Simulated or real attacks in cyber security testing?
There are many different ways to test cyber security products. Most of the common approaches are useful when evaluating a service or system, but they each have pros and cons. In this article we outline the basic differences and limitations. Can you achieve realistic cyber security testing?
Multi-Factor Authentication (MFA) is much more popular than it used to be. It’s easy to use and the enhanced security that it provides is supported by many services. But it’s not bulletproof. It is possible to bypass Multi-Factor Authentication.
How to get past the best security measures since the password was invented
The proliferation of mobile devices that support MFA in various different ways has helped make it a convenient option for users and life much harder for attackers, who need to develop ways to get around it. So, of course, they do.
In this report we examine how attackers manage to bypass Multi-Factor Authentication, a security measure that seems rock solid on the face of it.
We compare endpoint security products directly using real, major threats
How can you test and judge endpoint protection products? SE Labs tested a variety of Endpoint Detection and Response products against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks.
EDR products require advanced testing
An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack.
And why are some businesses overconfident that they are secure?
A true story: There was a team manager, a head of IT and a chief financial officer. I asked each if they considered their network to be secure, hacked or in some other state.
The ex-military team manager was supremely confident that the secure network was, as its optimistic name suggested, secure. The IT manager said, “I don’t know,” and the CFO said, “I don’t know, and does it matter?”
Email Security Services test: Enterprise and Small Business test explained
This report examines the effectiveness of five email security solutions. Microsoft Defender for Office 365 and Google Workspace Enterprise are commercial email platforms. Trellix Email Security, WithSecure Email Security and Mailcow Open Source solution are third-party ‘add-on’ services designed to provide additional security. Of the ‘add-ons’, the services from Trellix and WithSecure are commercial, while Mailcow’s is open-source.
Can you defend against email threats better than the security companies?
How well do the main email platforms handle threats? Is it worth paying for additional email security from a third-party specialist? Or could you create your own secure email server and get top grade protection for free?
Compare a major email platform with a third-party service and an open-source solution
In this special, one-of-a-kind report we investigate how well one of the world’s largest email providers performs when trying to filter out harmful security threats from your email. We also assess the benefits of a well-known email security service that you can bolt onto any other email solution. And finally, we built an open-source email server running a combination of security and management tools to see how well it compared.
Anti-virus, or endpoint security plays an essential part in protecting Windows PCs. Whether you are working in the world’s largest enterprise, or using a small personal laptop, you need a last line of defence against attacks that use malicious code to steal or damage your data.
Are you a believer?
Some people have doubts about how useful anti-virus can be. Their opinions might be out of date, or they might believe marketing claims designed to push new products and discredit the competition.
At SE Labs we test endpoint security all the time, so we know what’s true and what belongs in the post-truth world. Here are the top five antivirus myths, busted!
SE Labs tested Coronet Cyber Security Coro against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks.
Full attack chain EDR test
There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.
All episodes of Cyber Security DE:CODED, Series Two
New episodes on the last Wednesday of the month.
Find all of the episodes from the award-winning Cyber Security DE:CODED podcast in one handy place.
Find all of the episodes from Cyber Security DE:CODED Series Two here. Use the Subscribe links above to connect our podcast with your favourite podcast platform and ensure you get the next episodes before anyone else.
“Because we test realistically, sometimes bad guys come onto our test network and mess with us”
Show notes for series 2, episode 9 (final episode of series 2)
What is the attack chain? Why is it good to test using full attack chains? And what are some of the alternative approaches, with their pros and cons? We’ll try to answer all of these questions and more in this special presentation episode recorded at the AVAR conference in Singapore in December 2022.
“If they chose the best products by rolling a dice then they should say so”
Show notes for series 2, episode 8
If we’ve given the impression that we’re at the heart of the security world, working with the organisations that spend billions on security – and with the companies that make billions by selling security products – you’d be right. And that puts us in an awkward position. Because we want to make security better for everyone. And sometimes that means speaking some uncomfortable truths.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkPrivacy policy