All reports

09/2023 - 09/2023

Enterprise Advanced Security (EDR): Cisco Secure Endpoint – DETECTION

Cisco Secure Endpoint - DETECTION

Cisco Secure Endpoint – DETECTION

Testing protection against fully featured attacks

SE Labs tested Cisco Secure Endpoint against targeted attacks based on the Turla threat. These attacks are designed to compromise systems and penetrate target networks in the same way as the advanced persistent hacking group known as Turla operates to breach systems and networks.

An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack. While it’s tempting to save time by taking shortcuts, a tester must go through an entire attack to truly understand the capabilities of EDR security products.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [1.75 MB]

Product factsheets:

Results – Cisco Secure Endpoint (Detection)

Cisco scored a 100% Detection Accuracy Rating for detecting every element of the Turla attacks, starting from the delivery of the spear phishing attachment through to all the subsequent malicious activities in the attack chain. It also prevented all of the malicious activities from running, incurring no penalties for allowing the full or partial execution of targeted attacks. The product did not generate false positives, meaning that it didn’t wrongly detect or hamper harmless, legitimate software.

Read more of our reports here.

All reports

09/2023 - 09/2023

Enterprise Advanced Security (EDR): Cisco Secure Endpoint – PROTECTION

Cisco Secure Endpoint - PROTECTION

Cisco Secure Endpoint – PROTECTION

Testing protection against fully featured attacks

SE Labs tested Cisco Secure Endpoint against targeted attacks based on the Turla threat. These attacks are designed to compromise systems and penetrate target networks in the same way as the advanced persistent hacking group known as Turla operates to breach systems and networks.

There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.

Ultimately you want your chosen security product to prevent a breach one way or another, but it’s more ideal to stop a threat early, rather than watch as it wreaks havoc before stopping it and trying to clean up.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [1.68 MB]

Cisco Secure Endpoint (Protection) Results

Cisco Secure Endpoint scored a 100% Protection Accuracy Rating for blocking every threat at the initial delivery stage. The product did not generate any false positives, meaning that it didn’t wrongly detect or hamper harmless, legitimate software.

It also prevented all of the malicious activities from running, incurring no penalties for allowing the full or partial execution of targeted attacks.

Read more of our reports here.

All reports

04/2023 - 06/2023

Enterprise Advanced Security (EDR): Enterprise 2023 Q2 – DETECTION

Endpoint Detection Compared

Endpoint Detection Compared

Endpoint Detection Compared

SE Labs tested and compared a variety of Endpoint Detection and Response products against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks. Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/ attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [3.30 MB]

An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack. While it’s tempting to save time by taking shortcuts, a tester must go through an entire attack to truly understand the capabilities of EDR security products.

Each step of the attack must be realistic too. You can’t just make up what you think bad guys are doing and hope you’re right. This is why SE Labs tracks cyber criminal behaviour and builds tests based on how bad guys try to compromise victims. The cyber security industry is familiar with the concept of the ‘attack chain’, which is the combination of those attack steps.

Fortunately, the MITRE organisation has documented each step with its ATT&CK framework. While this doesn’t give an exact blueprint for realistic attacks, it does present a general structure that testers, security vendors and customers (you!) can use to run tests and understand test results.

Read more reports here.

All reports

07/2023 - 07/2023

Enterprise Advanced Security (EDR): SenseOn – DETECTION

cybersecurity testing with visible threat intelligence

Endpoint Detection and Response is more than anti-virus

Understand cyber security testing with visible threat intelligence

An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack.

Our reports help you choose the best enterprise security products that can protect you from ransomware and other types of attack. See the value of cybersecurity testing with visible threat intelligence.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [2.19 MB]

Product factsheets:

Some EDR products are designed solely to watch and inform, while others can also get involved and remove threats either as soon as they appear or after they start causing damage.

For the ‘stoppers’ we run the Enterprise Advanced Security test in Protection mode. For ‘watchers’ like SenseOn we can demonstrate effectiveness by testing in Detection Mode.

Cyber security testing with visible threat intelligence

In this report we look at how SenseOn handled full breach attempts. At which stages did it detect? And did it allow business as usual, or alter wrongly against legitimate applications?

The targeted attacks used in this test replicate those used by the following attack groups in the real world:

  • Turla
  • Ke3chang
  • Threat Group-3390
  • Kimsuky

Read this SE Labs assessment and discover how SenseOn handles advanced targeted attacks. Find the value in early detection systems. We also describe in detail how each of the attack groups have worked in the past and how we’ve copied their tools and techniques to create a realistic test that reflects real-world security situations.

All reports

05/2023 - 05/2023

Enterprise Advanced Security (EDR): Coronet Cyber security Coro Platform – PROTECTION

Early protection systems

Early Protection Systems

Testing protection against fully featured attacks

There are many opportunities to spot and stop attackers. You probably want your security systems to detect and prevent breaches before they succeed and appear in press reports!

Our reports help you choose the best enterprise security products that can protect you from ransomware and other types of attack. See the value of early protection systems.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [3.17 MB]

Some EDR products are designed solely to watch and inform, while others can also get involved and remove threats either as soon as they appear or after they start causing damage.

