Posts by Simon

Legal firms vs. data security: How to solve the tension between lawyers, their IT teams, clients and data security

Traditional ways of working in the legal world clash with modern technology and tech-savvy clients. Outdated law firm tech might be safe, but it makes customers unhappy.

There is a tension between lawyers, their IT teams and their clients. Law firms don’t like to recognise this, at least publicly. But there is a clash between “the way things are done”, customer service and the convenience provided by modern technology.

And Facebook isn’t one

There are lots of ways that you can contact us, watch what we’re doing and keep up to date. But we’re stepping back from one so we can focus better on the others. Find out about the best 3 ways to follow SE Labs.

The 3 best ways to follow SE Labs

While we plan to continue maintaining a basic presence on Facebook, the best way to get the latest news, views and chat with us is to use one or more of the following three services.

Understand what a real hacking attack looks like to the attacker and defenders

The IT security world is rocked by news of breach after breach, including the shocking disclosure of the SolarWinds attack. Data is stolen, deleted or corrupted and… well you know. It’s a total mess. Journalists focus on basic outcomes, while technical blogs look at esoteric technical details. We’ve explained, in laymen’s terms, what a breach looks like from an attacker’s point of view. And from the position of the defenders.

Is trust as we know it dead?

The SolarWinds breach was arguably the most significant computer hack of the decade. At least, of those breaches that we know of. Rather than jump straight into judgement and analysis, we wanted to watch as things unfurled and provide a balanced view with facts and clear thoughts later, rather than fast attention-grabbing reactions.

And screaming into the abyss!

We’re all entitled to our opinions. So why is it so aggravating when “someone is wrong on the internet?”

Security forums vs. test results

People are biased. It’s natural human behaviour and not something we can correct. Not least because we have our own biases… In fact, research indicates that providing evidence to counter someone’s argument actually entrenches their initial position! Here, we’re going to explore opinions on security testing.

And how can you tell?

If you are in charge of protecting an organisation, you need good data to help make buying decisions. The consequences of simply trusting internet reviews, vendor sales pitches and instinct are extremely serious. So which security product tests are the best?

This article first appeared on LinkedIn (17th November, 2020)

And we’re really quite proud about it!

Our tests are so close to real-life hacking that sometimes there is no practical difference between the two. We don’t usually expect to interact directly with cyber criminals, but it sometimes happens. In this case, our attacker was rude enough to spoil our initial analysis and to leave a sexually aggressive message for our team, too. SE Labs has been hacked!

For immediate context, if you’ve never heard of SE Labs before, we are a computer security testing organisation. We expose our test systems to all manner of horrible software and people, to judge how effectively different security products work. No customer data was lost in this story!

Be in no doubt, SE Labs vs COVID-19 will be a battle. The current global health crisis will inevitably affect everyone’s productivity in the coming months. SE Labs will do everything it can to handle the challenges that we all face.

We want to be realistic about how effective we are going to be at delivering our testing programmes. The next six months pose significant risk. We plan to continue with our usual feedback processes and report publications .

We will not compromise on the quality of the work. However, we face imminent and major disruption. It is unlikely that we will be able to publish reports at our usual and reliable frequency*.

Building and launching a start-up company is a challenge in itself. Securing it when it is new, young and vulnerable is something else. It’s very necessary but also hard if you don’t know what you’re doing. And can you afford a consultant in the early days?

If your new business is IT-based and focused on security then you’re in a stronger position than, say, an organic make-up business or an ethical coffee brand.

Read more >

Whether you’re in the market for a car, hamburger or computer security product, certifications are useful. They don’t tell you how smooth the car drives, how tasty the sandwich is or how completely accurate the anti-virus software will be, but certifications indicate a general level of competence.

Latest reports now online.

In the UK new cars must be certified by the Vehicle Certification Agency (VCA), restaurants are checked for hygiene by the Food Standards Agency (FSA) and various independent testing organisations, including SE Labs, test IT security products for basic functionality.

A certification emphatically does not indicate the overall quality of a product, though. The FSA specifically states that, “The food hygiene rating is not a guide to food quality.” In other words, the food won’t make you ill, but you might not like it! Similarly, the VCA cares more about cars being made according to specification rather than how nice they look.

Security product certifications

SE Labs has a range of available testing services. We consider certification to be the most basic type of testing. If a product claims to be able to detect malware then we can test that. But we don’t claim it can detect all types. For a higher level of understanding about a product’s capabilities so-called ‘real-world’ testing is necessary.

The report you are reading now is based on our more advanced testing. This exposes real products to live threats in a realistic environment, running on real computers on an internet-connected network.

But how can you be sure that we’re really doing that? Are we just making up the figures or giving some products an unfair advantage? After all, some companies contribute financially to supporting the tests, while others do not.

To go some way to addressing this concern, as well as to improve generally and continue to evolve the business, SE Labs has achieved ISO 9001:2015 certification for “The Provision of IT Security Product Testing”. We think it’s fair to test the testers and we’re very proud to have passed!

If you spot a detail in this report that you don’t understand, or would like to discuss, please contact us via Twitter.

SE Labs uses current threat intelligence to make our tests as realistic as possible. To learn more about how we test, how we define ‘threat intelligence’ and how we use it to improve our tests please visit our website and follow us on Twitter.