* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [Secure the Future](https://origin-researchcenter.paloaltonetworks.com/blog/category/secure-the-future/)
* Cortex XDR and Traps Outp...

# Cortex XDR and Traps Outperform in MITRE Evaluation

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2019%2F05%2Fxdr-cortex-xdr-sets-standard-mitres-attck-evaluations%2F)  
[](https://twitter.com/share?text=Cortex+XDR+and+Traps+Outperform+in+MITRE+Evaluation&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2019%2F05%2Fxdr-cortex-xdr-sets-standard-mitres-attck-evaluations%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2019%2F05%2Fxdr-cortex-xdr-sets-standard-mitres-attck-evaluations%2F&title=Cortex+XDR+and+Traps+Outperform+in+MITRE+Evaluation&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2019/05/xdr-cortex-xdr-sets-standard-mitres-attck-evaluations/&ts=markdown)  
\[\](mailto:?subject=Cortex XDR and Traps Outperform in MITRE Evaluation)  
Link copied  
By [Peter Havens](https://www.paloaltonetworks.com/blog/author/peter-havens/?ts=markdown "Posts by Peter Havens") and [Mitchell Bezzina](https://www.paloaltonetworks.com/blog/author/mitchell-bezzina/?ts=markdown "Posts by Mitchell Bezzina")  
May 29, 2019  
3 minutes  
[Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[endpoint detection and response](https://www.paloaltonetworks.com/blog/tag/endpoint-detection-and-response/?ts=markdown)  
[MITRE ATT\&CK evaluation](https://www.paloaltonetworks.com/blog/tag/mitre-attck-evaluation/?ts=markdown)

This post is also available in: [简体中文 (Chinese (Simplified))](https://origin-researchcenter.paloaltonetworks.com/blog/2019/08/xdr-cortex-xdr-sets-standard-mitres-attck-evaluations/?lang=zh-hans "Switch to Chinese (Simplified)(简体中文)") [繁體中文 (Chinese (Traditional))](https://origin-researchcenter.paloaltonetworks.com/blog/2019/08/xdr-cortex-xdr-sets-standard-mitres-attck-evaluations/?lang=zh-hant "Switch to Chinese (Traditional)(繁體中文)") [日本語 (Japanese)](https://origin-researchcenter.paloaltonetworks.com/blog/2019/06/xdr-cortex-xdr-sets-standard-mitres-attck-evaluations/?lang=ja "Switch to Japanese(日本語)") [한국어 (Korean)](https://origin-researchcenter.paloaltonetworks.com/blog/2019/08/xdr-cortex-xdr-sets-standard-mitres-attck-evaluations/?lang=ko "Switch to Korean(한국어)") [Português (Portuguese (Brazil))](https://origin-researchcenter.paloaltonetworks.com/blog/2019/08/xdr-cortex-xdr-sets-standard-mitres-attck-evaluations/?lang=pt-br "Switch to Portuguese (Brazil)(Português)")

We are pleased to announce [the results](https://www.paloaltonetworks.com/cortex/cortex-xdr/mitre) of an independent test that demonstrate the value of our recently launched Cortex XDR product in combination with Traps. The evaluation, which used the MITRE ATT\&CK framework, shows that Cortex XDR and Traps provide the broadest coverage with fewest missed attack techniques among 10 Endpoint Detection-and-Response (EDR) vendors.

**Broadest Coverage Across Attack Techniques**

Cortex XDR and Traps provide the best endpoint visibility and the highest coverage across different attack techniques, according to the MITRE ATT\&CK results. Coverage puts emphasis on the ability to gather telemetry across 136 attack techniques, generate real time alerts and provide enrichment for threats. The test results show that Cortex XDR and Traps provide coverage for 121 of the 136 techniques, more than any other vendor.

