* [Blog](https://www.paloaltonetworks.com/blog)
* [Security Operations](https://www.paloaltonetworks.com/blog/security-operations/)
* [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/)
* Cortex XDR Blocks Every A...

# Cortex XDR Blocks Every Attack Scenario in AV Comparatives Endpoint Prevention \& Response Test

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcortex-xdr-blocks-every-attack-scenario-in-av-comparatives-endpoint-prevention-response-test%2F)  
[](https://twitter.com/share?text=Cortex+XDR+Blocks+Every+Attack+Scenario+in+AV+Comparatives+Endpoint+Prevention+%26%23038%3B+Response+Test&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcortex-xdr-blocks-every-attack-scenario-in-av-comparatives-endpoint-prevention-response-test%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcortex-xdr-blocks-every-attack-scenario-in-av-comparatives-endpoint-prevention-response-test%2F&title=Cortex+XDR+Blocks+Every+Attack+Scenario+in+AV+Comparatives+Endpoint+Prevention+%26%23038%3B+Response+Test&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/security-operations/cortex-xdr-blocks-every-attack-scenario-in-av-comparatives-endpoint-prevention-response-test/&ts=markdown)  
\[\](mailto:?subject=Cortex XDR Blocks Every Attack Scenario in AV Comparatives Endpoint Prevention \& Response Test)  
Link copied  
By [Dan Flaherty](https://www.paloaltonetworks.com/blog/author/dan-flaherty/?ts=markdown "Posts by Dan Flaherty")  
Dec 18, 2023  
5 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[AV Comparitives](https://www.paloaltonetworks.com/blog/tag/av-comparitives/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[Endpoints](https://www.paloaltonetworks.com/blog/tag/endpoints/?ts=markdown)  
[EPR](https://www.paloaltonetworks.com/blog/tag/epr/?ts=markdown)  
[Extended Detection and Response](https://www.paloaltonetworks.com/blog/tag/extended-detection-and-response/?ts=markdown)

**![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/12/word-image-310718-1.png)**

In yet another testament to the advanced security capabilities of Cortex XDR, AV Comparatives named Palo Alto Networks a Strategic Leader in the 2023 Endpoint Prevention \& Response Test for the ability to ***block every attack scenario tested at the lowest total cost of any vendor*** in the evaluation. This result, coupled with our recent performance in the [2023 MITRE Engenuity ATT\&CK Evaluation](https://www.paloaltonetworks.com/blog/2023/09/mitre-engenuity-attck-evaluations-results/?ts=markdown) demonstrates our deep commitment to security efficacy and the operational efficiency of SOC teams that place their trust in our technology.
![The AV Comparatives Endpoint Prevention \& Response (EPR) CyberRisk QuadrantTM, showing vendor performance in the 2023 test.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/12/word-image-310718-2.png)
The AV Comparatives Endpoint Prevention \& Response (EPR) CyberRisk QuadrantTM, showing vendor performance in the 2023 test.

### **What is the AV Comparatives Endpoint Prevention \& Response Test?**

AV Comparatives defines the endpoint prevention and response category as products used by enterprise organizations to detect, prevent, analyze, and respond to targeted attacks such as advanced persistent threats (APTs). They also require the product to deliver an analysis of an attack's origin, method, and aims to help security analysts understand the nature of the threat, prevent lateral movement, and prevent similar attacks in the future^1^.

For this test, AV Comparatives runs 50 targeted attack scenarios against each vendor's product, assessing whether the attack is blocked by an automated action (active response) or provides information for a SOC analyst to take action (passive response) in three distinct phases of attack:

* **Phase 1**: The attack compromises the endpoint and gains a foothold.
* **Phase 2**: The attack propagates internally.
* **Phase 3**: The attack reaches the final objective of locating and taking action on a valuable asset, such as theft, ransom, or destruction of data.

If an attack is blocked at an earlier phase, it will not progress to the next phases. Vendors have no prior knowledge of the attack scenarios and give AV Comparatives full control over the product settings used during testing.

**Real-World Total Cost of Ownership**

AV Comparatives assesses Total Cost of Ownership (TCO) across multiple dimensions, reflecting real-world ownership scenarios that can make or break a budget, or a business altogether. If an attack progresses through any phase beyond automated prevention, a breach cost is added. This reflects the cost of detection by the SOC and, in the case of Phase 3, a full breach of internal assets.
![Flow chart depicting AV Comparatives TCO calculation](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/12/FireShot-Capture-006-www.av-comparatives.org-1.png)
Flow chart depicting AV Comparatives TCO calculation

The last component of TCO is most interesting here. AV Comparatives looks at both operational accuracy (depicted above) and workflow delay. Operational accuracy refers to the product generating false positives, which can quickly drain SOC team productivity. Workflow delay refers to the time an inline sandbox solution (if used) takes to analyze a threat, extending the time to detection/prevention.

### **Cortex XDR Performance Results for 2023**

For the fourth year in a row, Cortex XDR achieved the status of "Strategic Leader" in the AV Comparatives EPR test.

