* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Security Operations](https://www.paloaltonetworks.com.au/blog/security-operations/)
* [AI and Cybersecurity](https://www.paloaltonetworks.com.au/blog/security-operations/category/ai-and-cybersecurity/)
* Cortex XDR is the Only En...

# Cortex XDR is the Only Endpoint Security Market Leader to Achieve 99% in Both Threat Prevention and Response in AVC EPR

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fcortex-xdr-is-the-only-endpoint-security-market-leader-to-achieve-99-in-both-threat-prevention-and-response-in-avc-epr%2F)  
[](https://twitter.com/share?text=Cortex+XDR+is+the+Only+Endpoint+Security+Market+Leader+to+Achieve+99%25+in+Both+Threat+Prevention+and+Response+in+AVC+EPR&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fcortex-xdr-is-the-only-endpoint-security-market-leader-to-achieve-99-in-both-threat-prevention-and-response-in-avc-epr%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fcortex-xdr-is-the-only-endpoint-security-market-leader-to-achieve-99-in-both-threat-prevention-and-response-in-avc-epr%2F&title=Cortex+XDR+is+the+Only+Endpoint+Security+Market+Leader+to+Achieve+99%25+in+Both+Threat+Prevention+and+Response+in+AVC+EPR&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/security-operations/cortex-xdr-is-the-only-endpoint-security-market-leader-to-achieve-99-in-both-threat-prevention-and-response-in-avc-epr/&ts=markdown)  
\[\](mailto:?subject=Cortex XDR is the Only Endpoint Security Market Leader to Achieve 99% in Both Threat Prevention and Response in AVC EPR)  
Link copied  
By [Emran Mazumder](https://www.paloaltonetworks.com/blog/author/emran-mazumder/?ts=markdown "Posts by Emran Mazumder")  
Sep 23, 2025  
4 minutes  
[AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown)  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[AV-Comparatives](https://www.paloaltonetworks.com/blog/tag/av-comparatives/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[cybersecurity](https://www.paloaltonetworks.com/blog/tag/cybersecurity/?ts=markdown)  
[endpoint security](https://www.paloaltonetworks.com/blog/tag/endpoint-security/?ts=markdown)  
[EPR test](https://www.paloaltonetworks.com/blog/tag/epr-test/?ts=markdown)  
[threat prevention](https://www.paloaltonetworks.com/blog/tag/threat-prevention/?ts=markdown)  
[threat response](https://www.paloaltonetworks.com/blog/tag/threat-response/?ts=markdown)

In today's cybersecurity landscape, achieving superior protection doesn't have to come at a premium. The [AV-Comparatives 2025 EPR Product Validation Report](https://www.av-comparatives.org/tests/endpoint-prevention-response-epr-test-2025/#key-metrics)^1^ demonstrates that Palo Alto Networks Cortex XDR, using only our lowest-cost, prevention-focused license (XDR Prevent), delivers exceptional results. We're excited to share that **among endpoint security market leaders^2^, Palo Alto Networks was the only vendor to achieve 99% in both threat prevention and response** , all while offering a lower total cost of ownership (TCO). Read the full report [here](https://www.av-comparatives.org/wp-content/uploads/2025/09/EPR_PaloAlto_2025.pdf)^3^.

The product was resilient against various attack vectors, including executables, scripts, installers, add-ins, and USB-propagated payloads. According to AV-Comparatives, Cortex XDR is a user-friendly and intuitive platform that gives security analysts the rich, contextual data they need to prioritize threats quickly.
![Figure1 1: Enterprise CyberRisk QuadrantTM](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/09/word-image-345288-2-1.png)
Figure1 1: Enterprise CyberRisk QuadrantTM

## A Multi-Layered Defense That Prevails

The test was conducted in three phases, aligning with the MITRE ATT\&CK Framework, which simulates a complete cyberattack from start to finish in three stages. This structured approach provides a holistic view of a security solution's effectiveness across the entire attack chain.

