more than 75%, when bundled with larger purchase orders.

Another opportunity for TCO savings is adopting cloud-delivered EPP. Almost all vendors are adopting a cloud-first product strategy. The cloud model, software as a service (SaaS), lowers costs by reducing:

  • The cost of hardware

  • Deployment and maintenance time and effort

  • The administration time of signature and version maintenance for off and on LAN devices

The SaaS-based approach delivers value through various aspects, such as:

  • Reduced switching costs, which, in turn, help in subsequent renewal negotiations

  • Lower performance impact on endpoints, which may contribute to extending the PC life cycle

  • Faster adoption of new capabilities, as per the vendor’s cloud-first strategy

Renewal negotiations should begin at least six months before the contract expiration date, to provide enough time for competitive bidding and migration planning. Late renewal negotiations shift the leverage to the existing vendor, because there is not enough time to seriously consider switching to an alternative.

Due to the operational costs associated with switching EPP, vendors will often offer “competitive replacement” discounts to compensate for migration costs. This price point is unlikely to be honored when the contract renewal arrives, unless there is an agreement not to increase the prices in subsequent years. We have seen some success at obtaining an agreement to limit subsequent renewal increases to a maximum of 2% to 5%.

Consider shopping with different resellers. Large volume resellers often get bigger discounts and incentive programs than smaller resellers, which they can pass on to valued clients.

When negotiating, keep in mind that discounts range from 25% to 35% off the list prices, depending on the situation; however, the list prices among solutions from different vendors are often significantly different. Evaluate and get quotes from at least one low-cost provider to use as leverage in negotiations.

Most vendors offer nonprofit organizations higher discounts (45% to 75%), so nonprofits should advise providers of their status upfront.

Always ensure that you are negotiating for the latest packages, and not just renewing existing entitlements. Vendors will often create new, more inclusive packages that can offer lower cost or more products than older packages. Check the website to determine which packaging deal is the most suitable for the organization. Don’t expect the vendor or value-added reseller (VAR) to suggest lower-cost or more-inclusive packages unprompted.

Once a contract has been signed and the base product has been deployed, the vendor’s incentive to offer discounts for additional licenses is drastically reduced. Contracts should be negotiated on a global basis, based on current needs. Negotiate a fixed price for future additional licenses that may be needed during the term.

List prices are typically based on bands (for example, 5,000 to 9,999; 10,000 to 14,999). Buyers that are near a band threshold should explore the cost of buying enough additional licenses to move into the next pricing band. However, do not overbuy. You can add new subscriptions during the term, often at the same price as the initial contract.

With a steady stream of new vendors bringing new products and approaches to the EPP market, Gartner expects pricing to decline. As a result, multiyear subscriptions should be kept to a maximum of three years and should get at least a 15% additional discount during a one-year term. Long-term subscriptions typically require upfront payment for all years. However, some resellers will finance longer-term subscriptions to enable equal annual payments, rather than multiple years upfront.

In the EPP market, subscription licenses (i.e., no residual license value past the term of the subscription) are becoming more popular than term or perpetual licenses (i.e., license cost for the term plus annual maintenance cost). Past the initial maintenance term, the residual value of perpetual licenses is often low. Subscription licenses should include no-cost migration to the latest versions of products.

Training and advance support are good areas to negotiate. Vendors want capable operators and satisfied customers, so they are often amenable to negotiations for these items.

Low-cost or free consumer products for employee home use or bring your own device (BYOD) are often available as an incentive.

Vendors often look for testimonials, case studies and customers who are willing to share their experiences. They may be willing to offer additional discounts in return for a commitment to be available for reference calls with the press, analysts and prospective customers, as well as for media testimonials. Larger companies and recognizable brands are more desirable to the vendor.

Contracts and proposals grow more complex every year. Vendors introduce new pricing, licensing models, maintenance options and audit clauses every day. Unless one has day-to-day market visibility, it is nearly impossible to keep up.

Gartner estimates that following these negotiation best practices can save enterprises as much as 40% off list prices on contracts.

Gartner Recommended Reading


Peter Firstbrook

Access Research

Already a Gartner client?

To view this research and much more, become a client.

Speak with a Gartner specialist to learn how you can access peer and practitioner research backed by proprietary data, insights, advice and tools to help you achieve stronger performance.

By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Gartner research: Trusted insight for executives and their teams

What is Gartner research?

Gartner research, which includes in-depth proprietary studies, peer and industry best practices, trend analysis and quantitative modeling, enables us to offer innovative approaches that can help you drive stronger, more sustainable business performance.

Gartner research is unique, thanks to:

Independence and objectivity

Our independence as a research firm enables our experts to provide unbiased advice you can trust.

Actionable insights

Not only is Gartner research unbiased, it also contains key take-aways and recommendations for impactful next steps.

Proprietary methodologies

Our research practices and procedures distill large volumes of data into clear, precise recommendations.

Gartner research is just one of our many offerings.

We provide actionable, objective insight to help organizations make smarter, faster decisions to stay ahead of disruption and accelerate growth.

Tap into our experts

We offer one-on-one guidance tailored to your mission-critical priorities.

Pick the right tools and providers

We work with you to select the best-fit providers and tools, so you avoid the costly repercussions of a poor decision.

Create a network

Connect directly with peers to discuss common issues and initiatives and accelerate, validate and solidify your strategy.

Experience Information Technology conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.

©2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.