- The CrowdStrike Falcon® platform earns the AAA award in SE Labs Q3 2024 Enterprise Advanced Security Test
- The Falcon platform outperformed all other vendors in accurately detecting the real-world cross-domain tradecraft of three infamous adversaries: APT29 (COZY BEAR), SCATTERED SPIDER and the DPRK Ransomware Group.
- CrowdStrike’s perfect performance — 100% Detection Accuracy, 100% Legitimate Accuracy, 100% Total Accuracy and zero false positives — reflects the Falcon platform’s best-in-class, adversary-driven protection needed to stop breaches.
In this latest achievement, CrowdStrike Falcon earned the AAA award with a perfect performance in the SE Labs Q3 Enterprise Advanced Security (EAS) Test.
The Falcon platform was the only endpoint detection and response (EDR) product in this test to achieve a perfect score in all categories: 100% Detection Accuracy, 100% Legitimate Accuracy, 100% Total Accuracy and zero false positives.
SE Labs EDR Testing Replicates Sophisticated Attacks
The test also measured precision to ensure defenses can detect real threats without flagging benign activities as malicious. This balance is key to reducing noise for SOC teams and maintaining business continuity, demonstrating that effective, real-world protection doesn’t have to come at the cost of operational efficiency.
Adversaries often focus on gaining a foothold within the target environment to escalate privileges so they can move laterally and achieve their objectives, whether that involves exfiltrating sensitive data or deploying ransomware. This makes detecting the full attack chain absolutely critical. A gap at any stage could give attackers the access they need to expand their reach and evade containment.
In the SE Labs Q3 EAS test, EDR solutions faced attacks modeled after three real-world threats: COZY BEAR (a nation-state group focused on intelligence gathering), SCATTERED SPIDER and the DPRK Ransomware Group, both financially driven eCrime actors. These groups aren’t just interested in breaching systems — they aim to establish control. COZY BEAR seeks long-term access to sensitive networks, while eCrime actors move quickly to exploit resources for financial gain.
This SE Labs test didn’t just assess the ability to spot malware — it also evaluated how EDR solutions detect and disrupt adversary activity across every phase of the attack chain. SE Labs tested the EDR solutions using the tools and tactics employed by the three adversaries. It attempted to gain low-level access to target systems, escalate privileges and expand through lateral movement. Ultimately, the goal was to gain sufficient access to critical systems to complete a mission of stealing information or causing damage. The EAS test demonstrated how robust detection identifies adversary activity early, enabling timely responses to stop attackers before they can compromise critical assets.