*"EPR products classified as Strategic Leaders offer an exceptional return on investment, resulting in a significantly reduced total cost of ownership (TCO). Their remarkable technical capabilities, coupled with bug-free performance, keep costs in check. These products consistently excel in prevention, detection, response, and reporting, while also delivering optimal workflow features for system administrators and operations."^1^*

We believe strongly in third-party testing and are committed to delivering the best security outcomes possible for our customers. **In this year's test, we blocked 100% of attack scenarios before a breach was possible.** All of the attack scenarios tested were blocked by an automated prevention measure--96% (48 of 50) in Phase 1 and the remaining 4% (2 of 50) in Phase 2--with none requiring manual human intervention.

*"Palo Alto Networks Cortex XDR Pro did well at handling threats that are targeted towards enterprise users, in particular before the threats could progress inside and infiltrate the organization's network. The product demonstrated several safeguards that helped in protecting the enterprise systems and network against the scenarios we tested. It should be noted that the product has very good correlation and post-detection capabilities that can terminate malicious processes in the event that they were not stopped by some other protection mechanism in an earlier phase."^1^*
![EPR Efficacy per Phase of Palo Alto Networks Cortex XDR Pro](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/12/word-image-310718-4.png)
EPR Efficacy per Phase of Palo Alto Networks Cortex XDR Pro

Accurate, automated prevention is the best defense strategy, reducing the risk of a breach and SOC overhead. However, false positives can quickly overwhelm analysts if automated prevention is inaccurate. Cortex XDR uses AI-based analysis, behavioral threat protection, and vast threat intelligence correlated from network, cloud, identity, and other third-party sources to deliver extremely accurate automated prevention with exceptionally low false positive rates. Our results in the AV Comparatives test demonstrate this with low or no additional costs added for failures in Operational Accuracy.
![AV Comparatives assessment of added cost from imperfect Operational Accuracy and Workflow Delays.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/12/word-image-310718-5.png)
AV Comparatives assessment of added cost from imperfect Operational Accuracy and Workflow Delays.

Each of these components--highly accurate and automated prevention, exceptionally low false positives, and no workflow delays--resulted in **Cortex XDR achieving the lowest five-year TCO of any vendor assessed.**

### **Diving Deeper into the AV Comparatives 2023 EPR Test and More Performance Benchmarks**

We're strong proponents of security efficacy and TCO testing where real-world scenarios are evaluated with an objective methodology. The AV Comparatives EPR test upholds a high standard, and there are many more details to learn about their methodology, attack methods used, and product performance in the [full report for Cortex XDR here.](https://www.av-comparatives.org/wp-content/uploads/2023/10/EPR_PaloAlto_2023.pdf) Check out the [full test page](https://www.av-comparatives.org/tests/endpoint-prevention-response-epr-test-2023/) as well, where you can evaluate each metric against all the vendors tested, some of which have chosen to remain anonymous this year.

For more on testing performance, don't miss the latest [MITRE Engenuity ATT\&CK Evaluation](https://start.paloaltonetworks.com/essential-guide-MITRE-R5)results, another test with a thorough and highly-regarded methodology. Happy (automated) hunting!

References:

[/blog/security-operations/cortex-xdr-once-twice-three-times-a-leader/](https://www.paloaltonetworks.com/blog/security-operations/cortex-xdr-once-twice-three-times-a-leader/?ts=markdown)

[/blog/2022/01/active-prevention-in-av-comparative-epr/](https://www.paloaltonetworks.com/blog/2022/01/active-prevention-in-av-comparative-epr/?ts=markdown)

[/blog/2020/12/cortex-av-comparatives-epr-evaluation/](https://www.paloaltonetworks.com/blog/2020/12/cortex-av-comparatives-epr-evaluation/?ts=markdown)

^1^[^https://www.av-comparatives.org/tests/endpoint-prevention-response-epr-test-2023^](https://www.av-comparatives.org/tests/endpoint-prevention-response-epr-test-2023)

*** ** * ** ***

## Related Blogs

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### From Silos to Synergy: How Cortex XDL Transforms XDR to Elevate Threat Detection](https://www.paloaltonetworks.com/blog/security-operations/from-silos-to-synergy-how-cortex-xdl-transforms-xdr-to-elevate-threat-detection/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### A Leader in the 2025 Gartner Magic Quadrant for EPP --- 3 Years Running](https://www.paloaltonetworks.com/blog/2025/07/named-a-leader-gartner-magic-quadrant/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### Cortex XDR Named 2025 Gartner Customers' Choice for Endpoint Security](https://www.paloaltonetworks.com/blog/2025/05/cortex-xdr-named-gartner-customers-choice-endpoint-security/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### What's Next in Cortex - New Wave of Innovations in Cortex (June 2024 Release)](https://www.paloaltonetworks.com/blog/security-operations/whats-next-in-cortex-new-wave-of-innovations-in-cortex-june-2024-release/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Forrester Names Palo Alto Networks a Leader in XDR](https://www.paloaltonetworks.com/blog/2024/06/forrester-names-palo-alto-networks-a-leader-in-xdr/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Recognized as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP)](https://www.paloaltonetworks.com/blog/2024/01/palo-alto-networks-recognized-as-a-leader-in-the-2023-gartner-magic-quadrant-for-endpoint-protection-platforms-epp/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language