Sector: Enterprise
Does it matter if your company is hacked?
And why are some businesses overconfident that they are secure?
A true story: There was a team manager, a head of IT and a chief financial officer. I asked each if they considered their network to be secure, hacked or in some other state. The ex-military team manager was supremely confident that the secure network was, as its optimistic name suggested, secure. The IT manager said, “I don’t know,” and the CFO said, “I don’t know, and does it matter?” Does it matter if your company is hacked?!
It does matter, because when businesses are compromised it affects their ability to perform their main function: to make money.
Our reports help you choose the best enterprise and SMB security products that can protect your organisation from ransomware and other types of attacks.
Email Security Services (ESS) test: Enterprise and SMB test explained
This test examined the effectiveness of five email security solutions. Microsoft Defender for Office 365 and Google Workspace Enterprise are commercial email platforms. Trellix Email Security, WithSecure Email Security and Mailcow Open Source solution are third-party ‘add-on’ services designed to provide additional security. Of the ‘add-ons’, the services from Trellix and WithSecure are commercial, while Mailcow’s is open-source.
Loading…
Reload document 
Open in new tab 
Does it matter if your company is hacked?
There are a couple of common reasons why people don’t think their organisations will be hacked. Firstly, they think that their security is the best. Secondly, they don’t think they are a worthy target. But all businesses are targets because they are designed to make money. And if they cannot operate, they can’t perform their main function – making money.
Hackers know this and extort money from victims by stealing their data and threatening to release it to the public, exposing victims to large regulatory fines and litigation. And, of course, there’s the embarrassment factor of looking amateur. Hackers can also encrypt data on business systems, paralysing companies until they pay up.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
All reports
05/2023 - 05/2023
Enterprise Advanced Security (NGFW): Palo Alto Networks VM-Series Virtual Next-Generation Firewall – DETECTION
Detecting the Full Chain of Network Threats
Network security products detect threats at different security layers
Our reports help you choose the best enterprise security products that can protect you from ransomware and other types of attacks.
Understanding the capabilities of different security products is always better achieved before you need to use them in a live scenario. SE Labs’ Enterprise Advanced Security test reports help you assess which are the best for your own organisation.
Loading…
Product factsheet:
There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.
Detecting the Full Chain of Network Threats
In this report we look at how Palo Alto Networks VM-Series Virtual Next-Generation Firewalls handled full breach attempts. At which stages did it detect? And did it allow business as usual, or mis-handle legitimate applications?
The targeted attacks used in this test replicate those used by the following attack groups in the real world:
- Wizard Spider
- Sandworm
- Dragonfly & Dragonfly 2.0
Read this SE Labs assessment and discover how Palo Alto Networks VM-Series Virtual Next-Generation Firewalls handle advanced targeted attacks. Find the value in deep detection systems. We also describe in detail how each of the attack groups have worked in the past and how we’ve copied their tools and techniques to create a realistic test that reflects real-world security situations.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
All reports
05/2023 - 05/2023
Enterprise Advanced Security (EDR): Coronet Cybersecurity Coro Platform – PROTECTION
Early Protection Systems
Testing protection against fully featured attacks
There are many opportunities to spot and stop attackers. You probably want your security systems to detect and prevent breaches before they succeed and appear in press reports!
Our reports help you choose the best enterprise security products that can protect you from ransomware and other types of attack. See the value of early protection systems.
Loading…
Product factsheets:
Some EDR products are designed solely to watch and inform, while others can also get involved and remove threats either as soon as they appear or after they start causing damage.
For the ‘watchers’ we run the Enterprise Advanced Security test in Detection mode. For ‘stoppers’ like the Coro Platform we can demonstrate effectiveness by testing in Protection Mode.
Early protection systems
In this report we look at how the Coro Platform handled full breach attempts. At which stages did it detect and protect? And did it allow business as usual, or mishandle legitimate applications?
