We are thrilled to have AV-Comparatives, a globally recognized independent testing organization, name Palo Alto Networks Cortex XDR a “Strategic Leader” in its latest Endpoint Prevention and Response (EPR) evaluation. Cortex XDR achieved a combined prevention and response capabilities score of 99%, a mark no other vendor surpassed in the evaluation. In addition to phenomenal security effectiveness results, Cortex XDR had one of the lowest Total Cost of Ownership (TCO) scores, despite uniquely providing an Extended Detection and Response (XDR) solution that goes beyond traditional EDR to provide complete threat detection and response across endpoint, network, cloud and identity data sources.
EPR CyberRisk Quadrant
The Endpoint Prevention and Response evaluation is a brand new security test introduced by AV-Comparatives this year. While most endpoint security tests focus on either prevention or detection, the new EPR test offers a uniquely holistic evaluation accounting for a solution’s prevention, detection and response capabilities to ensure security teams have a complete toolset to deal with even the most sophisticated attacks.
Cortex XDR EPR EPR Highlights
All attacks in the evaluation were composed of three separate phases: Phase 1 – Endpoint Compromise and Foothold; Phase 2 – Internal Propagation; and Phase 3 – Asset Breach. At each stage, the test determined whether the solution detected the attack and what action was taken. When a solution took automated action to block the threat, it was awarded an “active response” score. If the product provided a detection alert that an analyst could use to stop the attack, it received a “passive response” score. Palo Alto Networks Cortex XDR was awarded an “Active Response” score on 48 of the 49 attacks and a “Passive Response” in the initial phase for the one remaining attack. Overall, as pointed out by AV-Comparatives, Cortex XDR “did exceptionally well at handling threats … in particular before the threat progresses inside the user environment.”
When dealing with sophisticated adversaries and targeted attacks, the speed with which a security solution can prevent and/or detect and respond to an attack is critical. Any malicious activity that is not blocked outright must be detected and alerted quickly to allow the security operations staff to respond and shut down the activity before the attack can progress. As seen in the tables below, all of the preventions and detections provided by Cortex XDR occurred without any observed delay, ensuring that there was no opportunity to progress the attacks in the user environment.
Reduction in Time to Respond (TTR)
Reduction in Time to Prevent (TTP)
In addition to achieving fantastic scores for prevention, detection and response, Cortex XDR achieved a very low TCO in the evaluation. TCO was calculated as a combination of the cost to purchase the product, the estimated breach cost (based on speed of prevention/detection) and the operational accuracy cost – a measure of false positives (of which we had none).
We are proud of the results of this new evaluation, which showcase the powerful endpoint protection, detection and response capabilities that Cortex XDR delivers in a single agent. The capabilities of Cortex XDR extend beyond even the robust testing methodology of this evaluation, delivering superior visibility and analytics by combining Extended Detection and Response (EDR) features with User Behavior Analytics and Network Traffic Analysis based on telemetry ingestion from endpoint, network, cloud and identity data sources.
We were extremely pleased with the new test methodology introduced by AV-Comparatives and appreciate the thorough nature of the evaluation going beyond prevention to include detection and response. We are proud to share these results with you to demonstrate our commitment to providing comprehensive and effective endpoint security.