Search

19 Tested.
One clear
choice.

Cortex XDR delivers 100% detection
in MITRE ATT&CK® Enterprise Evaluations.

MITRE ATT&CK Enterprise Evaluations Brings the Heat in Round 6

The MITRE ATT&CK® Enterprise Evaluations are the industry’s most rigorous test of endpoint security, measuring a solution’s ability to defend against advanced threat actors through real-world attack simulations. In Round 6, MITRE raised the bar, making it the most challenging and realistic evaluation yet. This included expanded attacks on Linux and macOS® platforms and introducing false positive testing for the first time.

Palo Alto Networks rose to the challenge, delivering industry-best results:
  • The first-ever vendor to achieve 100% technique-level detection coverage with no delays or configuration changes.
  • 100% detection coverage across the expanded macOS and Linux attack surfaces.
  • The highest prevention rate of all vendors with zero false positives that could disrupt critical business operations.

Cortex XDR Achieves Industry-Best Detection Results

Cortex XDR® accomplished an unprecedented feat — 100% detection with technique-level detail. Technique-level detections are the highest quality detections possible in the MITRE test, revealing what happened in an attack and how it unfolded in your environment, providing security analysts with the key information needed to stop a breach.

Crucially, Cortex XDR achieved this result without any configuration changes or delays, detecting each step of the attack in real time with no manual intervention—a stark contrast to two-thirds of vendors who detected less than 50% of the attack steps, underscoring the heightened rigor of this year’s evaluation.

Detection

Cortex XDR Achieves Industry-Leading Prevention Results with Lowest False Positives

MITRE ATT&CK Evaluations test both detection — identifying threats after initial access — and prevention, which allows vendors to block attacks before they can cause damage. This is the essence of real-world endpoint security: prevent as much as you can and then detect everything else as quickly as possible. Cortex XDR excelled at both.

In Round 6, Cortex XDR prevented 8/10 attack steps, with zero false positives. Vendors with false positives risk halting critical business processes, potentially causing massive financial impact. Cortex XDR demonstrated an unmatched combination effectiveness and accuracy — the ideal endpoint security for the world’s largest and most demanding organizations.

Prevention

Unmatched Results from the XDR Technology Leader

Combining the Detection and Prevention scenarios into a single view of complete attack coverage in this year’s evaluation, Cortex XDR delivered unmatched results among the industry's market-share leaders in Endpoint Security. Powered by world-class research and advanced AI-driven prevention and detection, Cortex XDR provides the best security outcomes at enterprise scale enabling security teams to outpace adversary tactics and techniques.

Prevention

Raising the Bar: MITRE ATT&CK Enterprise Evaluations Delivers the Most Realistic Cybersecurity Test Yet

The MITRE ATT&CK Enterprise Evaluations raise the bar with their most realistic simulation of advanced threats to date, focusing on two critical areas: ransomware targeting Windows and Linux systems and macOS threats linked to the Democratic People's Republic of Korea (DPRK). By emulating real-world adversary tactics and introducing false positive testing for the first time, this year’s Evaluations challenge security solutions to demonstrate precision in detecting and preventing attacks across diverse platforms, mirroring the complexity of modern enterprise IT environments.

Key Features of the 2024 Evaluation:
  • Ransomware focus: Delves into the tactics of ransomware-as a service (RaaS)
  • DPRK macOS threats: Simulates modular malware and credential theft techniques
  • Adversary realism: Tests abuse of legitimate tools and privilege escalation methods
  • False positive testing: Assesses accuracy in distinguishing genuine threats from noise
Learn more about the test methodology

raising the bar: mitre att&ck enterprise evaluations delivers the most realistic cybersecurity test yet: the mitre att&ck enterprise evaluations raise the bar with their most realistic simulation of advanced threats to date, focusing on two critical areas: ransomware targeting windows and linux systems and macos threats linked to the democratic peoples republic of korea (dprk). by emulating real-world adversary tactics and introducing false positive testing for the first time, this year’s evaluations challenge security solutions to demonstrate precision in detecting and preventing attacks across diverse platforms, mirroring the complexity of modern enterprise it environments. key features of the 2024 evaluation: ransomware focus: delves into the tactics of ransomware-as a service (raas) dprk macos threats: simulates modular malware and credential theft techniques adversary realism: tests abuse of legitimate tools and privilege escalation methods false positive testing: assesses accuracy in distinguishing genuine threats from noise learn more about the test methodology

Raising the Bar: MITRE ATT&CK Enterprise Evaluations Delivers the Most Realistic Cybersecurity Test Yet

The MITRE ATT&CK Enterprise Evaluations raise the bar with their most realistic simulation of advanced threats to date, focusing on two critical areas: ransomware targeting Windows and Linux systems and macOS threats linked to the Democratic People's Republic of Korea (DPRK). By emulating real-world adversary tactics and introducing false positive testing for the first time, this year’s Evaluations challenge security solutions to demonstrate precision in detecting and preventing attacks across diverse platforms, mirroring the complexity of modern enterprise IT environments.

Key Features of the 2024 Evaluation:
  • Ransomware focus: Delves into the tactics of ransomware-as a service (RaaS)
  • DPRK macOS threats: Simulates modular malware and credential theft techniques
  • Adversary realism: Tests abuse of legitimate tools and privilege escalation methods
  • False positive testing: Assesses accuracy in distinguishing genuine threats from noise
Learn more about the test methodology

Unmasking DPRK’s Cyber Playbook
Discover insights from our world-class threat researchers into how DPRK executes sophisticated cyberattacks.
    unmasking dprk’s cyber playbook

    Tracing the Evolution of the MITRE ATT&CK Evaluations

    For the past six years, Cortex XDR has consistently excelled in the industry’s most rigorous endpoint security testing. Dive into the history of MITRE ATT&CK testing with our interactive dashboard and explore prior test reports to see how Cortex XDR has set the standard in endpoint security efficacy.
    MITRE ATT&CK Evaluations Dashboard
    Resources for All Things MITRE

    Palo Alto Networks Garners Stellar Results, Five Years Running

    Blog

    MITRE ATT&CK Round 6 Results

    Explore more
    E-BOOK

    The Essential Guide to MITRE ATT&CK, Round 5

    Read Round 5 e-book
    E-BOOK

    The Essential Guide to MITRE ATT&CK, Round 4

    Read Round 4 e-book
    Cortex XDR
    Cortex XDR

    The Market Approves!

    For more information on our third-party security evaluation results, analyst perspectives and customer reviews, see our industry validation page for Cortex XDR.
    Request a demo

    Get the latest news, invites to events, and threat alerts