Sector: Enterprise
All reports
02/2025 - 02/2025
Advanced Security Test Report: Cisco Secure Firewall 4225 – NDR (Protection)
Testing protection against fully featured attacks
Our Advanced Security test is unique, in that we test products by running a full attack. We follow every step of a breach attempt to ensure that the test is as realistic as possible. In this test we assess the capabilities of the Cisco Secure Firewall 4225.
Loading…
Reload document 
Open in new tab 
Early Protection Systems
There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.
Regardless of which stages your security takes effect, you probably want it to detect and prevent before the breach runs to its conclusion in the press.
Our Advanced Security test is unique, in that we test products by running a full attack. We follow every step of a breach attempt to ensure that the test is as realistic as possible.
This is important because different products can detect and prevent threats differently.
Ultimately you want your chosen security product to prevent a breach one way or another, but it’s more ideal to stop a threat early, rather than watch as it wreaks havoc before stopping it and trying to clean up.
Some products are designed solely to watch and inform, while others can also get involved and remove threats either as soon as they appear or after they start causing damage.
For the ‘watchers’ we run the Advanced Security test in Detection mode. For ‘stoppers’ like Cisco Secure Firewall 4225 we can demonstrate effectiveness by testing in Protection Mode.
In this report we look at how Cisco Secure Firewall 4225 handled full breach attempts. At which stages did it detect and protect? And did it allow business as usual, or mis-handle legitimate applications?
Understanding the capabilities of different security products is always better achieved before you need to use them in a live scenario. SE Labs’ Advanced Security test reports help you assess which are the best for your own organisation.
How we test the Cisco Secure Firewall 4225
SE LABS tested Cisco Secure Firewall 4225 against targeted attacks based on Threat Series: 9
These attacks are designed to compromise systems and penetrate target networks in the same way as the advanced persistent hacking groups known as Scattered Spider and APT29 operate to breach systems and networks.
Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.
Choose your reports and reviews carefully
All reports
02/2025 - 02/2025
Advanced Security Test Report: VMware vDefend Advanced Threat Prevention – NDR (Protection)
Testing protection against fully featured attacks
Our Advanced Security test is unique, in that we test products by running a full attack. We follow every step of a breach attempt to ensure that the test is as realistic as possible.
Loading…
Ransomware vs. Endpoint Security
Ransomware is the most visible, most easily understood cyber threat affecting businesses today. Paralysed computer systems mean stalled business and loss of earnings. On top of that, a ransom demand provides a clear, countable value to a threat. A demand for “one million dollars!” is easier to quantify than the possible leak of intellectual property to a competitor.
One reason why ransomware is so ‘popular’ is that the attackers don’t have to produce their own. They outsource the production of ransomware to others, who provide Ransomware as a Service (RAAS).
Attackers then usually trick targets into running it, or at least into providing a route for the attackers to run it for them. Artificial intelligence systems make the creation of such social engineering attacks easier,
cheaper and more effective than ever before.
Loading…
Product factsheet:
Ransomware Deep Attacks
We tested CrowdStrike Falcon against a range of attacks designed to extort victims. These attacks were realistic, using the same tactics and techniques as those used against victims in recent months.
For the first part of this test, we analysed the common tactics of ransomware gangs and created two custom gangs that use a wider variety of methods. In all cases we run the attack from the very start, including attempting to access targets with stolen credentials or other means. We then move through the system and sometimes the network, before deploying the ransomware as the final payload.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
Holding Cyber Security to Account
It’s a phrase I hate: People are the weakest link in cyber security. Technology is supposed to serve humans, not the other way around. When we use computers in our personal and business lives, we have certain goals. Entertainment. Making money. Administering our energy bills, car insurance and any number of other important tasks. But our goals are probably not ‘security’.
Loading…
You are not the weakest link
We should be able to rely confidently on the security products that everyone tells us we need. The endpoint protection products in this report have undergone the most strenuous testing available, and they’ve come out well. They’ll provide you with strong protection while you use your computer to do something useful, fun or both.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public email and web-based threats that were found to be live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Early Protection Systems
Testing protection against fully featured attacks
There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.
Regardless of which stages your security takes effect, you probably want it to detect and prevent before the breach runs to its conclusion in the press. Our Enterprise Advanced Security test is unique, in that we test products by running a full attack. We follow every step of a breach attempt to ensure that the test is as realistic as possible.
Loading…
Product factsheet:
Testing protection against fully featured attacks
Our Enterprise Advanced Security test is unique, in that we test products by running a full attack. We follow every step of a breach attempt to ensure that the test is as realistic as possible. This is important because different products can detect and prevent threats differently. In this report we look at how Coro – EDR handled full breach attempts. At which stages did it detect and protect? And did it allow business as usual, or mis-handle legitimate applications?
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
Endpoint Detection Compared
We compare endpoint security products directly using real, major threats
Welcome to the third edition of the Enterprise Advanced Security test, where we directly compare various endpoint security products. This report examines how these products tackle major threats faced by businesses of all sizes from the Global 100 down to medium enterprises, and likely small businesses too. While we provide an overall score, we also delve into the specific details that matter most to your security team, outlining the different levels of protection these products offer.
Endpoint Detection and Response (EDR) solutions go beyond traditional antivirus software, requiring more advanced testing methods. To truly evaluate EDR capabilities, testers need to act like real attackers, meticulously replicating each step of an attack.
