All posts

2020: year of the breach

Solid endpoint protection is a bare minimum

Solid endpoint protection

If it feels like new breaches are reported every week, it’s because they are. Attackers are taking no prisoners and are successfully breaking into businesses, political organisations and systems belonging to individuals. Most believe they have solid endpoint protection in place.

It’s not like a bank robbery, where the bad guys have to spend lots of time and effort to put themselves at physical risk for the sake of one big score. Ransomware extortions can happen in parallel. Criminals sit in front of screens watching piles of victims become compromised.

Continue reading “2020: year of the breach”
All posts

How reliable are security product tests?

And how can you tell?

Security product tests

If you are in charge of protecting an organisation, you need good data to help make buying decisions. The consequences of simply trusting internet reviews, vendor sales pitches and instinct are extremely serious. So which security product tests are the best?

Continue reading “How reliable are security product tests?”
All posts

SE Labs has been hacked…

And we’re really quite proud about it!

SE Labs has been hacked

Our tests are so close to real-life hacking that sometimes there is no practical difference between the two. We don’t usually expect to interact directly with cyber criminals, but it sometimes happens. In this case, our attacker was rude enough to spoil our initial analysis and to leave a sexually aggressive message for our team, too. SE Labs has been hacked!


Continue reading “SE Labs has been hacked…”
All posts

Network Security Performance Testing Evolved

How fast is your firewall? And does it still protect your business when it’s busy?

SE Labs has launched its network security performance testing service. Our reports will answer questions like, “How fast is this NGFW, really?” And, “How well does it protect, even when it’s very busy?”

We have worked with the major global vendors in this area for over a year, identifying and addressing gaps in existing network performance testing. We’ve focussed on ensuring that these new tests from SE Labs are fair, honest, reliable and accurate.

These tests are the first of a new breed.

Continue reading “Network Security Performance Testing Evolved”
All posts

Serial Hackers

How we run our Breach Response testing, and why

In this blog post our CTO Stefan Dumitrascu explains some of the challenges behind our newly launched Breach Response testing, why things are now different (better) and the background on how we came to make some of our decisions.

One of our most exciting projects this year has been the Breach Response testing programme. In this article we explain what has changed since last year, and why.

Continue reading “Serial Hackers”
All posts

Hands up, who’s been hacked?

Get ahead in the game that never ends

Have you ever been hacked? You, personally, or your business? If your answer is, “no” it would be interesting to know how you can be so sure.

I once spoke to a marketing manager at a global anti-malware company who claimed that his PC had never been infected by malware, despite him not using anti-virus. How would be know?

Not all malware announces its presence as clearly as, say ransomware. “I just would,” he claimed.

Continue reading “Hands up, who’s been hacked?”
All posts

Next-gen testing for next-gen security products

Bad guys help SE Labs keep its testing up to date.

For the first time in our endpoint protection tests we’ve seen a strong overall performance from both well-established anti-malware brands and newer entrants to the market.

Vendors such as FireEye and Crowdstrike are well-known and respected brands in the security world, but they are relatively new compared to Symantec, McAfee and even Microsoft. Microsoft has not promoted its anti-malware software until quite recently.

Continue reading “Next-gen testing for next-gen security products”
All posts

Strong protection in uncertain times

 

A hacker mentality is keeping (computer) virus testing on track with our first 2020 endpoint protection reports.

Latest endpoint protection reports now online for enterprisesmall business and home users.

This is the first in our series of 2020 endpoint protection reports. And it is unique, for all the usual reasons but also a new one.

We would normally highlight the latest new threats that we’ve discovered on the internet. Then we would discuss how we test them against the security software you use in your business and at home in the most realistic ways possible. And we’ve done that. But these reports are different to any we’ve produced before, for another reason.

Continue reading “Strong protection in uncertain times”

All posts

Enemy Unknown: Handling Customised Targeted Attacks

 

Detecting and preventing customised targeted attacks in real-time

Experts design computer security products to detect and protect against threats such as computer viruses, other malware and the actions of hackers.

A common approach is to identify existing threats and to create patterns of recognition. This is similar to the way the pharmaceutical industry creates vaccinations against known biological viruses. Or police issuing wanted notices with photographs of known offenders.

Detecting the unknown

The downside to this approach is that you have to know in advance that the virus or criminal is harmful. The most likely time to discover this is after someone has become sick or a crime has already been committed. It would be better to detect new infections and crimes in real-time and to stop them in action before any damage is caused.

The cyber security world is adopting this approach more frequently than before.

Deep Instinct claims that its D-Client software is capable of detecting not only known threats but those that have not yet hit computer systems in the real world. These claims require a realistic test that pits the product against known threats and those typically crafted by attackers. Attackers who work in a more targeted way. Attackers who identify specific potential victims and move against them with speed and accuracy.

Electioneering

This test report used a range of sophisticated, high-profile threat campaigns such as those directed against the US Presidential election in 2016. It also directed targeted attacks against victim systems using techniques seen in well-known security breaches in recent months and years.

The results show that Deep Instinct D-Client provided a wide range of detection and threat blocking capability against well-known and customised targeted attacks. It didn’t interfere with regular use of the systems upon which it was deployed.

The deep learning system was  trained in August 2018, six months before the customised targeted threats were created.

Latest report now online.

All posts

Review: ImmuniWeb On-Demand Application Security Testing

We review the on-demand application security testing service from ImmuniWeb.

What do a start-up, small business and enterprise have in common?

They all have one or more websites.

That’s not a very humorous punchline, but the security implications of managing business websites aren’t funny either.

Continue reading “Review: ImmuniWeb On-Demand Application Security Testing”

Contact us

Give us a few details about yourself and describe your inquiry. We will get back to you as soon as possible.

Get in touch

Feel free to reach out to us with any questions or inquiries

info@selabs.uk Connect with us Find us