* **Phase 1: Compromise \& Foothold** assessed a product's ability to prevent an attacker from gaining initial access and executing malicious code.
  * Cortex XDR provided an active response to 98% of scenarios and a passive response for the remaining 2%. It automatically stops threats at the very beginning of an attack chain, which is a critical capability for preventing attacks before they move laterally to other systems.
* **Phase 2: Internal Propagation** measured how well the product detects and stops the attacker as they try to move laterally within the network.
  * Out of 50 scenarios, only one scenario progressed from Phase 1 to Phase 2, but Cortex XDR detected and blocked it in this phase. Cortex XDR acts as a strong initial barrier, and even when a threat manages to get past that barrier, it can still detect and neutralize it before the adversary can achieve their objective.
* **Phase 3: Asset Breach** evaluated whether the product can prevent the attacker from achieving their ultimate objective, such as stealing data or sabotaging systems.
  * Cortex XDR prevented all threats from reaching Phase 3, so adversaries could not reach their ultimate goal of exfiltrating or encrypting data.

## Operational Accuracy and Workflow Delays

AV-Comparatives also assessed costs related to operational accuracy and workflow delays.

* **Operational Accuracy Costs:** Cortex XDR's high operational accuracy translates to minimal hidden costs for a business. In the report's financial model, Cortex XDR was assigned "Low" costs for this metric, demonstrating its ability to protect against real threats while avoiding the productivity and overhead penalties associated with false alerts.
* **Workflow Delay Costs:** Costs arise when an end user's activity is stalled because a security product is analyzing a file, for example, by sending it to a vendor's online sandbox for further analysis. The AV-Comparatives report states that Palo Alto Networks had no costs related to workflow delays. The product's efficiency and speed meant it did not cause significant delays when analyzing scenarios.

## Uncompromising Protection, Unmatched Value

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/09/word-image-345288-1-1.png)

Ultimately, the AV-Comparatives 2025 EPR Product Validation Report offers irrefutable evidence that Palo Alto Networks Cortex XDR is a top-tier endpoint security solution, redefining the balance of superior protection and cost-effectiveness. The product's consistent excellence in the AVC EDR Test and Anti-Tampering Test further solidifies its position as a market leader, proving that its defenses are not only effective but also highly resilient.

For a SecOps team, this translates directly to a significant reduction in alert volume, minimized manual investigations, and the confidence that advanced threats are stopped long before they can impact the business. This validation proves that choosing Cortex XDR is an investment in both uncompromising security and streamlined operational excellence.

For a deeper dive into our performance in the AVC EDR and AVC Anti-Tampering tests, we encourage you to read our detailed blog post: [Cortex XDR is the Only Endpoint Security Market Leader Certified in Both AVC EDR Detection and Anti-Tampering Tests](https://www.paloaltonetworks.com/blog/security-operations/cortex-xdr-is-the-only-endpoint-security-market-leader-certified-in-both-avc-edr-detection-and-anti-tampering-tests/).

**Reference**:

**^1^** [EPR Comparative Report 2025](https://www.av-comparatives.org/tests/endpoint-prevention-response-epr-test-2025/#key-metrics)

\*\*^2^\*\*Market leader is defined as vendors who were named leaders in the 2025 Gartner EPP Magic Quadrant

**^3^** [EPR Product Validation Report 2025-Palo Alto Networks](https://www.av-comparatives.org/wp-content/uploads/2025/09/EPR_PaloAlto_2025.pdf)

*** ** * ** ***

## Related Blogs

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### From Silos to Synergy: How Cortex XDL Transforms XDR to Elevate Threat Detection](https://www.paloaltonetworks.com.au/blog/security-operations/from-silos-to-synergy-how-cortex-xdl-transforms-xdr-to-elevate-threat-detection/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### SE Labs Awards Palo Alto Networks AAA Rating and 100% Prevention Against Ransomware](https://www.paloaltonetworks.com.au/blog/security-operations/se-labs-awards-palo-alto-networks-aaa-rating-and-100-prevention-against-ransomware/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### Cortex XDR Named 2025 Gartner Customers' Choice for Endpoint Security](https://www.paloaltonetworks.com.au/blog/2025/05/cortex-xdr-named-gartner-customers-choice-endpoint-security/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Forrester Names Palo Alto Networks a Leader in XDR](https://www.paloaltonetworks.com.au/blog/2024/06/forrester-names-palo-alto-networks-a-leader-in-xdr/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### Cortex XDR and 2021/2022 Forrester Wave Results](https://www.paloaltonetworks.com.au/blog/security-operations/cortex-xdr-and-2021-2022-forrester-wave-results/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### 2022 MITRE Engenuity ATT\&CK Evaluations Results](https://www.paloaltonetworks.com.au/blog/2022/03/mitre-engenuity-evaluations-round-4-results/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language