Elastic Security scores 99.3% in 2025 AV-Comparatives EPR test

Elastic Security has achieved Certified status in the AV-Comparatives Endpoint Prevention and Response (EPR) Test 2025 with a reported 99.3% effectiveness rate in both Active Response and Passive Response categories.

The recognition from AV-Comparatives was based on the product's performance across 50 simulated advanced attack scenarios, assessing both automated blocking capabilities and detection with alerting functions. Elastic Security outperformed several well-known competitors, including CrowdStrike, Palo Alto Networks, and Fortinet, particularly in the area of threat detection, while maintaining an equal or lower total cost of ownership over a projected five-year enterprise deployment.

AV-Comparatives EPR Test

The AV-Comparatives Endpoint Prevention and Response Test is considered a stringent industry benchmark. It simulates a wide range of targeted attacks, including advanced persistent threats that encompass various stages such as initial compromise, lateral movement within the network, credential theft, and data exfiltration. The test also assesses operational accuracy by measuring false positives, workflow delays, and overall cost implications for enterprise deployments.

According to the results, Elastic Security achieved 99.3% effectiveness in Active Response by automatically blocking simulated attacks, and a matching 99.3% in Passive Response through detection and alerting, providing analysts with MITRE ATT&CK-enriched information to facilitate swift forensic triage and response workflows.

The tests further reported that Elastic Security delivered low to minimal false positives, which contributed to reducing analyst workload. Additionally, there were no observed workflow delays, meaning that the product did not negatively impact user productivity during simulated security incidents.

Industry response

"Our exceptional performance in the AV-Comparatives EPR Test is clear validation of the effectiveness of Elastic Security and our dedication to protecting businesses in this ever-evolving threat landscape," said Mike Nichols, Vice President, Product Management, Security at Elastic. "The fact that we were able to stop over 99% of threats long before they could cause damage or data loss on corporate systems demonstrates why Elastic Security and its open AI- and data-driven approach exceeds the expectations of our users."

Andreas Clementi, Chief Executive Officer and founder of AV-Comparatives, noted Elastic Security's consistent performance across both prevention and detection in the assessment.

"Elastic achieved strong results in AV-Comparatives' 2025 Endpoint Prevention and Response Test," said Andreas Clementi. "The product demonstrated consistent performance across both Active and Passive Response methods, highlighting its ability to provide reliable protection against a broad range of attack vectors."

Product features and focus

Elastic Security, described as a solution that consolidates security information and event management (SIEM) and endpoint security, operates on an open-source platform bolstered by artificial intelligence search capabilities. The platform emphasises a unified, open model for integrating diverse AI-driven functionalities addressing various security requirements, aiming to offer incident detection, prevention, and investigative response tools within a single solution.

The 2025 AV-Comparatives EPR Test compared Elastic Security's performance against offerings from twelve major vendors. The report highlighted Elastic Security's combination of operational accuracy, attack prevention, and rapid incident response, alongside the claimed advantage of a favourable total cost profile for enterprise customers over an extended period.