Author: SE Labs Team

All posts

Why Testing Email Security Is More Complicated Than You Think

Written By

SE Labs Team

Published on

July 30, 2025

Judging the effectiveness of hosted email protection isn’t as cut and dry as it might seem. Email security services don’t just block or allow email. In between is a host of options. Choices that walk a tightrope, where one false move can cost a business lost revenue. Either because malware found a way in, or a genuine message kept out.

Threats That Outsmart People and Technology

Email is still one of the most frequently used attack vectors to gain access into an organisation’s network. The “ILOVEYOU” virus might have been twenty-five years ago, but the human element is just as easy to exploit.

The latest Business Email Compromise (BEC) attacks are extremely lucrative for successful hackers. By exploiting trust and authority, these attacks attempt to bypass traditional security mechanisms by deliberately omitting malicious links or attachments.

Instead, they rely on social engineering tactics to fool the user with extremely convincing fraudulent emails that appear to come from legitimate sources. These seemingly genuine messages often trick recipients into transferring money, sharing sensitive information or performing other actions that can compromise a business.

This tactic not only makes them incredibly dangerous but also quite hard to spot by either people, or technology.

Malicious Email Detected: Now What?

While reporting detection rates is relatively straight-forward, it’s an unsubtle way to compare email security services, because not all providers handle threats in the same way.

A service might completely delete an incoming malicious email and never allow the intended recipient to see it – thereby removing any possibility of accidental interaction. If a service lacks the utter conviction that the message is unwanted, it might condemn the suspicious message to a quarantine area.

While this keeps the immediate threat away from recipients, it still potentially leaves it up to the user to decide whether or not the message is safe. But sometimes security personnel need to see what’s coming in, so quarantines can be useful investigation tools. In our testing, we make a distinction between whether a quarantine is user-based or admin-only.

At the weaker end of the scale, a service might simply add a warning to the email’s Subject line. But at SE Labs, our view is that keeping threats as far away from the user as possible is best.

During a test, we measure everything and attribute points that form the final ratings depending on the action taken by the email security service. For example, a service that completely blocks a malicious message from falling into the hands of its intended recipient is rated more highly than one that prefixes the Subject line with “Malware:” or “Phishing attempt:” or sends the message to a ‘Junk’ folder.

When Good Emails Get Flagged: The False Positive Problem

At the same time, email security service providers need to ensure that all legitimate messages arrive in the inbox. It would be easy to create a product that blocked all threats if it was also allowed to block all legitimate email.

Categorising how a service handles genuine messages is similar to how it administers threats, but in reverse. Making a small change to the Subject line is much less serious an error than deleting the message and failing to notify the recipient. If a legitimate email is categorised by a service as a threat during our testing, then a ‘false positive’ result is recorded, and points are taken away.

It’s important to test for false positives because too many indicates a product that is too aggressive and will block useful email as well as threats. Finding the balance between allowing good and blocking bad is the key to almost every type of security system.

Pushing Email Security Further, One Test at a Time

Our ratings in judging the performance of email security services reflect the relative importance we assign to each outcome. However, recognising that not all organisations have the same view, and because of the transparent way we implement tests, it’s also possible for businesses to take the raw data from our reports to roll out their own set of personalised ratings.

To date, no vendor has scored 100% Total Accuracy in our Advanced Email Security Service tests. With so many different moving parts in judging if an email is malicious, versus the danger of a customer losing revenue due to miscategorising legitimate messages, it’s extremely difficult.

Many email security services have failed to pass the grade, and very few have been awarded SE Labs’ coveted AAA Award for Advanced Email Security. This year so far, it’s only been awarded to two companies. You can read the full reports on our website: Cisco Secure Email Threat Defense and Coro Email and Cloud Security.

All posts

Next Generation Firewall Performance Test Goes Beyond Basic Benchmarks

Written By

SE Labs Team

Published on

July 24, 2025

There’s a lot to consider when choosing a next generation firewall, and its speed performance on the network is a significant factor. But speed is only part of the story. The type of traffic, the applications in use and the degree of latency all influence an end-user’s experience.

Network security appliances are designed to achieve two main goals: to allow legitimate traffic to pass through the network unhindered, and to apply security controls that handle unwanted traffic. They may also prioritise certain types of traffic over others, improving performance where it will be most noticed by the organisation using it.

