AV-Comparatives: Announcing the New EDR-Detection-Validation Test

[harlan4096]

In today’s cybersecurity landscape, endpoint detection and response (EDR) solutions are essential. While traditional security measures focus on prevention, modern threats demand strong detection capabilities. To address this, AV-Comparatives introduces the EDR Detection Validation Test, evaluating the detection effectiveness of enterprise security solutions (EPP, EDR, XDR).
 
Test Methodology

This test assesses real-world detection performance under APT (Advanced Persistent Threat) scenarios, with all products configured in monitoring mode only (prevention features disabled). Key aspects include:

• Simulating APT attacks using various Tactics, Techniques, and Procedures (TTPs).
  
• Checking for detections via active alerts in the management console or locally.
  
• If no immediate alerts appear, applying threat hunting techniques to analyze telemetry data.
  
• Using the Empire framework in the initial 2025 phase for execution and evaluation.
  
• Providing a detailed report including detection screenshots, whether via alerts or telemetry analysis.
  

Certification and Reporting

The test follows a certification model:

• Only products meeting detection criteria will be certified.
  
• Certified products will have their reports published to validate their effectiveness.
  
• Reports for non-certified products will remain strictly internal.
  

First Certified Product and Pilot Test

A pilot test conducted in January 2025 successfully certified the first product under this methodology, setting an example for interested vendors.

Why Participate?

By joining this test, vendors can validate their real-world detection capabilities, gain industry recognition, and receive valuable insights. Interested vendors should contact us.

Continue Reading...