Horizon3.ai, a global leader in offensive security, has announced the launch of Endpoint Security Effectiveness (ESE) within its NodeZero® Offensive Security Platform. The new feature empowers security teams with clear, evidence-based insights into how effectively their Endpoint Detection and Response (EDR) solutions identify and stop genuine attacker tactics.
While traditional EDR metrics such as confirming agent deployment or validating signature updates offer reassurance, they rarely provide proof that an organization is truly protected. Horizon3.ai’s recent analysis of more than 7,000 NodeZero remote access tool (RAT) installation attempts revealed a critical gap: in most cases, NodeZero successfully bypassed EDR tools by leveraging stolen credentials rather than exploiting software vulnerabilities. Strikingly, only 3% of the bypasses were linked to vulnerabilities. Once inside, NodeZero demonstrated alarming speed, executing actions such as data collection and user impersonation in a median of just three minutes, with Linux-based compromises occurring in as little as 20 seconds.
The research highlights a systemic problem: EDRs that rely heavily on static signatures or inconsistent behavioral triggers are ill-equipped to detect the credential-driven attacks frequently used by real-world adversaries.
Also Read: Cloudflare Rolls Out Zero Trust Tools to Scale AI Security
The newly introduced ESE healthcheck converts every NodeZero penetration test into a safe, controlled assessment of EDR effectiveness, without impacting business operations. By deploying a test RAT, mimicking attacker behaviors, and measuring whether the EDR blocked, flagged, or missed the activity, NodeZero provides security teams with actionable evidence to uncover blind spots, fine-tune configurations, and validate improvements over time.
“Our research shows that credential-based attacks can bypass EDRs in minutes, often undetected,” said Snehal Antani, CEO and Co-founder of Horizon3.ai. “The new ESE healthcheck gives security teams proof of where their defenses hold and where they don’t, helping them strengthen EDR performance and maximize the return on their EDR investment.”
With Endpoint Security Effectiveness, organizations can:
-
Evaluate defenses by testing how EDRs respond to real-world, credential-based attack scenarios.
-
Enhance detection through policy refinements, improved logging, and tighter integrations.
-
Validate resilience by rerunning NodeZero tests to confirm that defenses hold against repeated and rapid attack attempts.
This release reinforces Horizon3.ai’s mission to transform cybersecurity from assumption-driven security postures to evidence-based resilience. By shifting the focus from static safeguards to continuous validation, Horizon3.ai continues to help enterprises stay ahead of evolving threats.