When testing the performance of a firewall, there needs to be a traffic load to either demonstrate or push it beyond its abilities. On its own, the raw data is useful for comparing products with a view to choosing which is most suitable for your organisation. But the more realistic this load, the more useful the test is.

Testing Using Realistic Loads

SE Labs next-generation firewall performance test is designed to show how well the device being tested can perform in realistic production environments, not just laboratory conditions. Our team tested using a mixture of enterprise traffic, specific applications and network services and moved on to examining detailed results for throughput and latency.

Throughput tests show how much data can pass through the device before it becomes overwhelmed and slows things down. Latency, which indicates how responsive users will find their experience on the network, is also critical to a productive deployment.

For this reason, we measured latency, and in more than one way. We looked at how fast web pages can be downloaded in full, and how quickly users can expect to see a connection at least start.

The results cover how quickly the device can shift different types of network traffic, and how specific applications and services performed.

We used the load details specified by the Benchmarking Methodology Working Group of the Internet Engineering Task Force, which is supported by the NetSecOPEN standards organisation.

First Public NGFW Performance Test

At SE Labs we don’t just publish raw figures. We use our knowledge and expertise to analyse the information to help add useful colour to the results.

The goal is to give a real-world opinion as to which figures are most important, highlight where optimum performances are achieved, and to explain why some details are more significant than others.

For example, a device might achieve an apparently strong performance when handling Voice over IP, but in real-life the human ear might struggle with sub-par connection quality. Conversely, what may seem like poor performance on paper might not be noticeable to users in a real deployment.

Today we published our first ever public next generation firewall performance test. Several other vendors have undertaken this test in the past, but Cisco is the first to allow its results to be made public.

Cisco’s achievement of receiving an SE Labs AAA rating should not be underestimated. Our security testing has always been known for its emphasis on real-world evaluations that push beyond the standard evaluation criteria. With extended tests that require the device to check, track and respond to large numbers of different types of connections, and multiple checks on latency, this test raises the bar on firewall performance testing.

The full report Advanced Performance Test Report: Cisco Secure Firewall 4225 can be download and read from our website.

All posts

Why Independent Testing Matters More Than Ever in Email Security

Written By

SE Labs Team

Published on

July 21, 2025

When it comes to email security, there’s a lot of noise out there. Every vendor claims to stop phishing attacks, block spam, and protect your business from increasingly sophisticated threats. But how can anyone really know what works, and what doesn’t?

At SE Labs, we believe the answer lies in honest, rigorous, independent testing. That’s why we were pleased when Microsoft got in touch to ask us to take a close look at the methodology behind their latest benchmarking project.

Microsoft’s Real-World Email Security Benchmarks

Microsoft has published two major reports that measure the effectiveness of email security products in live environments. These benchmarks don’t rely on made-up threats or cherry-picked scenarios. Instead, they’re based on real-world attacks seen in Microsoft 365 environments.

They cover both Secure Email Gateways (SEGs), which block emails before they hit Microsoft’s systems, and Integrated Cloud Email Security (ICES) products, which come into play after Microsoft has already scanned an email.

This kind of visibility is long overdue. Email security is too often measured in vague terms, with little clarity on what counts as a threat, what counts as a detection, and whether anything was missed in between.

By proposing clear definitions of “catches” and “misses” and sharing data drawn from actual user environments, Microsoft is helping to move the conversation from flashy claims to measurable reality.

Our Role in the Process

Microsoft asked SE Labs for an independent review of its testing approach. We’ve conducted plenty of email security tests ourselves, so we know what good procedures look like, and understand some of the pitfalls. Our feedback helped Microsoft shape its methodology with an eye on fairness, transparency, and usefulness.

As our CEO and founder, Simon Edwards, put it, “Businesses need to choose the best security that they can afford. Showing the additional benefit vendors provide using real threats, as Microsoft has done here, can help with this important decision.

While traditional comparative tests with synthetic threats allow for testing that targets certain features in a product, using specific, advanced, or novel attack techniques, real-world data exposes how products perform against the full spectrum of threats encountered day to day.

Both types of testing provide valuable insights that together give a more complete picture of security effectiveness. We hope Microsoft’s data inspires additional comparative testing for better customer decision-making.”

We think that gets right to the heart of it. Real-world data helps CISOs and IT teams make smart, informed decisions – not just take vendors at their word.

Why This Matters

Email is still the number one attack vector for businesses. From phishing to malware delivery, it’s where many threats begin. And yet, in a marketplace crowded with loud claims and confusing stats, it can be genuinely hard for organisations to judge what’s effective.

