Tag: 2022

All posts

Security planning for normal people

Written By

Simon Edwards

Published on

May 24, 2022

The first security technique you should master!

Security planning for normal people

Security planning can make your life easier to manage. It’s easy to become paralysed when you consider all of the threats that exist and all of the possible solutions. You can’t buy every security product available and you certainly shouldn’t even try.

There are risks that we all face (let’s call those ‘general risks’) and risks that are quite specific to you (‘individual risks’).

Security planning for anyone, whether you are the CEO of a large enterprise or a retired amateur gardener, should take into account what risks you (specifically) face and the consequences of something bad actually happening.

General risks

In this article we’re going to focus on cybersecurity, but the principles apply to any area of your life. In the computing world there are three major threats that we all face:

Continue reading “Security planning for normal people”
All posts

Security policies helping or interfering?

Written By

SE Labs Team

Published on

May 3, 2022

When security policies and security testing meet…

security policies

Security solutions can stop you getting things done. They can make mistakes, interpreting your actions as malicious. And then block your work. But they can also blindly follow security policies set by the IT department. Sometimes they do both! How can you predict which products will be most accurate after you buy them?

Custom security policies

Your business most likely doesn’t rely entirely on the detections and protections offered by security solutions. IT usually needs to make a least some configuration changes. Default settings should be good, but businesses commonly make their own adjustments. Every company has its own characteristics and one size definitely does not fit all.

Continue reading “Security policies helping or interfering?”
All posts

Helping enterprises plan security

Written By

SE Labs Team

Published on

April 13, 2022

A strategic alternative to penetration testing.

Helping enterprises plan

Is Microsoft’s anti-virus good enough? Are the ‘next-gen’ endpoint products as good as they claim? Is our combination of anti-malware and whitelisting giving us full threat coverage? Enterprises are asking themselves, and SE Labs, these questions all the time. The good news is, we can help provide an answer.

Continue reading “Helping enterprises plan security”
All posts

Public endpoint test notification

Written By

SE Labs Team

Published on

April 11, 2022

Call to action for security vendors.

Public endpoint test notification commentary phase

Tests that follow the AMTSO testing Standard give vendors a chance to voice their opinions.

Register your interest

SE Labs has issued a new public endpoint test notification through the Anti-Malware Testing Standards Organization (AMTSO).

Continue reading “Public endpoint test notification”
All posts

Choose the best security product

Written By

Simon Edwards

Published on

April 8, 2022

By understanding the rules of security testing

choose the best security product

The reports below contain security testing results. You can compare the performance of a variety of products that claim to protect you against online threats. This, in theory, will help individuals and businesses choose the best security product.

Rules of engagement

But these are free reports. How can you trust that the high-scoring vendors didn’t just pay for their ranking? Do you suspect that some low-scoring vendors dropped out of the report? Or asked to be retested until they scored better?

What are the rules behind the scenes in security testing?

Continue reading “Choose the best security product”
All posts

IronNet IronDefense detecting APTs on the network

Written By

SE Labs Team

Published on

March 15, 2022

SE Labs tested IronNet IronDefense against a range of hacking attacks.

ironnet irondefense

The SE Labs Enterprise Advanced Security test is compatible with a wide range of security products and services. This includes NDR. Our latest network detection report is now available!

IronNet IronDefense vs. APTs

Our targeted attack testing is compatible with the MITRE ATT&CK framework, which means we based our work on the industry standard way to illustrate attacks.

Continue reading “IronNet IronDefense detecting APTs on the network”
All posts

Public and private testing

Written By

SE Labs Team

Published on

March 9, 2022

How security vendors work with SE Labs.

SE Labs works with security companies to help develop and validate their products. When a security company works with SE Labs it gains two main benefits. If the product performs well it gains a much sought-after award. If it encountered problems the testing team will provide valuable information to help fix the issues.

Continue reading “Public and private testing”
All posts

Enterprise Advanced Security test expanded

Written By

SE Labs Team

Published on

February 16, 2022

The Enterprise Advanced Security testing programme includes new attack groups.

Enterprise Advanced Security

Our Enterprise Advanced Security (EAS) tests can assess any security software, hardware appliance, cloud service or combination thereof. Always evolving, these tests have expanded to include new attacks.

(These tests were originally called the Breach Response test. We renamed them for a number of reasons.)

Hackers and way they hack

Research on real attacker behaviour is a fundamental element of our EAS testing. Our team looks at the real-world behaviour of advanced threat groups, known as Advanced Persistent Threats (APTs).

Continue reading “Enterprise Advanced Security test expanded”
All posts

Can general security tests be useful?

Written By

Simon Edwards

Published on

January 26, 2022

Real-world security reports don’t always reflect your real world.

Real-world security reports

What makes a real-world security test useful? Does it need to provide a full assessment of a product or service? An assessment that is directly relevant for all potential customers? Or does it need to give just a taste of how effective a product can be?

The perfect security test

Tests can vary in how they are run and the level of information that they provide. Not all tests are equally reliable or even useful. But one thing they all have in common is that they aren’t perfect. Let’s look at how tests are limited, how you can interpret them and what the future holds.

Continue reading “Can general security tests be useful?”
All posts

How to test for ‘false positives’

Written By

SE Labs Team

Published on

January 25, 2022

False positives are not all equal. Or always real false positives!

How to test for 'false positives'

Security tests ought to test for ‘false positives’. It’s important to see if a security product stops something good on a customer’s system, as well as the bad stuff.

Measuring the balance in security

Almost nothing in this world can be reduced to ‘good’ or ‘bad’ accurately. There is too much subtlety: what’s good for one person is bad for another. Someone else might feel neutral about it, or slightly positive or negative. The same applies when testing security products. It’s rare to get a straightforward good/ bad result.

An anti-malware product might block all threats but also all useful programs. It might ask the user frequent and unhelpful questions like, “Do you want to run this ‘unknown’ file?” Alternatively, it might let everything run quietly. Or prevent some things from running without warning or explanation. Maybe you want to see alerts, but maybe you don’t.

We look at how to put the nuance back into security testing.

Continue reading “How to test for ‘false positives’”

Contact us

Give us a few details about yourself and describe your inquiry. We will get back to you as soon as possible.

Get in touch

Feel free to reach out to us with any questions or inquiries

info@selabs.uk Connect with us Find us