The targeted attacks used in this test replicate those used by the following attack groups in the real world:
- Turla
- Ke3chang
- Threat Group-3390
- Kimsuky
Read this SE Labs assessment and discover how the Coro Platform handles advanced targeted attacks. Find the value in early protection systems. We also describe in detail how each of the attack groups have worked in the past and how we’ve copied their tools and techniques to create a realistic test that reflects real-world security situations.
Five Antivirus Myths Busted
And why do we still believe them?
Anti-virus, or endpoint security plays an essential part in protecting Windows PCs. Whether you are working in the world’s largest enterprise, or using a small personal laptop, you need a last line of defence against attacks who use malicious code to steal or damage your data.
Our reports help you choose the best enterprise anti-malware product that can protect you from ransomware and other types of attacks.
Loading…
Antivirus myths you shouldn’t believe
- Anti-virus slows your computer.
- Anti-virus only stops viruses.
- You must pay for great protection.
- Detection means protection.
- Updates are no longer necessary.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Ransomware Detection Using Hardware
Ransomware Detection Using Hardware
Computer processors get the final word when running programs. Can they judge bad code from good?
SE Labs tested Intel’s hardware approach to ransomware detection, using a wide range of ransomware attacks designed to extort victims. These attacks were realistic, using the same tactics and techniques as those used against victims in recent months.
Target systems included Windows PC both Intel vPro-based hardware and alternative AMD platforms. All were attacked in the same way by testers acting as we observe ransomware groups to behave.
Attacks used original ransomware malware, as seen in the wild during recent months, as well as more advanced variations designed to evade detection. In all cases the ransomware’s goal was to steal, encrypt and destroy sensitive data on the target systems.
Loading…
Product factsheet:
Attackers can disguise malware. In the same way you might try to slip past a security guard in thick glasses and a wig, hackers can take their regular code and make it look different. There are many ways to do this, but before it can achieve its ultimate goal, malware has to run, or execute. And at that stage it drops its disguise, at least as far as the hardware it runs on is concerned. As the code runs, its intentions become clear.
And this presents an opportunity for defenders – detect malware at the very last moment, just as it reveals itself while executing. The concept of ‘security on a chip’ has been around for a long time but now Intel claims that it has introduced anti-malware to its vPro hardware platform. By monitoring code as it executes, it hopes to detect malware and inform compatible security software when it does. It claims to do this by using pattern matching, via machine learning, to spot suspicious behaviour. The goal is to have a combination of security software and hardware working together to prevent infections.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
Cyber Threat Intelligence
Annual Report 2023: Threat Intelligence for 2023
Welcome to the fourth annual report from SE Labs. This edition focuses on cyber threat intelligence.
Understanding threats is crucial when trying to defend against them. Knowing your enemy’s tactics helps clarify security planning.
We use threat intelligence when testing security products, to ensure our results are useful to companies facing real threats in the real world.
We’re sharing our insights here to help you build a strategy for success in the face of the global cyber threat.
What are the Threats?
We explore the current threats and explain why so many organisations remain vulnerable. There’s good news and bad news…
Loading…
Ransomware
Learn about the very latest innovations in testing anti-ransomware security approaches.
Annual Security Awards
Our Annual Security Awards recognises security vendors that not only do well in our tests, but perform well in the real world with real customers. These awards are the only in the industry that recognise strong lab work combined with practical success.
How we work (and could work with you!)
Discover which types of tests we run and how we can work with you to improve your product or your choice of products.
DIY Email Security
Can you defend against email threats better than the security companies?
How well do the main email platforms handle threats? Is it worth paying for additional email security from a third-party specialist? Or could you create your own secure email server (DIY email security) and get top-grade protection for free?
Our reports help you choose the best enterprise security products and services.
Compare a major email platform with a third-party service and an open-source solution.
In this special, one-of-a-kind report we investigate how well one of the world’s largest email providers performs when trying to filter out harmful security threats from your email. We also assess the benefits of a well-known email security service that you can bolt onto any other email solution. And finally, we built an open-source email server running a combination of security and management tools to see how well it compared.