Independent testing isn’t just useful, it’s essential. It adds a level of scrutiny that marketing teams can’t spin. It puts products under the spotlight in ways that matter to real users. And most importantly, it helps businesses protect themselves better.

We’re glad to see Microsoft embracing this approach. We hope it sets a new standard, not just for them, but for the whole industry.

If you’re interested in how we test email security, or you’d like to be part of a future public test, get in touch. We’re always keen to collaborate with those who share our commitment to doing things properly.

All posts

Zero Trust Network Access – Does it work?

Written By

SE Labs Team

Published on

July 15, 2025

Zero Trust Network Access - does it work?

Zero Trust Network Access (ZTNA) has lit up the cyber security market in 2025. As the name suggests, it’s a security model that grants access to applications only after verifying user identity, device health and context. But never by default. The question is, can it stop a determined hacker?

Attackers don’t always need exploits, but they do always need access. Identity attacks are now one of the most common ways into cloud environments such as Microsoft 365. They may face obstacles like Entra ID, Okta and other Identity and Access Management (IAM) products, but there are techniques to bypass these. 

In developing what we believe is the first public test on a ZTNA solution, we decided to assess its capabilities against three primary attack scenarios: Stolen Credentials, Multi-Factor Authentication (MFA) Bypass, and Session Hijacking. Our methodology, published earlier this year, allows us to thoroughly evaluates how well a product can defend against the different types of sophisticated identity attacks prevalent in today’s threat landscape.

Testing Against Stolen Credentials

Our stolen credentials testing scenario utilises compromised privileged and non-privileged accounts to access Microsoft 365 from diverse geographic locations and devices during non-standard hours, with attempts at privilege escalation and modification of permissions and security policies.

In this way, we can see how good the system is at including contextual information into its decision process. Such as why is someone logging in from London and Indonesia at the same time?

The Infallible MFA?

Multi-Factor Authentication (MFA) is often seen as a security silver bullet. It isn’t. Attackers know how to work around it, whether by overwhelming users with push requests (MFA fatigue), automating attacks with credential stuffing, or exploiting gaps in a service’s configuration. MFA flooding is a known favourite of Scattered Spider, the group believed to be behind the recent Marks and Spencers’ breach.

We use all of these techniques in our testing scenarios to see if we can bypass or breach the MFA to establish unauthorised privileged access within the system.

Red-teaming Session Hijacking with a Twist

Furthermore, our methodology incorporates advanced session hijacking scenarios that extract authentication tokens and cookies to establish compromised sessions, create privileged accounts, implement security policy modifications for persistent access, and alter email forwarding rules to intercept confidential communications.

The session hijacking is closely aligned with what we and others have done before, and represents a variation of real red-teaming techniques. But as always, the bad guys are advancing, so you can be sure we’ll be adding further angles of attack to our test as they become apparent.

First Ever ZTNA Test, Review and Analysis

In the first independent assessment of this kind of service, SE Labs tested the product in its customary like hackers’ way, using 30 different attack scenarios. 12 used stolen credentials, 8 attempted to bypass Multi-factor Authentication (MFA) and 10 were session hijacks. Cisco Universal ZTNA achieved 100% detection and 100% protection. Every attack was identified and blocked. No successful compromises were achieved.

Download the factsheet for the Advance Security Test Report Cisco Universal ZTNA or access the full report from Cisco.

All posts

Inside the 2025 SE Labs Workshop & Awards: A Day Built for Security Vendors

Written By

SE Labs Team

Published on

July 10, 2025

On 2nd July 2025, we welcomed security vendors from across the industry and beyond to our offices in Wimbledon for the SE Labs Workshop & Awards. It was a full day of insights, lively conversation, and a candid look behind the curtain at how we do security testing.

Whether you joined us in person for pastries and face-to-face chats, or tuned in from afar, the aim was simple: to help vendors understand exactly how testing works, why it matters, and how it can improve your products and your relationships with customers.

A Jam-packed Day of Sessions and Activities

We started off with coffee and croissants while everyone got settled and had the chance to meet the SE Labs team. From there, we moved into a full schedule of presentations that focused on the threats we emulate, the tools we use, and the outcomes that help shape the security industry.

