Posts filed under 'How We Test'

We compare endpoint security products directly using real, major threats.

Welcome to the first edition of the Enterprise Advanced Security test that compares different endpoint security products directly. We look at how they handle the major threats that face all businesses, from the Global 100, down to medium enterprises. And most likely small businesses, too.

Choose the best enterprise endpoint security solution

We give an overall score but also dig down into the details that your security team will care about. This report explains the different levels of coverage that these products provide.

ENDPOINT DETECTION: NEW REPORT ONLINE!

“When it’s not a pay-to-play test that’s behind the curtain…”

SUBSCRIBE! Use one of the ‘Listen on’ links below to keep updated using your favourite podcast platform.

Series 1 | Series 2

Other ways to listen: YouTube | Google Podcasts | Stitcher | RSS

Show notes for series 2, episode 3

What does it mean to test like a hacker? Can a well-intentioned tester behave the same as a real cybercriminal?

When you’re looking for a good security test, how can you tell the useful from the misleading?

Our email accounts sit at the centre of our digital lives. We look at ways to bullet-proof your most important internet account.

We discuss these questions, and more, with Frank Duff (ex-MITRE, now Tidal Cyber), Mike Sentonas (CrowdStrike) and Siggi Stefnisson (Avast).

Security Life Hack from Daniel Cuthbert!

Understand cybersecurity testing with visible threat intelligence.

An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack.

Intelligence-led testing

While it’s tempting to save time by taking shortcuts, a tester must go through an entire attack to truly understand the capabilities of EDR security products.

Each step of the attack must be realistic too. You can’t just make up what you think bad guys are doing and hope you’re right. This is why SE Labs tracks cybercriminal behaviour and builds tests based on how bad guys try to compromise victims.

A route to accessing Windows Early Launch Antimalware (ELAM).

Anti-malware products monitor Microsoft Windows for malware. They try to notice when new, unwanted software runs, but some malware can be extra sneaky and hide. To get ahead of the game anti-malware products can start monitoring the system early, before other software applications start. The security software then watches as the various programs load during the Windows boot-up process.

“If they are not getting any money from you, then where are they getting the money from?”

SUBSCRIBE! Use one of the ‘Listen on’ links below to keep updated using your favourite podcast platform.

Series 1 | Series 2

Other ways to listen: YouTube | Google Podcasts | Stitcher | RSS

Show notes for series 2, episode 2

Is your firewall as fast as you think? What does XDR mean and how does it work? Do you need a personal VPN?

We talk to Brian Monkman (NetSecOPEN), Chad Skipper (VMware), Luis Corrons (Avast) and Daniel Cuthbert.

This episode’s Security Life Hack from Dennis Batchelder (AppEsteem)!

How seriously do you take the email threat?

Cyber criminals often use email as a way to start an attack. According to many sources email is by far the most common way that attackers try to gain access to your business and personal systems.

The UK government’s Cyber Security Breaches Survey 2022 reported that email phishing alone accounts for 83% of attacks.

Email cyber threat

But we all know that, don’t we? Because organisations, large and small, receive thousands of general and more targeted email threats every year.

EMAIL PROTECTION: NEW REPORT ONLINE!

When security policies and security testing meet…

Security solutions can stop you getting things done. They can make mistakes, interpreting your actions as malicious. And then block your work. But they can also blindly follow security policies set by the IT department. Sometimes they do both! How can you predict which products will be most accurate after you buy them?

Custom security policies

Your business most likely doesn’t rely entirely on the detections and protections offered by security solutions. IT usually needs to make a least some configuration changes. Default settings should be good, but businesses commonly make their own adjustments. Every company has its own characteristics and one size definitely does not fit all.

Simulated or real attacks in cybersecurity testing?

There are many different ways to test cybersecurity products. Most of the common approaches are useful when evaluating a service or system, but they each have pros and cons. In this article we outline the basic differences and limitations. Can you achieve realistic cybersecurity testing?

A strategic alternative to penetration testing.

Is Microsoft’s anti-virus good enough? Are the ‘next-gen’ endpoint products as good as they claim? Is our combination of anti-malware and whitelisting giving us full threat coverage? Enterprises are asking themselves, and SE Labs, these questions all the time. The good news is, we can help provide an answer.

Call to action for security vendors.

Tests that follow the AMTSO testing Standard give vendors a chance to voice their opinions.

Register your interest

SE Labs has issued a new public endpoint test notification through the Anti-Malware Testing Standards Organization (AMTSO).