Posts filed under 'How We Test'

“You’re thinking: How much truth is in that report?”

DE:CODED is the official podcast from SE Labs.

ALL EPISODES

Show notes for series 1, episode 5

Companies spend trillions on cyber security each year. But how do they decide which products and services are the best?

Understand what a real hacking attack looks like to the attacker and defenders

The IT security world is rocked by news of breach after breach, including the shocking disclosure of the SolarWinds attack. Data is stolen, deleted or corrupted and… well you know. It’s a total mess. Journalists focus on basic outcomes, while technical blogs look at esoteric technical details. We’ve explained, in laymen’s terms, what a breach looks like from an attacker’s point of view. And from the position of the defenders.

Supporting open standards testing for firewalls and other network security devices

SE Labs has joined forces with testing standards organisation NetSecOPEN, aiming to improve the network appliance testing market. The result will be more accurate reports containing genuinely useful data.

SE Labs joins NetSecOPEN

SE Labs has always supported transparent, repeatable, standards-based testing of security products. By being the first mainstream security testing organisation to join NetSecOPEN, we are demonstrating our commitment to that purpose across all of our testing.

And how can you tell?

If you are in charge of protecting an organisation, you need good data to help make buying decisions. The consequences of simply trusting internet reviews, vendor sales pitches and instinct are extremely serious. So which security product tests are the best?

This article first appeared on LinkedIn (17th November, 2020)

And we’re really quite proud about it!

Our tests are so close to real-life hacking that sometimes there is no practical difference between the two. We don’t usually expect to interact directly with cyber criminals, but it sometimes happens. In this case, our attacker was rude enough to spoil our initial analysis and to leave a sexually aggressive message for our team, too. SE Labs has been hacked!

For immediate context, if you’ve never heard of SE Labs before, we are a computer security testing organisation. We expose our test systems to all manner of horrible software and people, to judge how effectively different security products work. No customer data was lost in this story!

How fast is your firewall? And does it still protect your business when it’s busy?

SE Labs has launched its network security performance testing service. Our reports will answer questions like, “How fast is this NGFW, really?” And, “How well does it protect, even when it’s very busy?”

We have worked with the major global vendors in this area for over a year, identifying and addressing gaps in existing network performance testing. We’ve focussed on ensuring that these new tests from SE Labs are fair, honest, reliable and accurate.

These tests are the first of a new breed.

How we run our Breach Response testing, and why

In this blog post our CTO Stefan Dumitrascu explains some of the challenges behind our newly launched Breach Response testing, why things are now different (better) and the background on how we came to make some of our decisions.

One of our most exciting projects this year has been the Breach Response testing programme. In this article we explain what has changed since last year, and why.

Well, 2020 was an interesting year! Some of the largest and newest security companies were bought and sold…

The world descended into chaos thanks to a biological virus (while digital viruses continue to wreak havoc)…

And SE Labs launched a new website and started using machine learning in its testing.

We appreciate some of these things are more important than others…

However, in the face of adversity we must all carry on and we are proud to announce our second annual report, in which we review the unprecedented year of 2020, announce our annual awards winners and discuss testing like hackers.

Bad guys help SE Labs keep its testing up to date

Latest endpoint protection reports now online for enterprise, small business and home users.

For the first time in our endpoint protection tests we’ve seen a strong overall performance from both well-established anti-malware brands and newer entrants to the market.

Vendors such as FireEye and Crowdstrike are well-known and respected brands in the security world, but they are relatively new compared to Symantec, McAfee and even Microsoft. Microsoft has not promoted its anti-malware software until quite recently.

The new website reflects the changes in the security industry over the last few years. We’ve listened hard to your feedback and watched as the industry’s needs have changed.

Clients, both security vendors and their customers, need increasingly customised analysis of products and their effectiveness. Which is the best? And what does ‘best’ really mean?