The day’s agenda included:

  • Full Attack Chain Testing: A look at how we replicate real-world attacks from start to finish, not just isolated moments.
  • Endpoint Security Across Platforms: Testing across Windows 10/11 and macOS to reflect what people actually use.
  • Cloud and Email Security: Exploring how we test the broader environments that threats operate in.
  • Ransomware: Still evolving, still dangerous, and very much a key part of our testing work.
  • NGFW Evasion Testing: Cutting through the noise to reveal what firewalls genuinely stop.
  • XDR: An honest view of what works, what doesn’t, and how we test those extended capabilities.
  • AI in Defence: Where artificial intelligence genuinely helps, and where it’s still finding its feet.
  • Marketing and Sales Through Testing: A talk on how independent validation can support both technical and commercial goals.

We ended the formal part of the day with our Security Awards, followed by a drink or two and then dinner at a local restaurant. It was a proper mix of learning, recognition, and good company.

Hearing From You

What made the day particularly special for us was the feedback and conversations we had with those who came along.

Nick from Trellix told us, “It was a pleasure to attend and meet yourself and the team at SE Labs and learn more about the testing methodology… I thought the presentations were all really well delivered and very informative, and the event very beneficial overall.”

Luis from Gen and Mesfin from NetApp mentioned how welcomed they felt and how useful it was to meet the team behind the tests.

Righard from ESET said, “The content was interesting and better than what we expected… We’re already looking forward to the workshop next year!”

It was also lovely to see Liviu from CrowdStrike, who said he had already started talking to his team about how we might collaborate further.

And Paul from McAfee got in touch to say how much he appreciated both the day’s content and the hospitality. He highlighted the warmth, professionalism and genuine enthusiasm of the SE Labs team, which we were really pleased to hear.

Your observations, that were honest, kind, and grounded in real experiences, is exactly what this event is about. It’s not just a series of presentations. It’s a place for proper dialogue between testers and vendors, where the conversations matter as much as the workshop content.

Who Was There

This year, we had more than 20 people join remotely, alongside a great in-person turnout. Some of the organisations represented included:

  • Acronis
  • AhnLab
  • Broadcom
  • Coro
  • CrowdStrike
  • ESET
  • Fortinet
  • Gen Digital
  • McAfee
  • NetApp
  • Sophos
  • Trellix

Whether people were in the room or online, it was a pleasure to spend the day together.

Next Steps and What’s to Come

We are happy to share the presentation and recordings. So, if there’s something you missed or want to pass on to a colleague, just let us know. There was also a mention of the SE Labs vendor mailing list. If you’d like to be on the list we’d be happy to include you, drop us a line.

Thinking About Joining Us?

If you’re a vendor who wants to get a deeper understanding of how your product is tested, how those results are used, and what’s really going on behind the scenes, this event is built for you. It’s not a marketing exercise or a sales push. It’s about clarity, honesty and improvement.

As Simon from Sophos succinctly commented, “SE Labs event was REALLY good and far better than my expectations.”

We’d love to have you with us next time. If you’re curious or have questions, just get in touch. There’s always time for a chat.

All posts

The Winners of the SE Labs Security Awards 2025

Written By

SE Labs Team

Published on

July 2, 2025

The SE Labs Security Awards showcase the standout performers in cyber security today. Now in their seventh year, we recognise those security vendors that deliver the very best in their field and are making a real difference in keeping systems secure.

Judged based on a combination of continual public testing, private assessments and feedback from SE Labs’ corporate clients, these are the products setting the benchmarks for the rest of the cyber security industry.

This year’s awards are a little different, in that some categories have multiple winners. If you’re familiar with our testing, then you’ll know that is it extremely rigorous and rooted in real-world attack simulations. So, when more than one product consistently performs throughout the year at the top of its game, we think it deserves recognition.

“Great security doesn’t just happen – it’s built, tested and proven,” says Simon Edwards, Founder and CEO of SE Labs. “Behind every high performing security product is a team committed to excellence. We believe that we should celebrate the technologies and teams pushing the boundaries in protection and resilience against cyber attacks. The standard of competition for the top places in each category has been very high this year and all of our winners are to be congratulated.”

Hosted in London, the awards ceremony concluded SE Labs’ annual vendor workshop that brings together industry peers to explore the latest thinking in cybersecurity testing.

The 2025 SE Labs Awards cover 20 categories across the Enterprise, Small Business and Consumer markets. And the winners are…

Enterprise Awards

enterprise endpoint SE Labs awards logo

SE Labs Award for Enterprise Endpoint (Windows)

This award recognises the most effective and reliable endpoint protection solutions for enterprise environments running Microsoft Windows. Recipients have demonstrated superior threat detection, operational stability, and resilience against targeted attacks, verified through SE Labs’ independent testing framework.

