AVLab.pl Detailed EDR-XDR Solutions Overview 2025, 3rd Edition

Disclaimer

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Adrian Ścibor

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Forum Veteran
Apr 9, 2018
290
3,110
469
Poland
avlab.pl
Hi Community!

We have just published our latest comparison of nine EDR and XDR solutions, and I think it's worth taking a look.

  • Bitdefender GravityZone XDR
  • Check Point Harmony Endpoint Advanced + EDR
  • Cisco AMP + XDR
  • Elastic Security XDR
  • Metras (part of Site)
  • ThreatDown + EDR (by Malwarebytes)
  • Sophos Intercept X Advanced + XDR
  • WithSecure Elements EDR
  • Xcitium XDR

1. The document contains detailed information about the configuration used (usually default + hardened). In our test, we do not disable AV protection to reflect the use of the solution in a production environment.

2. We analyze attack response and information logging to the console.

3. This year, we have used two certification thresholds: GOLD and CERTIFIED.

avlab.pl

EDR-XDR Solutions Overview-2025, 3rd Edition

EDR-XDR 2025 overview: key features, detection results, and vendor comparison in one clear report.
avlab.pl avlab.pl
 
Last edited:
  • Like
  • +Reputation
  • Thanks
Reactions: Idanox, Zartarra, Dave Russo and 10 others
simmerskool said:
@Adrian Ścibor maybe I missed it between the lines (or skimmed too fast) why eg Harmony "certified" while eg ThreatDown is "gold" - please a short reply how they differed?
Click to expand...
Of course!

I marked it in the attached file for the “Silent ISO - Hidden Payload” attack. In this attack, according to Check Point, not all stages of the attack were detected, which is why it received “partial visibility of the attack in telemetry.”

The attack was noticed, but not in its entirety, unlike ThreatDown.
 

Attachments

  • check point.png
    check point.png
    451.7 KB · Views: 151
  • admin response.png
    admin response.png
    401.5 KB · Views: 142
  • Like
  • +Reputation
Reactions: simmerskool, [correlate], rashmi and 2 others
Adrian Ścibor said:
Of course!

I marked it in the attached file for the “Silent ISO - Hidden Payload” attack. In this attack, according to Check Point, not all stages of the attack were detected, which is why it received “partial visibility of the attack in telemetry.”

The attack was noticed, but not in its entirety, unlike ThreatDown.
Click to expand...
Thanks@ Very helpful focus (for me).
 
  • Like
Reactions: rashmi, Adrian Ścibor and Dave Russo

You may also like...