Cortex XDR Blocks Every Attack Scenario in AV Comparatives Endpoint Prevention & Response Test

In yet another testament to the advanced security capabilities of Cortex XDR, AV Comparatives named Palo Alto Networks a Strategic Leader in the 2023 Endpoint Prevention & Response Test for the ability to block every attack scenario tested at the lowest total cost of any vendor in the evaluation. This result, coupled with our recent performance in the 2023 MITRE Engenuity ATT&CK Evaluation demonstrates our deep commitment to security efficacy and the operational efficiency of SOC teams that place their trust in our technology.

What is the AV Comparatives Endpoint Prevention & Response Test?

AV Comparatives defines the endpoint prevention and response category as products used by enterprise organizations to detect, prevent, analyze, and respond to targeted attacks such as advanced persistent threats (APTs). They also require the product to deliver an analysis of an attack’s origin, method, and aims to help security analysts understand the nature of the threat, prevent lateral movement, and prevent similar attacks in the future¹.

For this test, AV Comparatives runs 50 targeted attack scenarios against each vendor’s product, assessing whether the attack is blocked by an automated action (active response) or provides information for a SOC analyst to take action (passive response) in three distinct phases of attack:

• Phase 1: The attack compromises the endpoint and gains a foothold.
• Phase 2: The attack propagates internally.
• Phase 3: The attack reaches the final objective of locating and taking action on a valuable asset, such as theft, ransom, or destruction of data.

If an attack is blocked at an earlier phase, it will not progress to the next phases. Vendors have no prior knowledge of the attack scenarios and give AV Comparatives full control over the product settings used during testing.

Real-World Total Cost of Ownership

AV Comparatives assesses Total Cost of Ownership (TCO) across multiple dimensions, reflecting real-world ownership scenarios that can make or break a budget, or a business altogether. If an attack progresses through any phase beyond automated prevention, a breach cost is added. This reflects the cost of detection by the SOC and, in the case of Phase 3, a full breach of internal assets.

The last component of TCO is most interesting here. AV Comparatives looks at both operational accuracy (depicted above) and workflow delay. Operational accuracy refers to the product generating false positives, which can quickly drain SOC team productivity. Workflow delay refers to the time an inline sandbox solution (if used) takes to analyze a threat, extending the time to detection/prevention.

Cortex XDR Performance Results for 2023

For the fourth year in a row, Cortex XDR achieved the status of “Strategic Leader” in the AV Comparatives EPR test.

“EPR products classified as Strategic Leaders offer an exceptional return on investment, resulting in a significantly reduced total cost of ownership (TCO). Their remarkable technical capabilities, coupled with bug-free performance, keep costs in check. These products consistently excel in prevention, detection, response, and reporting, while also delivering optimal workflow features for system administrators and operations.”¹

We believe strongly in third-party testing and are committed to delivering the best security outcomes possible for our customers. In this year’s test, we blocked 100% of attack scenarios before a breach was possible. All of the attack scenarios tested were blocked by an automated prevention measure–96% (48 of 50) in Phase 1 and the remaining 4% (2 of 50) in Phase 2–with none requiring manual human intervention.

“Palo Alto Networks Cortex XDR Pro did well at handling threats that are targeted towards enterprise users, in particular before the threats could progress inside and infiltrate the organization’s network. The product demonstrated several safeguards that helped in protecting the enterprise systems and network against the scenarios we tested. It should be noted that the product has very good correlation and post-detection capabilities that can terminate malicious processes in the event that they were not stopped by some other protection mechanism in an earlier phase.”¹

Accurate, automated prevention is the best defense strategy, reducing the risk of a breach and SOC overhead. However, false positives can quickly overwhelm analysts if automated prevention is inaccurate. Cortex XDR uses AI-based analysis, behavioral threat protection, and vast threat intelligence correlated from network, cloud, identity, and other third-party sources to deliver extremely accurate automated prevention with exceptionally low false positive rates. Our results in the AV Comparatives test demonstrate this with low or no additional costs added for failures in Operational Accuracy.

Each of these components–highly accurate and automated prevention, exceptionally low false positives, and no workflow delays–resulted in Cortex XDR achieving the lowest five-year TCO of any vendor assessed.

Diving Deeper into the AV Comparatives 2023 EPR Test and More Performance Benchmarks

We’re strong proponents of security efficacy and TCO testing where real-world scenarios are evaluated with an objective methodology. The AV Comparatives EPR test upholds a high standard, and there are many more details to learn about their methodology, attack methods used, and product performance in the full report for Cortex XDR here. Check out the full test page as well, where you can evaluate each metric against all the vendors tested, some of which have chosen to remain anonymous this year.

For more on testing performance, don’t miss the latest MITRE Engenuity ATT&CK Evaluation results, another test with a thorough and highly-regarded methodology. Happy (automated) hunting!

References:

https://www.paloaltonetworks.com/blog/security-operations/cortex-xdr-once-twice-three-times-a-leader/

https://www.paloaltonetworks.com/blog/2022/01/active-prevention-in-av-comparative-epr/

https://www.paloaltonetworks.com/blog/2020/12/cortex-av-comparatives-epr-evaluation/

^{1 https://www.av-comparatives.org/tests/endpoint-prevention-response-epr-test-2023}