During SE Labs' advanced security testing in June 2025, Acronis XDR proved itself capable of standing up to the most sophisticated threats. This evaluation, conducted alongside a comparison with other solutions, tested how systems respond to real and complex attacks, like those launched by advanced persistent threat (APT) groups.
And the results speak for themselves: Acronis XDR detected 100% of the attacks, without letting a single one through. But that’s not all. It also improved its “Legitimate Accuracy” score (its ability to avoid false positives), increasing from 95% in 2024 to 96% in 2025. These two metrics combined for an impressive 98% total accuracy, earning Acronis the coveted AAA award—the highest distinction SE Labs grants to solutions capable of detecting advanced threats with high effectiveness.
How does SE Labs test these solutions?
SE Labs doesn’t just scan for test viruses. Their approach goes far beyond that. They use a methodology based on the MITRE ATT&CK framework, recreating real-world attacks in network environments that simulate actual businesses. These include everything: workstations, servers, cloud services, domain controllers, and even IoT devices.
The attacks start just like in real life—with a phishing email or a malicious download. From there, the SE Labs team simulates each phase of the attack: lateral movement, privilege escalation, data theft, and, of course, the final impact.
What types of threats was Acronis tested against?
The test was anything but easy. Acronis XDR had to face scenarios inspired by well-known and dangerous threat groups, including:
-
Gamaredon: Spear phishing attacks targeting public infrastructure.
-
Ember Bear: Supply chain compromises affecting critical sectors.
-
Evasive Panda: Advanced state-sponsored surveillance focused on governments.
-
DPRK: Ransomware-as-a-service operations aimed at financial gain.
Each of these attacks consisted of 5 to 7 real and coordinated steps, including techniques such as credential theft, use of system tools (like PowerShell or WMI), DLL injections, and obfuscated commands to evade detection.
Read more: Canalys Highlights Acronis as a Leader in Cybersecurity
How well did Acronis perform?
During these simulations, Acronis XDR had to demonstrate how effectively it could detect and respond to each phase of the attack. The tests focused on four key areas:
-
Delivery and execution of the attack
-
Initial attacker actions
-
Privilege escalation and further actions
-
Lateral movement and post-compromise activities
Acronis not only correctly detected each stage of the attack, but also responded effectively, showcasing visibility and response capabilities that left no room for attackers to move freely.
Results: Accurate detection and full attack visibility
Acronis XDR excelled in the tests: it detected all 17 simulated attacks from start to finish, achieving a perfect score of 680 out of 680 in detection accuracy. Even in one instance where the initial phase of the attack wasn’t identified (specifically in an RPDC-type attack), the platform responded quickly by detecting suspicious behavior in later stages, such as data exfiltration preparation or lateral command execution. In other words: the attack was detected in time, even if the beginning wasn’t immediately obvious.
What stands out most is that this level of accuracy wasn’t achieved by generating unnecessary alerts. SE Labs is very strict about this—it penalizes products that “panic” over legitimate programs like Microsoft Word or Google Chrome. Acronis XDR performed intelligently, correctly identifying 709 out of 742 legitimate files and applications without disrupting normal operations.
The result? A total accuracy score of 98% and the AAA award—the highest recognition from SE Labs in its advanced security testing.
Read more: Acronis Cyber Protect Cloud named XDR Champion by Info-Tech
Ready for Real-World Enterprises
This wasn’t just a simple lab test. SE Labs’ 2025 EDR evaluation put Acronis XDR to the test against complex, real-world threats—the kind companies face in their day-to-day operations. And it became clear that Acronis not only detects attacks in real time, but also does so without causing alert fatigue or interrupting legitimate tasks.
For CISOs and security teams comparing EDR and XDR options, Acronis stands out as a solid, mature, and easy-to-deploy solution. Moreover, it has been validated through testing that simulates actual attacker behavior—not just theoretical metrics.
In summary: Acronis XDR combines precision, full visibility, low false positive rates, and a frictionless user experience. If you're looking for a reliable and effective platform to protect your business, this is definitely an option worth considering.