The new website reflects the changes in the security industry over the last few years. We’ve listened hard to your feedback and watched as the industry’s needs have changed.
Clients, both security vendors and their customers, need increasingly customised analysis of products and their effectiveness. Which is the best? And what does ‘best’ really mean?
Read more >
A hacker mentality is keeping (computer) virus testing on track.
Latest endpoint protection reports now online for enterprise, small business and home users.
This is the first in our series of 2020 endpoint protection reports. And it is unique, for all the usual reasons but also a new one.
We would normally highlight the latest new threats that we’ve discovered on the internet and discuss how we test them against the security software you use in your business and at home in the most realistic ways possible. And we’ve done that. But these reports are different to any we’ve produced before, for another reason.
World’s first in-depth, public test of security services vs. targeted attacks.
This email security test report is the product of two years of advanced threat research. We have worked with the security companies themselves and with their customers. We have monitored what the bad guys have been doing and identified and replicated real-world email threats that affect everyone generally, and also specific types of businesses.
There is no report like this anywhere in the public domain. We are extremely proud to present the results here.
Testing anti-breach products needs the full chain of attack.
Kaspersky Lab should be congratulated, not only for engaging with this new and challenging test, but for submitting a product that performed so strongly against attacks that closely replicate advanced, nation-state level threats.
Its endpoint detection and response offering, Kaspersky Anti Targeted Attack Platform, is one of the very first to face our brand new Breach Response Test and it detected all of the attacks, while protecting against the vast majority of them.
Testing anti-breach products needs the full chain of attack.
Symantec’s endpoint detection and response offering, Symantec Endpoint Security Complete, is the first to face our brand new Breach Response Test.
Report now online.
SE Labs has been working at the core of the cyber security industry since its launch in 2016. We work with all of the major developers of IT security products as well as their main customers and even investors looking to increase their chances when betting on emerging technologies.
Over the last few years we have tested more than 50 different products using over 5,000 targeted attacks. And there’s news, both good and bad.
In this article we will look at the different tools available, how effective they are at helping attackers bypass anti-malware products and how security vendors have been handling this type of threat for over a year.
Detecting and preventing threats in real-time
Computer security products are designed to detect and protect against threats such as computer viruses, other malware and the actions of hackers.
A common approach is to identify existing threats and to create patterns of recognition, in much the same way as the pharmaceutical industry creates vaccinations against known biological viruses or police issue wanted notices with photographs of known offenders.
The downside to this approach is that the virus or criminal has to be known to be harmful, most likely after someone has become sick or a crime has already been committed. It would be better to detect new infections and crimes in real-time and to stop them in action before any damage is caused.
This approach is becoming increasingly popular in the cyber security world.
Deep Instinct claims that its D-Client software is capable of detecting not only known threats but those that have not yet hit computer systems in the real world. Determining the accuracy of these claims requires a realistic test that pits the product against known threats and those typically crafted by attackers who work in a more targeted way, identifying specific potential victims and moving against them with speed and accuracy.
This test report used a range of sophisticated, high-profile threat campaigns such as those believed to have been directed against the US Presidential election in 2016, in addition to directing more targeted attacks against the victim systems using techniques seen in well-known security breaches in recent months and years.
The results show that Deep Instinct D-Client provided a wide range of detection and threat blocking capability against well-known and customised targeted attacks, without interfering with regular use of the systems upon which it was deployed. The deep learning system was trained in August 2018, six months before the customised targeted threats were created.
Latest report now online.
Malware scanning is not enough. You have to hack, too.
Internal testing is necessary but inherently biased: ‘we test against what we know’. Thorough testing, including the full attack chains presented by threats, is needed to show not only detection and protection rates, but response capabilities.
Email security test explores how and when services detect and stop threats.
Latest report now online.
This new email protection test shows a wide variation in the abilities of the services that we have assessed.
You might see the figures as being disappointing. Surely Microsoft Office 365 can’t be that bad? An eight per cent accuracy rating seems incredible.
Literally not credible. If it misses most threats then organisations relying on it for email security would be hacked to death (not literally).
But our results are subtler than just reflecting detection rates and it’s worth understanding exactly what we’re testing here to get the most value from the data. We’re not testing these services with live streams of real emails, in which massive percentages of messages are legitimate or basic spam. Depending on who you talk to, around 50 per cent of all email is spam. We don’t test anti-spam at all, in fact, but just the small percentage of email that comprises targeted attacks.
In other words, these results show what can happen when attackers apply themselves to specific targets. They do not reflect a “day in the life” of an average user’s email inbox.
We have also included some ‘commodity’ email threats, though – the kind of generic phishing and social engineering attacks that affect everyone. All services ought to stop every one of these. Similarly, we included some clean emails to ensure that the services were not too aggressively configured. All services ought to allow all these through to the inbox.
So when you see results that appear to be surprising, remember that we’re testing some very specific types of attacks that happen in real life, but not in vast numbers comparable to spam or more general threats.
The way that services handle threats are varied and effective to greater or lesser degrees. To best reflect how useful their responses are, we have a rating system that accounts for their different approaches. Essentially, services that keep threats as far as possible from users will win more points than those who let the message appear in or near the inbox. Conversely, those that allow the most legitimate messages through to the inbox rate higher than those which block them without the possibility of recovery from a junk folder or quarantine.
Archive of security product and service test results