For the ‘watchers’ we run the Enterprise Advanced Security test in Detection mode. For ‘stoppers’ like the Coro Platform we can demonstrate effectiveness by testing in Protection Mode.

Early detection and protection

In this report we look at how the Coro Platform handled full breach attempts. At which stages did it detect and protect? And did it allow business as usual, or mishandle legitimate applications?

The targeted attacks used in this test replicate those used by the following attack groups in the real world:

  • Turla
  • Ke3chang
  • Threat Group-3390
  • Kimsuky

Read this SE Labs assessment and discover how the Coro Platform handles advanced targeted attacks. Find the value in early protection systems. We also describe in detail how each of the attack groups have worked in the past and how we’ve copied their tools and techniques to create a realistic test that reflects real-world security situations.

All reports

04/2023 - 04/2023

Annual Report 2023

Annual Report 2023

Cyber Threat Intelligence

Welcome to the fourth annual report from SE Labs. This edition focuses on cyber threat intelligence.

Understanding threats is crucial when trying to defend against them. Knowing your enemy’s tactics helps clarify security planning.

We use threat intelligence when testing security products, to ensure our results are useful to companies facing real threats in the real world.

We’re sharing our insights here to help you build a strategy for success in the face of the global cyber threat.

What are the Threats?

We explore the current threats and explain why so many organisations remain vulnerable. There’s good news and bad news…

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [5.49 MB]

Ransomware

Learn about the very latest innovations in testing anti-ransomware security approaches.

Annual Security Awards

Our Annual Security Awards recognises security vendors that not only do well in our tests, but perform well in the real world with real customers. These awards are the only in the industry that recognise strong lab work combined with practical success.

How we work (and could work with you!)

Discover which types of tests we run and how we can work with you to improve your product or your choice of products.

All reports

07/2022 - 07/2022

Enterprise Advanced Security (EDR): Enterprise 2022 Q2 – DETECTION

Choose the best enterprise endpoint security solution

Choose the best enterprise endpoint security solution

Choose the best enterprise endpoint security solution

Welcome to the first edition of the Enterprise Advanced Security test that compares different endpoint security products directly. We look at how they handle the major threats that face all businesses, from the Global 100, down to medium enterprises. And most likely small businesses, too.

We give an overall score but also dig down into the details that your security team will care about. This report explains the different levels of coverage that these products provide.

An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of
an attack.

While it’s tempting to save time by taking shortcuts, a tester must go through an entire attack to truly understand the capabilities of EDR security products.

Full attack chain testing

Each step of the attack must be realistic too. You can’t just make up what you think bad guys are doing and hope you’re right. This is why SE Labs tracks cybercriminal behaviour and builds tests based on how bad guys try to compromise victims.

The cybersecurity industry is familiar with the concept of the ‘attack chain’, which is the combination of those attack steps.

Fortunately the MITRE organisation has documented each step with its ATT&CK framework. While this doesn’t give an exact blueprint for realistic attacks, it does present a general structure that testers, security vendors and customers (you!) can use to run tests and understand test results.

The Enterprise Advanced Security tests that SE Labs runs are based on real attackers’ behaviour. This means we can present how we run those attacks using a MITRE ATT&CK-style format.

Endpoint Detection Compared

You can see how ATT&CK lists out the details of each attack, and how we represent the way we tested, in Appendix A: Threat Intelligence, starting on page 15. This brings two main advantages: you can have confidence that the way we test is realistic and relevant, and you’re probably already familiar with this way of illustrating cyber attacks.

All reports

06/2022 - 06/2022

Enterprise Advanced Security (EDR): CrowdStrike Falcon – DETECTION

EDR is more than anti-virus

EDR is more than anti-virus

An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [2.07 MB]

Product factsheets:

Intelligence-led testing

While it’s tempting to save time by taking shortcuts, a tester must go through an entire attack to truly understand the capabilities of EDR security products.

Each step of the attack must be realistic too. You can’t just make up what you think bad guys are doing and hope you’re right. This is why SE Labs tracks cybercriminal behaviour and builds tests based on how bad guys try to compromise victims.

All reports

02/2022 - 02/2022

Enterprise Advanced Security (NDR): IronNet IronDefense – DETECTION

IronNet IronDefense NDR



SE Labs tested IronNet IronDefense against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks.

IronNet IronDefense NDR Test

Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Product factsheet:

APT groups include:

  • FIN7 & Carbanak
  • OilRig
  • APT3
  • APT29

All reports

01/2022 - 01/2022

Enterprise Advanced Security (EDR): BlackBerry – PROTECTION

BlackBerry Protect

Advanced Security (EDR): BlackBerry Protect and Optics

SE Labs tested BlackBerry Protect and Optics against a range of hacking attacks. These were designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks.

We used full chains of attack , meaning that our testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/ attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [1.60 MB]

Product factsheet:

BlackBerry Protect and Optics

Contact us

Give us a few details about yourself and describe your inquiriy. We will get back to you as soon as possible.

Please enable JavaScript in your browser to complete this form.

Get in touch

Feel free to reach out to us with any questions or inquiries

info@selabs.com Connect with us Find us