Cortex XDR Named a Strategic Leader in AV-Comparatives EPR Evaluation

Dec 18, 2020
4 minutes

AV-Comparatives Certified EPR 2020 Strategic LeaderWe are thrilled to have AV-Comparatives, a globally recognized independent testing organization, name Palo Alto Networks Cortex XDR a “Strategic Leader” in its latest Endpoint Prevention and Response (EPR) evaluation. Cortex XDR achieved a combined prevention and response capabilities score of 99%, a mark no other vendor surpassed in the evaluation. In addition to phenomenal security effectiveness results, Cortex XDR had one of the lowest Total Cost of Ownership (TCO) scores, despite uniquely providing an Extended Detection and Response (XDR) solution that goes beyond traditional EDR to provide complete threat detection and response across endpoint, network, cloud and identity data sources.


EPR CyberRisk Quadrant

This shows performance and total cost of ownership. The larger the dot, the higher the cost. Cortex XDR achieved a combined prevention and response capabilities score of 99% in the AV-Comparatives EPR evaluation, while maintaining a low TCO.
Figure 1. Dot size reflects the product cost. The larger the dot, the higher the cost.
This table compares products according to 5-year product cost (per agent), active response, passive response, combined prevention/response capabilities, and 5-year TCO (per agent). Cortex XDR maintained high active and passive response scores with a low TCO.
Figure 2. Cortex XDR, 99% Active Response & 100% Passive Response with a very low TCO.

The Endpoint Prevention and Response evaluation is a brand new security test introduced by AV-Comparatives this year. While most endpoint security tests focus on either prevention or detection, the new EPR test offers a uniquely holistic evaluation accounting for a solution’s prevention, detection and response capabilities to ensure security teams have a complete toolset to deal with even the most sophisticated attacks.


Cortex XDR EPR EPR Highlights

The image shows: Palo Alto Networks prevents most attacks and offers effective passive.

All attacks in the evaluation were composed of three separate phases: Phase 1 – Endpoint Compromise and Foothold; Phase 2 – Internal Propagation; and Phase 3 – Asset Breach. At each stage, the test determined whether the solution detected the attack and what action was taken. When a solution took automated action to block the threat, it was awarded an “active response” score. If the product provided a detection alert that an analyst could use to stop the attack, it received a “passive response” score. Palo Alto Networks Cortex XDR was awarded an “Active Response” score on 48 of the 49 attacks and a “Passive Response” in the initial phase for the one remaining attack. Overall, as pointed out by AV-Comparatives, Cortex XDR “did exceptionally well at handling threats … in particular before the threat progresses inside the user environment.”

When dealing with sophisticated adversaries and targeted attacks, the speed with which a security solution can prevent and/or detect and respond to an attack is critical. Any malicious activity that is not blocked outright must be detected and alerted quickly to allow the security operations staff to respond and shut down the activity before the attack can progress. As seen in the tables below, all of the preventions and detections provided by Cortex XDR occurred without any observed delay, ensuring that there was no opportunity to progress the attacks in the user environment.


Reduction in Time to Respond (TTR)

The image shows how Cortex XDR performed in terms of Time to Respond in the AV-Comparatives EPR evaluation. The table breaks out phases one, two and three of the evaluation.


Reduction in Time to Prevent (TTP)

The image shows how Cortex XDR performed in terms of Time to Prevent in the AV-Comparatives EPR evaluation. The table breaks out phases one, two and three of the evaluation.

In addition to achieving fantastic scores for prevention, detection and response, Cortex XDR achieved a very low TCO in the evaluation. TCO was calculated as a combination of the cost to purchase the product, the estimated breach cost (based on speed of prevention/detection) and the operational accuracy cost – a measure of false positives (of which we had none).

The image shows how total cost of ownership is calculated. It includes consideration of product cost over five years, breach cost and operational accuracy cost (false positives).

We are proud of the results of this new evaluation, which showcase the powerful endpoint protection, detection and response capabilities that Cortex XDR delivers in a single agent. The capabilities of Cortex XDR extend beyond even the robust testing methodology of this evaluation, delivering superior visibility and analytics by combining Extended Detection and Response (EDR) features with User Behavior Analytics and Network Traffic Analysis based on telemetry ingestion from endpoint, network, cloud and identity data sources.

The elements that comprise Cortex XDR include endpoint protection, endpoint detection and response, user behavior analysis and network traffic analysis.


We were extremely pleased with the new test methodology introduced by AV-Comparatives and appreciate the thorough nature of the evaluation going beyond prevention to include detection and response. We are proud to share these results with you to demonstrate our commitment to providing comprehensive and effective endpoint security.

Download the AV-Comparatives EPR Comparative test results to see how we stack up against the competition, and the detailed report on Palo Alto Networks Cortex XDR results for the evaluation.




Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.