Acronis: The leader in EDR detection on Windows

In September 2024, SE Labs tested Acronis Extended Detection and Response (XDR) against targeted attacks based on APT29 and Scattered Spider. The test was done in parallel with SE Labs’ Q3 2024 comparative EDR test. Both tests were done using the same methodology and targeted attacks from APT29 and Scattered Spider, but the comparative test added DPRK (Democratic People’s Republic of Korea) ransomware to the evaluation. While the SE Labs test on Acronis XDR excluded Linux and Mac attacks, it paralleled the methodology used in SE Labs' comparative EDR tests involving other vendors who also faced attacks from DPRK-based groups.

SE Labs designed these tests to replicate real-world, sophisticated cyberattacks, aiming to compromise systems and infiltrate networks as threat actors typically do. The evaluation focused on the following aspects:

• Detection of targeted attack delivery.
• Tracking different elements of the attack chain, including compromises extending beyond endpoints to the broader network.
• Minimization of false positives by using legitimate files alongside threats to assess detection accuracy.

Understanding the threat groups

Scattered Spider: Active since at least 2022, this group primarily targets companies offering customer relationship and business process solutions. Its focus extends to telecommunications and high-tech industries, making it a significant player in the threat landscape.

APT29: Believed to be connected to Russian military cyber operations, APT29 focuses on government, military and telecommunications sectors. It is infamously associated with the Democratic National Committee hack in 2015, in which phishing emails with malware attachments or malicious script links were used to breach systems.

Acronis’ exceptional performance

In the tests, Acronis Cyber Protect Cloud demonstrated exceptional performance, achieving a 100% detection rate against the APT29 and Scattered Spider threat groups. This result places Acronis on par with other leading vendors and ahead of some market leading products.

The tests utilized new attack files rather than relying on previously known malicious files. This approach assessed each product's ability to detect emerging attack methodologies, providing insights into future performance rather than merely checking compliance with older threats. Acronis XDR excelled under these conditions, showcasing its ability to adapt to evolving cyberthreats.

Comprehensive threat detection

Acronis XDR earned a 100% Detection Accuracy Rating, highlighting its ability to detect and respond to every element of the attack chain. Key achievements included:

• Detection of initial attack delivery, such as spear-phishing attachments or attempts to exploit internet-facing applications.
• Identification of all subsequent malicious activities, effectively tracking the progression of each attack.

These capabilities demonstrate Acronis' ability to provide complete visibility and protection against sophisticated threats, ensuring that no step in the attack chain goes unnoticed.

While Acronis detected all elements of the attack chain, competitors like Open EDR missed several critical steps. This gap underscores the importance of comprehensive detection capabilities in modern cybersecurity solutions.

All the steps detected by Acronis Cyber Protect

Some stages are missed by Open EDR

Future-ready cyber protection

The results of these tests emphasize Acronis’ focus on future-proofing its solutions. By detecting innovative attack techniques and addressing new challenges in real time, Acronis ensures that its customers are protected against both current and emerging threats. This commitment to excellence makes Acronis Cyber Protect Cloud an indispensable solution for businesses seeking robust cybersecurity measures.