All posts

Realistic cyber security testing

Simulated or real attacks in cyber security testing?

There are many different ways to test cyber security products. Most of the common approaches are useful when evaluating a service or system, but they each have pros and cons. In this article we outline the basic differences and limitations. Can you achieve realistic cyber security testing?

Continue reading “Realistic cyber security testing”
All posts

3 ways attackers bypass Multi-Factor Authentication

And 3 ways to stop them.

bypass Multi-Factor Authentication

Multi-Factor Authentication (MFA) is much more popular than it used to be. It’s easy to use and the enhanced security that it provides is supported by many services. But it’s not bulletproof. It is possible to bypass Multi-Factor Authentication.

How to get past the best security measures since the password was invented

The proliferation of mobile devices that support MFA in various different ways has helped make it a convenient option for users and life much harder for attackers, who need to develop ways to get around it. So, of course, they do.

In this report we examine how attackers manage to bypass Multi-Factor Authentication, a security measure that seems rock solid on the face of it.

Continue reading “3 ways attackers bypass Multi-Factor Authentication”
All posts

Endpoint Detection Compared

We compare endpoint security products directly using real, major threats

Endpoint Detection Compared

How can you test and judge endpoint protection products? SE Labs tested a variety of Endpoint Detection and Response products against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks.

EDR products require advanced testing

An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack.

Continue reading “Endpoint Detection Compared”
All posts

Does it matter if your company is hacked?

And why are some businesses overconfident that they are secure?

Does it matter if your company is hacked?

A true story: There was a team manager, a head of IT and a chief financial officer. I asked each if they considered their network to be secure, hacked or in some other state.

The ex-military team manager was supremely confident that the secure network was, as its optimistic name suggested, secure. The IT manager said, “I don’t know,” and the CFO said, “I don’t know, and does it matter?”

Email Security Services test: Enterprise and Small Business test explained

This report examines the effectiveness of five email security solutions. Microsoft Defender for Office 365 and Google Workspace Enterprise are commercial email platforms. Trellix Email Security, WithSecure Email Security and Mailcow Open Source solution are third-party ‘add-on’ services designed to provide additional security. Of the ‘add-ons’, the services from Trellix and WithSecure are commercial, while Mailcow’s is open-source.

Continue reading “Does it matter if your company is hacked?”
All posts

DIY email security

Can you defend against email threats better than the security companies?

How well do the main email platforms handle threats? Is it worth paying for additional email security from a third-party specialist? Or could you create your own secure email server and get top grade protection for free?

Compare a major email platform with a third-party service and an open-source solution

In this special, one-of-a-kind report we investigate how well one of the world’s largest email providers performs when trying to filter out harmful security threats from your email. We also assess the benefits of a well-known email security service that you can bolt onto any other email solution. And finally, we built an open-source email server running a combination of security and management tools to see how well it compared.

Continue reading “DIY email security”
All posts

Top five antivirus myths busted

And why do we still believe them?

Top five antivirus myths busted

Anti-virus, or endpoint security plays an essential part in protecting Windows PCs. Whether you are working in the world’s largest enterprise, or using a small personal laptop, you need a last line of defence against attacks that use malicious code to steal or damage your data.

Are you a believer?

Some people have doubts about how useful anti-virus can be. Their opinions might be out of date, or they might believe marketing claims designed to push new products and discredit the competition.

At SE Labs we test endpoint security all the time, so we know what’s true and what belongs in the post-truth world. Here are the top five antivirus myths, busted!

Continue reading “Top five antivirus myths busted”
All posts

Early protection systems

Can EDR really stop advanced targeted attacks?

Early protection systems

SE Labs tested Coronet Cyber Security Coro against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks.

Full attack chain EDR test

There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.

Continue reading “Early protection systems”
All posts

Cyber Security DE:CODED Series Two

All episodes of Cyber Security DE:CODED, Series Two

New episodes on the last Wednesday of the month.

Find all of the episodes from the award-winning Cyber Security DE:CODED podcast in one handy place.

Find all of the episodes from Cyber Security DE:CODED Series Two here. Use the Subscribe links above to connect our podcast with your favourite podcast platform and ensure you get the next episodes before anyone else.

Episodes

Bonus episodes

Continue reading “Cyber Security DE:CODED Series Two”
All posts

Cyber Security DE:CODED – Full attack chain testing

“Because we test realistically, sometimes bad guys come onto our test network and mess with us”

Show notes for series 2, episode 9 (final episode of series 2)

What is the attack chain? Why is it good to test using full attack chains? And what are some of the alternative approaches, with their pros and cons? We’ll try to answer all of these questions and more in this special presentation episode recorded at the AVAR conference in Singapore in December 2022.

Continue reading “Cyber Security DE:CODED – Full attack chain testing”
All posts

Cyber Security DE:CODED – Cheating in security testing

“If they chose the best products by rolling a dice then they should say so”

Show notes for series 2, episode 8

If we’ve given the impression that we’re at the heart of the security world, working with the organisations that spend billions on security – and with the companies that make billions by selling security products – you’d be right. And that puts us in an awkward position. Because we want to make security better for everyone. And sometimes that means speaking some uncomfortable truths.

This episode is the uncomfortable truth episode.

Continue reading “Cyber Security DE:CODED – Cheating in security testing”

Contact us

Give us a few details about yourself and describe your inquiry. We will get back to you as soon as possible.

Get in touch

Feel free to reach out to us with any questions or inquiries

info@selabs.uk Connect with us Find us