[](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/05/Coverage_for_Lee.png)  
[![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/05/Coverage_for_Lee.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/05/Coverage_for_Lee.png)

*This chart was created by Palo Alto Networks to quantify vendor efficacy with the MITRE ATT\&CK evaluation.*

**Automated Detection Reduces Missed Attacks**

When it comes to threat detection, we strive to automate the process because relying on humans for detection can yield inconsistent or delayed detections. The MITRE testing validates this approach. Cortex XDR and Traps had the best detection coverage with zero delayed detections compared to other vendors who relied on a human process. The highly automated AI approach provided more coverage and more consistency with no delays.

[](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/05/Misses_for_Lee.png)  
[![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/05/Misses_for_Lee.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/05/Misses_for_Lee.png)

*This chart was created by Palo Alto Networks for quantifying vendor efficacy with the MITRE ATT\&CK evaluation.*

**About Cortex XDR**

[Cortex XDR](https://www.paloaltonetworks.com/company/press/2019/palo-alto-networks-introduces-cortex-the-industrys-only-open-and-integrated-ai-based-continuous-security-platform) is the first detection and response product that natively integrates network, endpoint and cloud data to stop sophisticated attacks. This helps organizations reduce the mean time to detect and respond to attacks. MITRE specifically tested endpoint-only capabilities in a version of the product with no additional managed services. Palo Alto Networks worked with MITRE Corp, a non-profit that developed the widely used ATT\&CK framework for evaluating detection and response products.

MITRE's ATT\&CK framework provides an extensive list of capabilities and techniques that attackers have used in various real-world attacks. Organizations can use this framework to evaluate the efficacy and efficiency of their security controls. Their first-round evaluation reproduced the attack vectors of the [APT3 group](https://attack.mitre.org/groups/G0022). MITRE releases raw results, but does not score, rank or produce quantitative analysis of the results. Forrester Research created a set of scripts to help score the results, which we have used to illustrate how Cortex XDR ranks under coverage, missed techniques and alerts. For more information on Forrester's methodology, visit the Forrester blog [here](https://go.forrester.com/blogs/measuring-vendor-efficacy-using-the-MITRE-attck-evaluation).

**Conclusion**

MITRE has developed an excellent framework that helps security operations team evaluate vendor products across the full breadth of detections and investigations. Based on the latest test results, we encourage customers who are evaluating an EDR project to reach out to Palo Alto networks to understand the MITRE framework, the techniques used in the testing, and how to interpret the results.

Customers face a challenge in their ability to detect threats when they have unmanaged devices or devices where they cannot install an endpoint agent. It is important to complement the endpoint data with network data so customers can expand coverage against threats across their entire digital domain. Cortex XDR and Traps deliver on this vision. We plan to engage MITRE in a second round of evaluations to include data collected beyond just endpoints.

To learn more about Cortex XDR and Traps, please visit the [Cortex XDR product page](https://www.paloaltonetworks.com/products/xdr) and the [Traps product page](https://www.paloaltonetworks.com/traps). The full results of all participating vendors, including Palo Alto Networks, can be found [here](https://attackevals.mitre.org/evaluations.html).

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### MITRE Round 2 Results Solidify Cortex XDR as a Leader in EDR](https://origin-researchcenter.paloaltonetworks.com/blog/2020/04/cortex-mitre/)

### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Cortex XDR 2.5: Future-Proofed Security Operations With Host Insights](https://origin-researchcenter.paloaltonetworks.com/blog/2020/09/cortex-xdr-2-5/)

### [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Keep Adversaries at Bay with Managed Detection and Response](https://origin-researchcenter.paloaltonetworks.com/blog/2020/04/cortex-managed-detection-and-response/)

### [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Cortex XDR Earns "AA" Rating on NSS Labs 2020 AEP Test](https://origin-researchcenter.paloaltonetworks.com/blog/2020/02/cortex-nss-labs-aep-test/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### How to Help SOC Analysts Fight 'Alert Fatigue'](https://origin-researchcenter.paloaltonetworks.com/blog/2019/07/help-soc-analysts-fight-alert-fatigue/)

### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Cortex XDR 2.6: Better Search for Better Threat Hunting](https://origin-researchcenter.paloaltonetworks.com/blog/2020/11/cortex-xdr-2-6/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language