The winners of this year’s Enterprise Endpoint (Windows) Award are:

  • Broadcom
  • CrowdStrike
  • ESET
  • Kaspersky
  • Microsoft
  • Sophos
  • Trellix

SE Labs Award for Enterprise Ransomware

Focused specifically on one of the most severe threats facing businesses today, this award recognises the solutions that best protects enterprise environments against ransomware. From prevention and detection to containment and recovery, the winner has proven their ability to neutralise ransomware attacks under rigorous testing conditions.

The winner of this year’s Enterprise Ransomware Award is CrowdStrike.

SE Labs Award for Enterprise New Endpoint

This award recognises emerging enterprise endpoint protection solutions that have demonstrated exceptional early performance. Awardees combine innovative approaches with strong threat detection and usability, showing that new players can deliver effective, scalable protection in complex enterprise environments.

The winners of this year’s Enterprise New Endpoint Award are:

  • AhnLab
  • HarfangLab

SE Labs Award for Enterprise Network Detection and Response

Given to the most effective NDR solutions, this award celebrates technologies that excel at identifying and responding to advanced threats moving across enterprise networks. Winners have demonstrated a high level of visibility, threat intelligence integration, and actionable response capabilities under SE Labs’ rigorous testing.

The winner of this year’s Enterprise Network Dection and Response Award is Broadcom.

SE Labs Award for Enterprise Security Development

Security is an evolving discipline, and this award recognises the enterprise product or vendor that has shown exceptional progress or innovation in development. Whether through rapid feature evolution, standout engineering practices, or meaningful user-driven enhancements, the winner is helping advance the enterprise security landscape.

The winner of this year’s Enterprise Security Development Awards is Qualys.

SE Labs Award for Enterprise Email Security Service

This award honours the enterprise email security solution that delivers the strongest protection against phishing, malware, and targeted email threats. Winners provide consistent, effective filtering and threat prevention, validated through SE Labs’ simulation of real-world, enterprise-scale email-based attacks.

The winners of this year’s Enterprise Email Security Service Award are:

  • Cisco
  • Coro
  • Microsoft
  • Trend Micro

SE Labs Award for Enterprise Next-Generation Firewall

This award is presented to the most capable NGFW solutions in an enterprise context. From deep packet inspection and intrusion prevention to threat intelligence and application control, winners combine advanced security capabilities with reliability and performance under stress.

The winners of this year’s Enterprise Next-Generation Firewall Award are:

  • Cisco
  • Fortinet
  • Palo Alto Networks

SE Labs Award for Enterprise Security Innovator

Reserved for the most forward-thinking companies in the enterprise space, this award recognises innovation that is redefining cyber defence at scale. Whether through groundbreaking technology, strategic integrations, or bold new security architectures, the recipient is pushing the boundaries of what’s possible in enterprise security.

The winner of this year’s Enterprise Security Innovator Award is OPSWAT.

SE Labs Award for Enterprise Data Protection

This award highlights the solution that best safeguards enterprise data. Whether in motion, at rest, or in use. From preventing data leakage and insider threats to securing cloud environments and compliance, winners provide effective, tested controls to protect valuable information assets.

This winner of this year’s Enterprise Data Protection Awards is NetApp.

Small Business Awards

SE Labs Awards for Small Business Endpoint (Windows)

Tailored for the needs of smaller organisations, this award celebrates endpoint security products that provide strong out-of-the-box protection, ease of management, and robust real-world defence for Windows-based networks, without requiring enterprise-level resources to operate effectively.

This winners of this year’s Small Business Endpoint (Windows) Award are:

  • ESET
  • Kaspersky
  • Microsoft
  • Sophos

SE Labs Award for Small Business Managed Service Provider Solution

With many small businesses relying on external partners to deliver cyber security expertise, this award highlights the top-performing products that are available to MSPs that deliver managed endpoint protection with clarity, efficiency, and measurable results. Winners have proven their capability to scale security services and respond rapidly to threats.

This winners of this year’s Small Business Managed Service Provider Solution Award are:

  • Acronis
  • ESET
  • Sophos

SE Labs Award for Small Business Security Innovator

Innovation is critical in an evolving threat landscape. This award recognises a standout vendor or service provider pushing the boundaries of small business cyber security. Whether through breakthrough technology, creative service models, or agile threat response strategies, this honour is reserved for those reshaping the future of SME security.

