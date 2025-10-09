Snehal Antani, CEO and Co-founder of Horizon3.ai: “Our research shows that credential-based attacks can bypass EDRs in minutes, often undetected. The new ESE healthcheck gives security teams proof of where their defences hold and where they need tuning.”

Dubai – How effective are Endpoint Detection and Response (EDR) tools—really? The new Endpoint Security Effectiveness (ESE) capability in the NodeZero® Offensive Security Platform gives organisations a clear answer. For the first time, security teams can measure whether their endpoint controls are configured properly and doing the job they were purchased to do.

Endpoint Security Effectiveness delivers assurance

EDR tools are intended to stop attacks on laptops, servers and other critical systems, but teams often lack a straightforward way to verify that these controls are correctly configured and effective in production. Endpoint Security Effectiveness (ESE) uses each NodeZero pentest as a live health check.

In the customer environment, NodeZero behaves like a real attacker in a controlled test, attempts to implant a test remote access tool (RAT), and records whether the endpoint control blocked, detected or allowed the activity. The output provides evidence-based information, rather than assumptions.

Organisations commit substantial budgets to endpoint security, often spending millions each year on EDR licences, deployment and management. ESE provides a clear view of where controls are effective, where misconfiguration leaves gaps, and how targeted tuning can be the difference between compromise and containment.

ESE provides a single view of:

Which hosts have endpoint protection, which do not, and where agents are out of date or misconfigured

Which real attacker actions were blocked, alerted or missed, including RAT implant attempts, credential theft, lateral movement, and access to sensitive files or cloud credentials

Time-stamped proof of each step, with commands and outputs mapped to MITRE ATT&CK, so teams know precisely where to tune policies and controls

Clear guidance to harden configuration and a fast retest to prove the fix in production

In practice, ESE surfaces the small configuration gaps that carry disproportionate risk. One misconfigured agent on a critical host can open a full attack path; a correctly tuned policy can close it. ESE shows the difference, validates improvements and helps organisations maximise the return on their EDR investment.

Keith Poyser, Vice President for EMEA at Horizon3.ai, added: “Gone are the days when clients can run a vulnerability scan, run an annual pentest, run a table top exercise and think they are secure. We’re seeing a shift from assumption to proof. By integrating Endpoint Security Effectiveness checks into NodeZero, Horizon3.ai enables organisations to validate controls in practice — moving to proactive resilience and continuous assurance. It’s about giving security leaders the confidence that their investment in EDR is paying off, and the proof to show where further tuning delivers even greater value.”

About Horizon3.ai and NodeZero

Horizon3.ai provides a cloud-based platform, NodeZero, enabling organisations and public authorities to simulate self-attacks on their IT infrastructure to assess their cyber resilience through penetration testing (pentesting). Thanks to its cloud model, the platform offers affordable, regular pentesting, making it accessible to mid-sized companies. Horizon3.ai continuously monitors the cybercrime landscape to ensure that newly discovered vulnerabilities are swiftly integrated into the cloud system. NodeZero not only identifies security flaws but also offers tailored recommendations for remediation. Through this platform, Horizon3.ai helps organisations meet rising regulatory demands for cyber resilience in Governance, Risk & Compliance (GRC), with guidelines recommending an internal self-attack at least once a week.