* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* Cortex XDR: Once, Twice, ...

# Cortex XDR: Once, Twice, Three Times a Leader

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcortex-xdr-once-twice-three-times-a-leader%2F)  
[](https://twitter.com/share?text=Cortex+XDR%3A+Once%2C+Twice%2C+Three+Times+a+Leader&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcortex-xdr-once-twice-three-times-a-leader%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcortex-xdr-once-twice-three-times-a-leader%2F&title=Cortex+XDR%3A+Once%2C+Twice%2C+Three+Times+a+Leader&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/cortex-xdr-once-twice-three-times-a-leader/&ts=markdown)  
\[\](mailto:?subject=Cortex XDR: Once, Twice, Three Times a Leader)  
Link copied  
By [Kasey Cross](https://www.paloaltonetworks.com/blog/author/kasey-cross/?ts=markdown "Posts by Kasey Cross") and [Irena Damsky](https://www.paloaltonetworks.com/blog/author/irena-damsky/?ts=markdown "Posts by Irena Damsky")  
Oct 25, 2022  
4 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

This post is also available in: [简体中文 (Chinese (Simplified))](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xdr-once-twice-three-times-a-leader/?lang=zh-hans "Switch to Chinese (Simplified)(简体中文)") [繁體中文 (Chinese (Traditional))](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xdr-once-twice-three-times-a-leader/?lang=zh-hant "Switch to Chinese (Traditional)(繁體中文)") [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xdr-once-twice-three-times-a-leader/?lang=ja "Switch to Japanese(日本語)") [한국어 (Korean)](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xdr-once-twice-three-times-a-leader/?lang=ko "Switch to Korean(한국어)")

### **Cortex XDR Named a Strategic Leader in the 2022 AV-Comparatives Endpoint Prevention and Response Test**

|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------|
| For the third year in a row, AV-Comparatives has named Cortex XDR a Strategic Leader in its Endpoint Prevention and Response (EPR) test. We were thrilled to participate in one of the world's most comprehensive endpoint security evaluations, and we are honored to achieve a Strategic Leader rating - the highest rating available - in the AV-Comparatives EPR CyberRisk Quadrant.  In this year's test, Cortex XDR outperformed, blocking 100% of all 50 attack scenarios by Phase 2 of the multi-phase evaluation, thereby stopping all attacks before they reached Phase 3, the asset breach phase. Cortex XDR achieved one of the lowest total cost of ownership (TCO) scores due to its superior prevention, detection, and response capabilities, combined with its low operational and workflow costs. | ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/10/AV.png) |

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/10/EPR-Quadrant.png)

### **MITRE ATT\&CK Techniques in the EPR Test**

The AV-Comparatives EPR test simulated realistic attack sequences using adversary techniques cataloged in the [MITRE ATT\&CK Matrix for Enterprise](https://attack.mitre.org/matrices/enterprise/). AV-Comparatives performed the techniques highlighted below in green as part of their attack scenarios. For more information, see a [magnified view](https://www.av-comparatives.org/wp-content/uploads/2022/09/EPR2022.svg) of the ATT\&CK tactics and techniques used in the test.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/10/YQKh7nES8UiI5bkt39EzEAv6mrKppoQ3sDayiYVASGvPD41v0IK2NRCfn9qRiuWZCg9PACYpjeTRYpx804fndH9-uDNTgBLvyHqAWuw1ULpWoGEOSTuhJoMB39Pa.png)

The MITRE ATT\&CK Enterprise Matrix codifies the tactics, techniques, and procedures (TTPs) observed in real attacks by the world's most dangerous adversaries. It helps security teams classify threats, identify attack attribution and objective, and assess an organization's risk.

Independent tests built on the ATT\&CK knowledgebase, such as the AV-Comparatives EPR test and the [MITRE ATT\&CK evaluations](https://www.paloaltonetworks.com/cortex/cortex-xdr/mitre), provide invaluable insights into security efficacy. They assess the ability to stop advanced TTPs, not simply malware files. Since real life attacks usually involve multiple steps, not just a single malicious file, assessments like the AV-Comparatives EPR test provide a comprehensive picture of endpoint security effectiveness.