The winner of this year’s Small Business Security Innovator Award is Sophos.

SE Labs Award for Small Business New Endpoint

This award celebrates emerging endpoint solutions that have shown exceptional early promise in protecting small businesses. The recipients have impressed with their combination of innovation, usability, and effectiveness in stopping real-world threats, demonstrating that newcomers can deliver world-class protection from the outset.

The winner of this year’s Small Business New Endpoint Award is CrowdStrike.

SE Labs Award for Small Business Security Development

Recognising growth and evolution, this award goes to the vendor or product that has made significant strides in security development for small businesses. Whether through rapid feature improvement, increased threat coverage, or user-centric enhancements, the recipient is advancing SME-focused security.

The winner of this year’s Small Business Security Development Award is Webroot.

SE Labs Award for Small Business Email Security Service

This award is given to the most effective email protection solution for small organisations. Combining ease of deployment with robust filtering of phishing, malware, and BEC attacks, the winner delivers strong, accessible security without requiring specialist resources.

The winner of this year’s Small Business Email Security Service are:

  • Coro
  • Microsoft

Consumer Awards

SE Labs Award for Consumer Endpoint (Windows)

This award acknowledges the consumer endpoint product that provides the most reliable, user-friendly protection for Windows PCs. Winners offer strong malware detection, minimal system impact, and an intuitive user experience, as verified through real-world testing and simulation.

The winners of this year’s Consumer Endpoint (Windows) Award are:

  • Gen (Avast)
  • Gen (Norton)
  • Kaspersky
  • McAfee
  • Microsoft
  • Panda Dome

SE Labs Award for Consumer New Endpoint

This award celebrates a new consumer endpoint solution that has quickly proven its effectiveness. Balancing innovation, simplicity, and real-world protection, the winner stands out as a strong challenger in the competitive consumer security space.

The winner for this year’s Consumer New Endpoint is Panda Dome.

SE Labs Award for Consumer Security Development

Presented to a vendor or product that has shown outstanding development progress, this award reflects continued investment in protection, usability, and customer experience. The recipient is shaping the future of consumer cyber security through meaningful, demonstrable improvement.

The winner for this year’s Consumer Security Development Award is Panda Dome.

SE Labs Award for Consumer Email Security Service

With email still a key threat vector for individuals, this award honours the service that most effectively protects consumers from phishing and malicious content. The winner has demonstrated consistently strong filtering and prevention capabilities under SE Labs’ independent testing.

The winner for this year’s Consumer Email Security Services Award is Microsoft.

SE Labs Award for Consumer Security Innovator

Awarded to the most inventive company in the consumer space, this honour goes to a vendor that is redefining how individuals stay safe online. From unique technologies to user-focused innovations, the winner leads the way in empowering everyday users with cutting-edge cyber protection.

The winner for this year’s Consumer Security Innovator is Gen (Norton).

All posts

Calling Cyber Security Vendors

Written By

SE Labs Team

Published on

June 10, 2025

Don’t miss your chance to learn about the latest developments in full attack chain simulation, ransomware testing, XDR, NGFW, the role of AI in defence and more…

The SE Labs Workshop 2025 is our biggest yet. With a full program delivered by our own specialists, it will help you understand how the changing threat landscape is impacting testing.

Packed with Hands-On Activities & Takeaways

Our specialists will walk you through the nuances and pitfalls of cyber security testing. You’ll gain a deeper understanding of the increasing complexities in endpoint testing, including varied attack types, a separation between business and consumer security needs, and MacOS-specific testing.

From Insight to Action – Fast

As more attackers shift their tradecraft to cloud infrastructures, the SE Labs Advanced Security department will showcase the cloud-centric techniques and protocols tailored to modern cloud security challenges. We’ll be sharing the latest additions to our ransomware testing arsenal, providing you with in-depth insight into our methodologies.

Real Skills. Real Results.

We’ll take you on a deep dive into advanced testing areas, including the challenges of XDR ecosystems and next-generation firewall (NGFW) testing. You’ll learn about our newly reworked methodology and the role of AI in both offensive and defensive testing. Knowledge that you’ll be able to put to good use back in the office.

Where Innovation Meets Recognition

Closing the event is the prestigious SE Labs Annual Awards ceremony, celebrating the year’s top-performing products and innovative solutions that are driving the industry forward.

