Cortex XDR and 2021/2022 Forrester Wave Results

Apr 06, 2022
4 minutes

Cortex XDR Recognized in Three Recent Forrester Reports and 2022 MITRE ATT&CK Round 4 Evaluation

Over the last 12 months Forrester has published several security Wave reports covering solutions for endpoint protection/EDR as well as XDR. Read on to see a summary of Cortex XDR results in the The Forrester WaveTM: Endpoint Detection and Response Providers Q2 2022,  The Forrester WaveTM:  Endpoint Security Software as a Service,  Q2 2021, The Forrester New WaveTM: Extended Detection and Response (XDR) Providers, Q4 2021 reports as well as in the real-world attack simulations results of the MITRE Engenuity ATT&CK Evaluations.

Q2 2022 Forrester EDR Wave (April 2022)

Cortex XDR was rated as a Strong Performer and received the highest possible ratings in the criteria of Endpoint Telemetry, Detection Capabilities and Extended Capabilities

  • We believe the most important reason to invest in an EDR solution is to prevent and detect threats. Prevention and detection are founded on good data, also referred to as "Endpoint Telemetry."
  • Cortex XDR received the highest possible ratings in the criteria of  both Endpoint Telemetry and Detection Capabilities. We believe the strength of our endpoint telemetry and detection capabilities are further highlighted by our outstanding results in recent independent security evaluations such as the MITRE Engenuity ATT&CK Evaluations and AV-Comparatives Endpoint Prevention & Response evaluation.
  • Cortex XDR also received the highest possible score in the Market Approach criterion which we believe, highlights the strength of our business strategy.
  • The Forrester Report authored by analyst Allie Mellen notes:

"With XDR as its North Star, Palo Alto [Networks] has catapulted the capabilities of its EDR offering over the past two years." and

“It has successfully energized its product team, with customer references praising Palo Alto [Networks’] engagement with them, especially its willingness to develop specialized product features to address industry- and customer-specific use cases.”

  • Note that we provide broader capabilities across cloud, network and beyond versus only EDR.

Q2 2021 Forrester Endpoint Security SaaS Wave (May 2021)

Cortex XDR was rated as a Leader. Among other results, Cortex XDR here had the highest possible ratings in the endpoint protection and detection criteria. Notes on Cortex XDR included:

  • Palo Alto Networks is an easy shortlist addition for enterprise buyers looking to adopt a modern endpoint security solution or a broad XDR strategy with strong threat prevention.”
  •  “As the first vendor to promote an XDR strategy, Palo Alto Networks is the most comprehensive in this study, offering threat prevention, detection, and access controls spanning endpoint, IoT, network, and cloud apps.”

Q4 2021 Forrester XDR New Wave (October 2021)

Cortex XDR was rated as a Strong Performer, with only two vendors receiving a Leader rating.

  • Cortex XDR received the highest possible scores in the visibility, detection, investigation, and threat hunting criteria.
  • The Forrester evaluation noted:

“[Cortex XDR] Offers a strong combination of native endpoint, network, and cloud ingestion. Cortex XDR delivers unified detection and investigation for native endpoint, network, and cloud telemetry as well as third-party sources.”

2022 MITRE Engenuity ATT&CK Evaluations

MITRE ATT&CK evaluations rigorously test and evaluate products by emulating real-world attacks and their tactics, techniques and procedures. The “Round 4” evaluation results were published on March 31, 2022. As in previous rounds, Cortex XDR achieved outstanding results, with stronger results than most other participating vendors  across the evaluated categories. Cortex XDR Round 4 results included:

  • 100% Prevention in the Protection evaluation (10 of 10)
  • 100% Detection of all attack steps (19 of 19)
  • 98.2% Analytic Coverage (107 of 109 attack substeps)
  • 98.2% Technique-Level Detections (107 of 109 attack substeps)
  • 98.2% Visibility (107 of 109 attack substeps)

Cortex XDR provided over 98% visibility into all malicious activity and enriched this data with the necessary incident context to precisely identify the tactic, technique and sub-technique being used. Importantly, this resulted in the MITRE Engenuity team recognizing 100% of XDR’s visibility as technique-level detections – the most valuable detection type in this evaluation.


MITRE Engenuity ATT&CK Evaluation Round 4 Technique Detections

MITRE Engenuity ATT&CK Evaluation Round 4 Technique Detections


You can read more detail about the MITRE ATT&CK Round 4 test results, in our blog here.

Why You Should Care About These Results

Whether you are evaluating solutions for EDR or the wider scope of full XDR, endpoint telemetry and detection capabilities are fundamental to your decision. These and other reports and evaluations consistently show that you can rely on Cortex XDR’s superior endpoint protection, detection and rich telemetry intelligence to ensure your security.

Learn more about Cortex XDR.

Additional reports on the previous three rounds of the MITRE Engenuity ATT&CK Evaluations, and the 2020 and 2021 AV-Comparatives EPR Evaluations are also available.

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.