Horizon3.ai, renowned globally for its offensive security capabilities, has once again set a new benchmark by announcing the introduction of Endpoint Security Effectiveness (ESE) within its NodeZero® Offensive Security Platform. This innovative feature empowers security teams by providing evidence-supported insights into the efficacy of their Endpoint Detection and Response (EDR) mechanisms in halting genuine attacker tactics.
Conventional EDR metrics, such as agent installation verification or signature updates, frequently offer a superficial view of protection. This often results in a misleading sense of security, as they fail to reveal potential vulnerabilities to attackers. An in-depth analysis of over 7,000 NodeZero remote access tool (RAT) installation attempts across various client environments illustrates the concerning reality: NodeZero frequently bypassed EDRs utilising stolen credentials rather than exploiting software flaws, with only 3% of bypasses involving vulnerabilities.
Once inside, NodeZero demonstrated nimbleness, executing critical actions like data collection or user impersonation in a median span of 3 minutes, with Linux-based compromises occurring in under 20 seconds. Such insights unveil a fundamental concern: many EDR systems overly rely on static signatures prone to evasion through basic code alterations, leading credential-driven attacks—the preferred method of genuine adversaries—to go undetected.
The ESE healthcheck revolutionises every NodeZero pen test into a secure, non-disruptive evaluation of EDR performance in real-time scenarios. Through this setup, NodeZero deploys a test RAT, simulates adversary behaviour, and produces reports on whether the EDR blocked, flagged, or overlooked the event. This process provides security teams with valuable data, allowing them to pinpoint vulnerabilities, adjust settings, and confirm improvements over time.
"Our research shows that credential-based attacks can bypass EDRs in minutes, often undetected," remarked Snehal Antani, CEO and Co-founder of Horizon3.ai. "The new ESE healthcheck gives security teams proof of where their defences hold and where they don’t, helping them strengthen EDR performance and maximise the return on their EDR investment."
Core Capabilities of the ESE Healthcheck
- Evaluate how EDRs respond to real-world scenarios, specifically credential-based intrusions.
- Enhance detection by identifying overlooked activities and refining policies, logging, and integrations.
- Verify resilience by rerunning NodeZero to validate adjustments against swift attacks.
This forward-thinking launch encapsulates Horizon3.ai’s vision to transition cybersecurity from assumptions to evidence, static protections to ongoing verification, and reactive problem-solving to proactive fortification.