We’re breaking boundaries. Join us.

Live in London or online wherever you are, join us on the 2nd July for a packed program on how to get the most out of your cyber security testing. By the end of the day, you’ll have a comprehensive view of the industry’s direction, practical insights from SE Labs’ recent testing advancements, and the opportunity to connect with leaders in cyber security testing.

Register Now
All posts

Largest Public Test Tackles 556 Ransomware Scenarios

Written By

SE Labs Team

Published on

May 29, 2025

We made our latest ransomware counter-measures testing our largest yet.

Ransomware is rarely out of the headlines. It’s probably the most visible, most easily understood cyber threat affecting businesses today. And yet it still finds victims. This is why in our latest public report of ransomware solutions testing we increased the number of attack scenarios used by over 25%.

These included attempts to compromise target systems using techniques deployed by 15 different threat groups. To determine which attacks to deploy, we used current threat intelligence to look at what the bad guys have been doing recently and copied them quite closely. This way we can test how well security products and services handle similar threats to those faced by global governments, financial institutions and national infrastructure every day.

Ransomware vs. Endpoint

One of the reasons why ransomware is so ‘popular’ is that the attackers don’t have to produce their own. They outsource the production of ransomware to others, who provide Ransomware as a Service (RAAS). Attackers then usually trick targets into running it, or at least into providing a route for the attackers to run it for them. AI is now making the creation of such social engineering attacks easier, cheaper and more effective than ever before.

Given the global interest and terror around ransomware, we created a comprehensive test that shows how effective security products are when faced with the whole range of threats posed by ransomware itself and the criminal groups operating in the shadows. We use two approaches to do so: deep attacks and direct attacks.

Ransomware Deep Attacks

This test shows a product’s ability to track the movement of the attacker through the entire attack chain. We disable the product’s protection features and rely on its detection mode for this part of the test. The results demonstrate how incident response teams can use the product to gain visibility on ransomware attacks.

In devising the test, we analysed the common tactics of ransomware gangs and created our own two gangs that use a wider variety of methods. In all cases, we ran the attack from the very start, including attempting to access targets with stolen credentials or other means. We then moved through the system and sometimes the network, before deploying the ransomware as the final payload.

In the first two attacks for each group, we gain access and deploy ransomware onto the target immediately. In the third, fourth and fifth attacks, we move through the network and deploy ransomware on a target deeper into the network. The ransomware payloads used in this part of the report are known files from the families, which are listed on the Attack Details page of each report.

The perfect product will detect all relevant elements of an attack. The term ‘relevant’ is important, because sometimes detecting one part of an attack means it’s not necessary to detect another. This kind of visibility can be a significant advantage for a security professional who is battling a persistent attacker in real time.

Ransomware Direct Attacks

The second part of the test takes a wide distribution of known malware and adds variations designed to evade detection. We sent each of these ransomware payloads directly to target systems using realistic techniques, such as through email social engineering attacks. This is a full but short attack chain. In this part of the test, we ensure any protection features are enabled in the product.

If products can detect and protect against the known version of each of these files, all well and good. But if they also detect and block each ransomware’s two variations, then we can conclude that the protection available is more proactive than simply reacting to yesterday’s unlucky victims.

Protecting Against Ransomware

Attackers used to rely on random and widespread ransomware deployment to extort payment from as many hapless victims as they could. Today’s ransomware attacks are much more targeted and persistent–aimed at large organisations that can pay in the millions of dollars.

While educating users is still vital in protecting your business, Endpoint Protection and Detection systems do a lot of the heavy lifting. Real-world testing the marketing claims of cyber security vendors is one of the reasons we devised this test. It doesn’t just provide you with details of products you can trust, but also informs vendors where their product doesn’t reach the standard to receive an AAA award from SE Labs, and can be improved.

In the end, it’s a win for everyoneexcept of course for the attackers.

You can see for free our latest ransomware tests on products from Symantec and Carbon Black that received an AAA rating, and don’t forget to look at the CrowdStrike report too from earlier this year.

All posts

5 Key Takeaways for CISOs From The-C2

Written By

SE Labs Team

Published on

April 29, 2025

The C2 Business Threat Intelligence conference

Security Through Threat Intelligence

Three themes stood out in discussions by global security leaders throughout the two days of The-C2 cyber threat intelligence:

  • The supply chain
  • AI
  • Cyber hygiene

CISOs may be pleased to hear no one had all the answers, but they did have some interesting points to consider. Here are five key takeaways for CISOs.