We wanted to answer the questions:
- Is there value to be had from specialist email security services?
- Should you run your own server?
- Can you combine your own server with a specialist service?
Loading…
DIY Email Security
In this report we compare a major platform with a third-party email security service to see if it’s worth spending extra on security. We worked with both companies but neither wished to be identified in this report. We reported back to them all of the threats that they identified (and missed) and provided them with an opportunity to dispute any mistakes that they identified. This report is the result of that engagement.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
Choose your reviews carefully
3 reasons our enterprise tests are trustworthy
This security report compares anti-malware products. Its job is to help you make informed buying decisions.
Our reports help you choose the best enterprise anti-malware product that can protect you from ransomware and other types of attack.
Loading…
Product factsheets:
Three reasons our security tests are the most trustworthy
There are a few questions you should ask when you look at a security report. These are all very important but in random order here they are:
- Is the test realistic?
- Does the tester explain how they tested?
- Does the tester explain how they make money
from the report?
There are all sorts of other little details to consider, which are often things security vendors get anxious about. These include technical details relating to the testing environment and the threats used to test the products. But ultimately, as a reader, you should care most about the list above.
Choose your reviews carefully
If you see a security report that isn’t realistic and transparent treat it with extra care. For more information about fake anti-virus reviews please see our blog post on the subject. If you want to make the most informed purchase of security software choose your reviews carefully.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Deep and direct ransomware testing
Deep and direct ransomware testing
We tested CrowdStrike Falcon against a range of ransomware attacks designed to extort victims. These attacks were realistic, using the same tactics and techniques that were used against victims in recent months.
Target systems, protected by CrowdStrike Falcon, were attacked by testers acting in the same way as we observe ransomware groups to behave.
Attacks were initiated from the start of the attack chain, using phishing email links and attachments, as just two examples. Each attack was run from the very start to its obvious conclusion, which means attempting to steal, encrypt and destroy sensitive data on the target systems.
Loading…
Product factsheet:
Enterprise Advanced Security (Ransomware): CrowdStrike Falcon
Ransomware is the most visible, most easily understood cyber threat affecting businesses today. Paralysed computer systems mean stalled business and loss of earnings. On top of that, a ransom demand provides a clear, countable value to a threat. A demand for “one million dollars!” is easier to quantify than the possible leak of intellectual property to a competitor.
We have created a comprehensive test that shows how effective security products are when faced with the whole range of threats posed by ransomware itself and the criminal groups operating in the shadows.
In this report we have taken two main approaches to assessing how well products can detect and protect against ransomware.
Enterprise Advanced Security (Ransomware) Tested
This detailed report looks at ransomware detection during a full network attack; and protection against known ransomware attacks and their unknown variants. We include details about the different types of ransomware attacks, including the tactics used by different criminal groups.
Enterprise Anti-Virus Testing
How hard should a security test be?
Thank you for opening this report. I hope you’ll be able to use it to get a better idea about which anti-malware products you might want to buy (or get rid of!)
Our reports help you choose the best enterprise anti-malware product that can protect you from ransomware and other types of attack.
Loading…
Product factsheets:
Enterprise Anti-Virus Testing
The report starts off with a list of products, each of which win impressive-looking awards. But have you considered what those awards mean? How come there aren’t any massive losers in the list? How hard is this security test anyway?
Baseline Testing
There are lots of ways you can test products. You could prod a teddy bear and say, “well, that looks good enough,” or you could take it to pieces and analyse every component forensically for build and functional quality. “This toy looks safe, its parts are large, soft and non-toxic, and we can’t burn it easily. Plus, it’s got big, cute eyes.” This could be a baseline for cuddly toys: SAFE, with cuteness as an extra bonus.
For anti-malware products we have to consider a few different things, including the following:
- Is it really an anti-malware product? Is it at least basically functional?
- Can it determine a good quantity of common malware, without blocking lots of useful software?
- Can it stop the malware, as well as simply detecting it?