### **Cortex XDR EPR Test Highlights**

The AV-Comparatives EPR Test pitted 10 endpoint security vendors against one another in a thorough and rigorous evaluation of detection, prevention, and response capabilities. The evaluation consisted of 50 separate targeted attack scenarios and each scenario included three phases:

1. Endpoint compromise and foothold
2. Internal propagation
3. Asset breach

At each stage, AV-Comparatives assessed whether each product blocked (active response) or detected (passive response) adversary techniques.

Cortex XDR actively prevented 45 of the 50 tests in the first phase of the evaluation, achieving 96.7% total active response score average across all three phases, and detected 47 out of the 50, achieving 98% total passive response for the attack scenarios. In the second phase of the evaluation, Cortex XDR prevented the attack scenarios that had not been blocked in the first phase, achieving an overall cumulative response rate of 100%, because it blocked all 50 test scenarios before the asset breach phase.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/10/3E5h_IbqU1h9bkpTM6mnIp3yeUjnELvpOO0OXvWdQLogqj5HhyTOVautedl-miyZzNOQB2MCJOY6lXAcagv7eUWcvpQ27mmx1kPBrBQKla_gLyPAjSwWXeZ01TXu.png)

The Cortex XDR agent integrates with the Palo Alto Networks [WildFire malware prevention service](https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-security-profiles/add-malware-security-profile/wildfire-analysis-concepts) to block known malware with threat intelligence and analyze unknown files with WildFire's cloud-based malware analysis. If WildFire determines that an unknown file is malicious, Cortex XDR will terminate the process that executed it. This additional analysis by WildFire increases Cortex XDR's passive response rate. The AV-Comparatives EPR test results did not fully account for WildFire cloud-based analysis because the WildFire verdict may be received after the execution, when AV-Comparatives measured response rates.

According to the AV-Comparatives EPR report, "Palo Alto Networks Cortex XDR Pro did well at handling threats that are targeted towards enterprise users, in particular before the threats could progress inside and infiltrate the organisation's network." In addition, the EPR report states that Cortex XDR "offers the ability to create different sets of behavioural rules, and good triaging ability for multiple users to collaborate on any given threat scenario at the same time," and it "has good mapping to MITRE's TTPs \[tactics, techniques, and procedures\], thus providing low-level SOC analysts with the data needed to investigate further and escalate when necessary."

### **Get the Report Today!**

We were happy to participate in the 2022 AV-Comparatives EPR Test and showcase our commitment to providing best-in-class security that starts at the endpoint and expands to protect all assets with extended detection and response (XDR).

To see how we stacked up against the competition, download the [2022 AV-Comparatives EPR Comparative Report](https://www.paloaltonetworks.com/resources/research/av-comparatives-endpoint-prevention-response-test-2022). You can also check out the [Palo Alto Networks Cortex XDR Product Validation Report](https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/AV-Comparatives-EPR_Single_PaloAltoNetworks_2022.pdf) for a deep dive into our individual results.

*** ** * ** ***

## Related Blogs

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### 2025: The Year of the Autonomous SOC. The Year of XSIAM.](https://www2.paloaltonetworks.com/blog/security-operations/2025-the-year-of-the-autonomous-soc-the-year-of-xsiam/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Real-World Email Attacks Detected by Cortex Advanced Email Security](https://www2.paloaltonetworks.com/blog/security-operations/real-world-email-attacks-detected-by-cortex-advanced-email-security/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### From Silos to Synergy: How Cortex XDL Transforms XDR to Elevate Threat Detection](https://www2.paloaltonetworks.com/blog/security-operations/from-silos-to-synergy-how-cortex-xdl-transforms-xdr-to-elevate-threat-detection/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### Cortex XDR is the Only Endpoint Security Market Leader to Achieve 99% in Both Threat Prevention and Response in AVC EPR](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xdr-is-the-only-endpoint-security-market-leader-to-achieve-99-in-both-threat-prevention-and-response-in-avc-epr/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### SE Labs Awards Palo Alto Networks AAA Rating and 100% Prevention Against Ransomware](https://www2.paloaltonetworks.com/blog/security-operations/se-labs-awards-palo-alto-networks-aaa-rating-and-100-prevention-against-ransomware/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### A Leader in the 2025 Gartner Magic Quadrant for EPP --- 3 Years Running](https://www2.paloaltonetworks.com/blog/2025/07/named-a-leader-gartner-magic-quadrant/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language