In today’s cybersecurity landscape, endpoint detection and response (EDR) solutions are essential. While traditional security measures focus on prevention, modern threats demand strong detection capabilities. To address this, AV-Comparatives introduces the
EDR Detection Validation Test, evaluating the detection effectiveness of enterprise security solutions (EPP, EDR, XDR).
Test Methodology
This test assesses real-world detection performance under APT (Advanced Persistent Threat) scenarios, with all products configured in monitoring mode only (prevention features disabled). Key aspects include:
- Simulating APT attacks using various Tactics, Techniques, and Procedures (TTPs).
- Checking for detections via active alerts in the management console or locally.
- If no immediate alerts appear, applying threat hunting techniques to analyze telemetry data.
- Using the Empire framework in the initial 2025 phase for execution and evaluation.
- Providing a detailed report including detection screenshots, whether via alerts or telemetry analysis.
Certification and Reporting
The test follows a certification model:
- Only products meeting detection criteria will be certified.
- Certified products will have their reports published to validate their effectiveness.
- Reports for non-certified products will remain strictly internal.
First Certified Product and Pilot Test
A pilot test conducted in January 2025 successfully certified the
first product under this methodology, setting an example for interested vendors.
www.av-comparatives.org
