Special Edition is the blog for security testing business SE Labs. It explains how we test security products, reports on the internet threats we find and provides security tips for businesses, other organisations and home users.

Friday, 13 May 2016

Building a security lab (literally)


I've seen a few 'how to build your own security testing lab' documents in the past, but many have struck me as being 'what I would do' rather than 'what I did'.

Having gone through the process myself at least three times over the last 15 years I thought some people might be interested in seeing a series of photos taken while we were literally building SE Labs from scratch.

First things first. You can never have enough boxes. And never throw them away, because they'll come in handy later - such as when you move from your temporary space into the permanent office.

Why not start out and build the lab where you mean to end up? Because having a commercial office space 'fitted out' takes a lot longer than you might imagine. Choosing the right time of year can help speed this up.

Start-up tip #1: Don't plan on anything happening fast over the Thanksgiving/ Christmas/ New Year period. Everyone except you will be on a go-slow/ stop. It will make you angry.

Ideally you would have all of your expensive servers locked away somewhere safe from thieves, vandals and pretty much anyone carrying too many cups of coffee.

Without that luxury you might have to set up on a desk, near the door, and plaster the windows with paper so people can't see your new company's crown jewels sitting vulnerably exposed in an insecure office.

When you work from a serviced office you have a choice: rely on their networking infrastructure or create your own. We created our own because sending exploits over someone else's network is not very friendly and there might be some liability issues too.

One problem with creating your own network in a serviced office is that you can't really run your networking cables under the floor.

This can mean using cardboard, gaffa tape and cable ties to construct a sort-of over-floor networking setup that is fractionally less hazardous than simply having cables looping all over the floor.

At this stage we were at least able to start work, although we quickly discovered the limitation of cheap network switches and, thanks to the speed of Amazon Prime, managed to upgrade without too much disruption.

While the testers were busy attacking systems and logging how the security products handled these threats, we also had to start work designing the award logos that we would eventually hand out to any vendors who did a great job.

Here are the early sketches, made in the Easy Hotel adjacent to the developing office. As you will see from our reports, the design we ended up with was the round badge. Did we make the right decision?


While all of this was going on, the main office was under construction. You can see the progress below, as the main open-plan office, the server room and our corner office take shape.

Why is there no furniture, even right at the end? Because there was a problem with the delivery and our desks were stuck on a boat somewhere near Europe, while we worked from temporary, bolted-together desks. At least we had chairs...



One large, empty shell...
The area to the right will become the server room.

The new server room is visible through the window on the right.
The corner office, full of junk.
A tidy corner office.

The open-plan area starts to take shape.
We moved into the new office with zero days to spare.
Our name is on the door (sort of).

After a busy night we head to the pub. This is now our new home.
(The building in the photo. Not the pub.)
The corner office is now full of junk again.
We have chairs but little else.

The server room starts to take shape.

A working office space!

All systems go. Neatly.
Well, neat on the face of it...

We use physical systems for most tests. So we need a lot of them.
What became of the cardboard boxes? Rumour has it that after the move one of the guys took them all home in a van and built a massive fort for his children.

Tuesday, 10 May 2016

SE Labs: Next-Generation Security Testing

I am proud to announce the first public reports from SE Labs, a new security testing company that tests a whole range of security products, from the sort of anti-malware program you run on your home PC to complex combinations of enterprise endpoint agents and appliances.

The new website will be live in the next day or so, after we've ironed out what I hope will be the last few wrinkles. (Update: 12/05/2016 - the website is live now).

Since January 2016 we've been testing endpoint security products by exposing them to live web threats and targeted attacks. The results are very interesting and will probably cause some controversy.

Targeted attack testing?

How is it possible to test using targeted attacks? We'll go into detail over the coming weeks on this blog but for now I'll say that the tests are run using threats found and used against real targets, and include realistic variations that simulate closely how attackers with a range of resources behave.

If you can make it to the Virus Bulletin conference in Denver this year you can hear me talk about advanced 'next-gen' testing and challenge me in person : )

Startup challenges

We faced significant challenges in bringing the new lab up and running over a relatively short period of time. This involved using serviced offices with fairly restrictive internet connections, cheap hardware that failed fast (thanks to Amazon prime for saving us on many, many occasions) and expensive hardware that also failed badly ('thanks' to Lenovo - avoid ThinkCentre desktops at all costs if you are relying on them to power your new startup! More on this sorry episode later...)

In addition to writing about the threats we see on the internet; the way we handle them; and (most importantly) the way that security products protect against them, I'll also be contributing some advice to those considering starting up their own businesses.

I have a catalogue of "what not to do" tips to share and maybe one or two more positive pieces of advice!

The next step

Please check out our new website (SELabs.uk) and follow us on Twitter (@SELabsUK). We also have email newsletters for the old-skool.