Cortex XDR Scores 100% Overall Active Prevention in AV-Comparative EPR

Jan 20, 2022
3 minutes

Palo Alto Networks has been recognized once again by one of the most well-known and respected independent, third-party cybersecurity evaluation organizations, AV-Comparatives. Cortex XDR was identified as a “Strategic Leader” in the 2nd annual Endpoint Prevention and Response (EPR) evaluation.

With an overall active prevention score of 100%, Cortex XDR has received unbeaten scores two years in a row while maintaining one of the lowest Total Cost of Ownership scores, despite being one of the only vendors to provide extended threat detection and response for endpoint, network, cloud, identity and additional data sources.

EPR Cyber Risk Quadrant showing cyber risk visionaries, strategic leaders, strong challengers
Figure 1. Endpoint Prevention and Response (EPR) - ECRQ Enterprise CyberRisk QuadrantTM


Chart showing 5-year product cost, active response, passive response, combined prevention/response capabilities, and 5-year TCO.
Figure 2. Cortex XDR, 99.5% Combined Prevention & Response with very low TCO.

AV-Comparatives’ Endpoint Prevention and Response evaluation is relatively new. In just its second year, it continues to be a welcomed change to traditional tests by focusing on real-world scenarios, blending the critical importance of prevention with detection and response. With the rise of EDR in the endpoint security market, much has been made about detection and response. However, outright prevention is the best line of defense, and Cortex XDR continually outperforms the competition in the area of active prevention. In the 2021 EPR evaluation, Cortex XDR achieved a perfect 50 out of 50 for Overall Active Prevention.

List of companies on their active prevention score, showing Palo Alto Networks Cortex XDR.
Figure 3. Cortex XDR achieves a perfect 50 of 50 Active Prevention score.

In this evaluation all attacks had three separate phases:

  • Phase 1 – Compromise and Foothold
  • Phase 2 – Internal Propagation
  • Phase 3 – Asset Breach

“Active response” scores were awarded at each phase if the solution in question “took automated action to block the threat.” If the solution did not block the attack but provided an actionable detection alert, a “passive response” score was awarded.

Palo Alto Networks Cortex XDR was awarded an overall “Active Response” score of 50 out of 50, and no attack made it beyond phase 2 into the Asset Breach phase. As noted in the report by AV-Comparatives, “Palo Alto Networks performed exceptionally well at blocking the attack scenarios before the attacker was able to get a foothold inside the environment.”

When dealing with cyber threats, time is critical as adversaries quickly take advantage of any successful execution to establish persistence in an environment. The EPR evaluation provides valuable insights into a solution’s ability to reduce the time to prevent an attack, and reduce the time for a SOC analyst to respond. All of the prevention and detection actions and alerts delivered by Cortex XDR in the evaluation were provided without any observed delay. This dramatically reduces the time needed to prevent and respond to threats. The report also noted that Cortex XDR provided, “good mapping to MITRE’s TTP, which provides low-level SOC analysts the data needed to investigate further and escalate when necessary.”

We appreciate the approach AV-Comparatives is taking with the Endpoint Prevention and Response evaluation and are thankful for the opportunity to showcase the effectiveness demonstrated by Cortex XDR.

Download the AV-Comparatives EPR Comparative test results to see how we stack up against the competition. Read the detailed report on Palo Alto Networks Cortex XDR results for the evaluation.

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.