It might be tempting to take shortcuts during testing, but to genuinely assess an EDR product’s effectiveness, it’s crucial to execute every stage of an attack. And each of these stages needs to be realistic; you can’t just guess what cybercriminals might do. That’s why SE Labs carefully tracks real-world cybercriminal behaviour and designs tests based on their tactics.
Thankfully, the MITRE organization has outlined these steps through its ATT&CK framework. While this framework doesn’t provide a precise guide for every attack scenario, it offers a valuable structure that testers, security vendors, and customers (like you!) can use to conduct tests and interpret results.
Loading…
How we test endpoint security products
We tested a variety of Endpoint Detection and Response products against a range of hacking attacks
designed to compromise systems and penetrate target networks in the same way criminals and other attackers breach systems and networks.
Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
Put your focus on Business Email Compromise (BEC) scenarios
Don’t ignore Business Email Compromise test cases
Good security testing is realistic, using the kinds of threats customers see in real life. This is why we put a lot of focus on Business Email Compromise (BEC) scenarios, rather than just more conventional threat types (like generic phishing and malware).
Put focus on Business Email Compromise (BEC) scenarios
Many organisations focus on blocking spam and detecting malware, but BEC attacks present a different kind of threat. BEC targets the human element of email communication. Attackers craft convincing, fraudulent emails that appear to come from legitimate sources, tricking recipients into transferring money, sharing sensitive information or performing other actions that compromise the organisation. BEC cases are not about malware detection or basic spam filtering. Instead, they exploit trust and authority.
These attacks may bypass traditional security mechanisms because they often don’t contain malicious links or attachments. Instead, they rely on social engineering, making them incredibly dangerous and quite hard to spot by either people or technology.
Loading…
The cyber security industry refers to this sequence of steps as the ‘attack chain.’ The MITRE organization has documented these stages in its ATT&CK framework. While this framework doesn’t provide an exact blueprint for real-world attacks, it offers a structured guide that testers, security vendors, and customers (like you!) can use to conduct tests and interpret the results.
How we test
SE LABS Ⓡ tested three email security services, one that is commercial, the other open-source. We also tested a commercial email platform. Each service was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public attacks that were found to be live on the internet at the time of the test.
The results indicate how effectively the services were at detecting and/or protecting against those threats in real-time and shortly after the attacks took place.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
Cyber Security Protection has Evolved
Top-tier anti-virus solutions are undeniably ‘next-generation’. This term was introduced nearly a decade ago by newcomers to the industry: a marketing device designed to compete with almost unassailable anti-malware brands.
“Stop using that tired old anti-virus and try the new, improved approach! No more mistakes. No updates. Full protection!” Problem solved. Except in 2024 I don’t think anyone would claim that malware is a thing of the past.
Cyber security protection has evolved and the leading vendors have embraced advanced technologies to stay ahead of increasingly sophisticated threats. Traditional anti-virus relies solely (or mostly) on signature-based detection. That’s not enough to defend against modern-day attacks like ransomware, file-less malware and zero-day exploits.
Loading…
Cyber security protection has evolved
Next-generation anti-virus is now the benchmark for the best security solutions. These systems go far beyond the old-fashioned model of looking for known malware signatures. Instead, they use a combination of machine learning, artificial intelligence and behavioural analysis to monitor how programs and processes behave in real-time.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public email and web-based threats that were found to be live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
All reports
09/2024 - 09/2024
Enterprise Advanced Security (EAS): Acronis Cyber Protect Cloud with Advanced Security + XDR Pack
Endpoint Detection and Response is more than anti-virus
Gain insights into cyber security testing through transparent threat intelligence
An Endpoint Detection and Response (EDR) product is much more than anti-virus which is why it requires more sophisticated testing. This involves testers mimicking real attackers and following every step of an attack.
How we test the effectiveness of Endpoint Detection and Response products
While shortcuts might seem tempting, fully executing each phase of an attack is crucial to truly evaluate the effectiveness of EDR products.
Moreover, each step must reflect real-world scenarios. You can’t just guess what cybercriminals might do and hope it’s accurate. That’s why SE Labs tracks the actual behaviour of cybercriminals and designs tests based on how attackers attempt to compromise their targets.
The cyber security industry refers to this sequence of steps as the ‘attack chain.’ The MITRE organization has documented these stages in its ATT&CK framework.
Loading…
How we tested Acronis Cyber Protect Cloud with Advanced Security + XDR Pack
We tested Acronis Cyber Protect Cloud with Advanced Security + XDR Pack against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks. Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/ attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Is AI able to protect your computer systems?
And are attackers using it to breach your network? Artificial Intelligence is ruling the stock market and may be on the verge of ruling the world if you believe the business influencers. If AI is as powerful as some say, surely it should be able to protect our computer systems from hackers?
The products in this test almost certainly rely on AI-related technologies to detect and protect against attacks. These technologies have been running in the background for about 20 years. We can argue that not only does anti-virus/ endpoint protection use AI, but it’s been doing so for many years, and certainly before Cylance claimed to be the first.
But I did something sneaky there. I slid in the word ‘-related’. Because when people talk about ChatGPT and other popular ‘AI’ tools, they are usually talking about something else. They are amazed by the utility of Machine Learning (ML) systems, which appear to be able to mimic human thought in a rather magical way.
Loading…
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