Key Takeaways for CISOs

1. Mitigate the risk of under-resourced, smaller suppliers

You’ve shored up your defences. You’re certain that, should something happen, you’re prepared – right down to the folding beds for those “all-nighter” moments.

But attackers don’t give up. They might go after the easier target – your suppliers. Especially attractive to attackers are the smaller organisations that don’t have the resources available to large corporations.

The attackers might not even have to use your supplier as a springboard into your network. Putting them out of action maybe all the disruption they need, if the goal is to take out a competitor.

And what happens if your supplier is breached? Do you hang them out to dry and void the contract? Or are you smart about it and recognise that if the issues are fixed now, they will probably be more secure and security conscious than the next supplier that comes along.

2. AI: Recognise the risks and take control

AI is still on the fringes of significant cyber threat but, with the latest developments, the landscape is changing rapidly. On one hand, it will allow the bad guys to get attacks up and running faster, using less code or other resources. On the other hand, security vendors are already exploring and implementing AI to increase defence and protection.

But there are other aspects about how AI is used in business that CISOs should start considering now. Undoubtably, when AI is used to write code it will introduce new security vulnerabilities. It already often suggests insecure code. And, of course, malefactors will attempt to poison the AI algorithms.

Users too will want to take advantage of the autonomy that AI provides, and perhaps give unwise permissions to the tool in order to achieve a task.

But, as so often happens with cybersecurity, many of the issues aren’t new, they just have a fancy ‘AI’ title in front of them. Shadow AI is the new name for Shadow IT, and many of the controls and mechanism used already share the same principles. Just as businesses had to deal with BYOD over a decade ago, now it’s BYOM (bring your own model).

3. Cyber Hygiene: Make it second nature, like washing your hands

Cyber hygiene should be ingrained into the organisation’s culture, not an annual training event with a phishing test at the end. Defence in depth has a major human element in it, and businesses should do more to change behaviours if they want to change the organisation’s culture.

Too often, employees see cyber security as a technology issue, not a risk to the entire business. The growing user demands for AI tools is a classic example. After all, what’s the harm in downloading something from Hugging Face? However, providing users with authorised tools, and raising the situational awareness of the dangers of others, can have a deep positive impact on overall security.

But getting the message through will involve other departments, such as HR. They can help develop programs that deliver key messages in a variety of formats to ensure they are “heard” by all of the workforce.

4. Use threat intelligence as an enabler

Threat intelligence is no longer just a defensive tool. It provides business risk insights that help organisations make smarter decisions.

Moving from a reactive to a proactive approach to threat intelligence enables organisations to anticipate attacks with more accuracy. This increases the window of opportunity to prevent the attack from happening and ultimately drives business resilience.

In addition, by aligning intelligence-driven security with board-level risk management, CISOs will be able to justify security investments with clear, data-backed insights.

5. Embed compliance into the security strategy

The cyber threat landscape is constantly shifting, and CISOs need to prepare for evolving compliance requirements. While regulations are struggling to keep up, it’s likely that different global regions are all pushing in similar directions.

One of the key areas will be stricter supply chain security mandates. This becomes increasingly likely as businesses start to use a multitude of AI tools, many of which rely on the cloud to move data around as it is processed through various third-party systems.

To stay ahead of the curve, CISOs should start to embed compliance using the principles of good practice and cyber hygiene into their security strategy rather than treating compliance as an afterthought.

Thanks and see you next year

As hosts of The-C2, SE Labs would like to thank all those who took part in these discussions. There are other key takeaways for CISOs available so, if you’d like more in-depth information about some of the discussions from The-C2, head over to LinkedIn for the latest articles.

To register your interest in attending The-C2 in 2026 visit https://the-c2.com/

All posts

Realistic cyber security testing

Written By

SE Labs Team

Published on

November 20, 2024

Simulated or real attacks in cyber security testing?

There are many different ways to test cyber security products. Most of the common approaches are useful when evaluating a service or system, but they each have pros and cons. In this article we outline the basic differences and limitations. Can you achieve realistic cyber security testing?

Continue reading “Realistic cyber security testing”

Contact us

Give us a few details about yourself and describe your inquiry. We will get back to you as soon as possible.

Get in touch

Feel free to reach out to us with any questions or inquiries

info@selabs.uk Connect with us Find us