Elastic excels in AV-Comparatives EPR Test 2025: A closer look

AV-Comparatives’ EPR Test is one of the most rigorous evaluations in the industry. It simulates complex, realistic attack scenarios that traverse the full kill chain, including:

• Endpoint compromise and foothold (e.g.,initial access, execution, and persistence)

• Internal propagation (e.g., privilege escalation, lateral movement, and credential theft)

• Asset breach (e.g., exfiltration, command and control, and impact)

The EPR Test replicates APT-like multistage attacks rather than relying on synthetic malware samples. It evaluates endpoint prevention and response solutions against the MITRE ATT&CK® framework, covering: 

Phase 1: Endpoint Compromise and Foothold

• Initial Access, Execution, and Persistence

  • Replication through removable media

  • Malicious documents/scripts 

  • Registry modifications 

Phase 2: Internal Propagation

• Privilege Escalation, Lateral Movement, and Credential Access

  • Scheduled tasks/launch daemons 

  • Unsecure credentials

  • Exploitation of remote services

Phase 3: Asset Breach

• Collection, Command and Control, and Exfiltration

  • Data encoding

  • Input and screen capture

  • Application layer protocol

All participants are scored on two vectors: 

• Active Response: The product blocks the attack automatically. 

• Passive Response: The product detects and alerts on the activity, providing actionable data for analysts. 

Additionally, the test quantifies: 

• Operational Accuracy Costs (false positives, admin overhead)

• Workflow Delay Costs (productivity impact)
• Total Cost of Ownership (TCO) for a 5,000-endpoint/5-year deployment

1. Prevention is front and center:
A 99.3% active response rate means Elastic Security was able to stop threats before they could run wild in almost all test cases. This includes interrupting attacks in early phases like execution, persistence, or initial foothold — highly valuable since earlier detection often means lower damage.

2. Low noise, minimal disruption:
False positives (mistakenly flagged benign behavior) and workflow delays are often silent risks; they may not make headlines, but they erode confidence, reduce productivity, and increase costs. Elastic Security’s low operational accuracy cost and zero workflow delay in this test show that strong security doesn’t need to come at the expense of usability. 

3. Balanced total cost of ownership (TCO):
The test factors in not just purchase and licensing costs, but also the cost of responding to incidents, staffing, false positives, and potential breach fallout over time. Elastic Security’s strong showing suggests that its solution offers good value in the long term. 

4. Holistic protection:
Because the test spans multiple stages of an attack, it rewards vendors who do more than just detect malware signatures. Elastic Security’s performance across initial compromise, propagation, and asset breach phases indicates depth — protection at different layers, good detection capabilities, and the ability to give admins useful data for remediation. 

Elastic Security’s results in the AV-Comparatives EPR Test 2025 reaffirm its role as a leading endpoint prevention, detection, and response solution. With near-perfect prevention rates, minimal false positives, no workflow delays, and favorable total cost projections, it demonstrates that enterprise security need not force a trade-off between robust protection and operational efficiency. 

Join the growing number of businesses that trust Elastic Security to protect their organization against attacks. Experience the peace of mind that comes with knowing that your endpoints and organization as a whole are secure against the latest threats. Start your Elastic Security free trial, and discover the difference that our protection can make. Visit elastic.co/security to learn more.