Helping Organizations Get the Most Out of Their EDR Investment

Horizon3.ai, the global leader in offensive security, today announced the availability of Endpoint Security Effectiveness (ESE) in the NodeZero® Offensive Security Platform. This capability gives security teams clear, evidence-backed insight into how effectively their Endpoint Detection and Response (EDR) tools detect and stop real-world attacker tactics.

Traditional EDR metrics, like verifying agent installation or confirming signature updates, offer only a surface-level view of protection. They create a false sense of security because they don’t reveal whether attackers can actually slip through. Horizon3.ai’s analysis of more than 7,000 NodeZero remote access tool (RAT) installation attempts across customer environments demonstrates the reality: in most cases, NodeZero bypassed EDRs by reusing stolen credentials rather than exploiting software flaws. In fact, only 3% of bypasses relied on vulnerabilities. Once inside, NodeZero moved quickly—completing critical actions such as data collection or user impersonation in a median of just 3 minutes, with Linux-based compromises taking as little as 20 seconds.

These findings highlight a fundamental challenge: many EDRs depend too heavily on static signatures, which can be evaded by simple code changes, while behavioral triggers are often inconsistent. As a result, credential-driven attacks, the same methods favored by real-world adversaries, routinely avoid detection.

The Endpoint Security Effectiveness (ESE) healthcheck transforms every NodeZero pentest into a safe, controlled evaluation of EDR performance in live environments, without disrupting operations. NodeZero deploys a test RAT, simulates attacker behavior, and reports whether the EDR blocked, alerted, or missed the activity. Security teams gain actionable data to identify blind spots, tune configurations, and confirm improvements over time.

“Our research shows that credential-based attacks can bypass EDRs in minutes, often undetected,” said Snehal Antani, CEO and Co-founder of Horizon3.ai. “The new ESE healthcheck gives security teams proof of where their defenses hold and where they don’t, helping them strengthen EDR performance and maximize the return on their EDR investment.”

The ESE healthcheck enables teams to:

• Assess how their EDR responds to real-world tactics, including credential-based intrusions.
• Improve detection by identifying missed activity and refining policies, logging, and integrations.
• Confirm resilience by rerunning NodeZero to validate fixes against rapid attacks.

This launch underscores Horizon3.ai’s mission to move cybersecurity from assumptions to evidence, from static safeguards to continuous validation, and from reactive firefighting to proactive resilience.

Availability

Endpoint Security Effectiveness is available today to all NodeZero customers worldwide.

For more information, visit www.horizon3.ai.

About Horizon3.ai

Horizon3.ai empowers organizations to continuously verify their security posture with NodeZero®, the industry’s leading autonomous pentesting platform. Built to think and act like an attacker — but operate safely in production — NodeZero identifies exploitable weaknesses, prioritizes fixes based on real-world impact, and verifies remediation at scale. Customers across manufacturing, healthcare, finance, and national security rely on NodeZero to reduce risk and accelerate security outcomes.

Follow Horizon3.ai on LinkedIn and X.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250828067147/en/