Posts tagged 'startup'

The new website reflects the changes in the security industry over the last few years. We’ve listened hard to your feedback and watched as the industry’s needs have changed.

Clients, both security vendors and their customers, need increasingly customised analysis of products and their effectiveness. Which is the best? And what does ‘best’ really mean?

Posted on July 1st, 2020 by Simon PG Edwards and tagged 2020, cybersecurity, hacking, home users, investors, media, review, security testing, small businesses, standards, start-up, startup, targeted attacks, testing, website

The current global health crisis will inevitably affect everyone’s productivity in the coming months. We, at SE Labs, are committed to working through the challenges that face us all but we want to be realistic about how effective we are going to be at delivering our testing programmes, the feedback processes and report publications over the next six months.

We will not compromise on the quality of the work, please be assured of that. However, we face imminent and major disruption and it is unlikely that we will be able to publish reports at our usual and reliable frequency.

Read more >

Posted on March 18th, 2020 by Simon PG Edwards and tagged 2020, startup, test results

Building and launching a start-up company is a challenge in itself. Securing it when it is new, young and vulnerable is something else. It’s very necessary but also hard if you don’t know what you’re doing. And can you afford a consultant in the early days?

If your new business is IT-based and focused on security then you’re in a stronger position than, say, an organic make-up business or an ethical coffee brand.

Read more >

Posted on October 30th, 2019 by Simon PG Edwards and tagged certification, cybersecurity, online security, standards, startup

SE Labs has been working at the core of the cyber security industry since its launch in 2016. We work with all of the major developers of IT security products as well as their main customers and even investors looking to increase their chances when betting on emerging technologies.

Read more >

Posted on September 4th, 2019 by Simon PG Edwards and tagged 2019, anti-virus, email, hacking, predictions, security testing, standards, startup, targeted attacks, test results

What do a start-up, small business and enterprise have in common?

They all have one or more websites.

That’s not a very humorous punchline, but the security implications of managing business websites aren’t funny either.

In an age when extremely large organisations are being hacked, as well as specialist security companies, website security could not be a more serious business. Throw into the mix regulations such as the data protection act and the incoming GDPR legislation and being the person responsible for the company website just became positively horrible.

A website is a business’ public face, whether it be a local taxi company or a global pharmaceutical giant. It is virtually impossible to do business these days without a website and maintain credibility, but a website hack instantly harms any company’s standing.

How do websites get hacked? Sometimes the attackers will focus on compromising the site’s administrator, but more often than not (in our experience) the site itself is attacked directly by means of an exploit.

Such an exploit could be a aimed at a vulnerability in the platform, such as WordPress, or the server’s operating system. Sometimes the hosting company itself is targeted: a good value-for-money proposition for an attacker who wants to run one attack and gain access to thousands of websites.

Setting up the initial test was a very simple task. Enter a few relevant details into  ImmuniWeb’s Wizard-driven website, pay the fee and the work starts. A couple of days later a report is made available and you have around three months to download it before it is deleted automatically. You will receive warnings about the impending deletion.

The report is detailed. The first pages give an overview of the risk level based on how many vulnerabilities have been found, certain administration configuration issues that might exist and even an indication of other websites that might be impersonating yours.

The data in the reports is interesting and some of the issues brought to light could be easily solved. It does depend on how you have your web hosting organised, though. For example, if you run your own servers you can follow advice on upgrading certain services, such as Apache or SSH.

However, if your site runs on a hosting platform provided by a third-party, such as GoDaddy, 1&1, 123Reg or a thousand others then you have a choice: You could contact the company and request that they upgrade; or move to another host and hope that they do a better job with updates.

In this review we discovered that the hosting company we use for the SE Labs website was a little behind with some updates. We used the ImmuniWeb report as evidence that there was a potential problem and, to our surprise, the company responded fast and claimed to fix the issues.

While we could verify the changes ourselves (after all, we test security systems ourselves) we understand that for most businesses a second test would be warranted. We ran a second test for this review and were pleased to see that the previous issues had indeed been fixed.

Posted on September 1st, 2017 by Simon PG Edwards and tagged AI, cybersecurity, machine learning, review, security testing, startup

I’ve seen a few ‘how to build your own security testing lab’ documents in the past, but many have struck me as being ‘what I would do’ rather than ‘what I did’.

Having gone through the process myself at least three times over the last 15 years I thought some people might be interested in seeing a series of photos taken while we were literally building SE Labs from scratch.

First things first. You can never have enough boxes. And never throw them away, because they’ll come in handy later – such as when you move from your temporary space into the permanent office.

Why not start out and build the lab where you mean to end up? Because having a commercial office space ‘fitted out’ takes a lot longer than you might imagine. Choosing the right time of year can help speed this up.

Start-up tip #1: Don’t plan on anything happening fast over the Thanksgiving/ Christmas/ New Year period. Everyone except you will be on a go-slow/ stop. It will make you angry.

Ideally you would have all of your expensive servers locked away somewhere safe from thieves, vandals and pretty much anyone carrying too many cups of coffee.

Without that luxury you might have to set up on a desk, near the door, and plaster the windows with paper so people can’t see your new company’s crown jewels sitting vulnerably exposed in an insecure office.

When you work from a serviced office you have a choice: rely on their networking infrastructure or create your own. We created our own because sending exploits over someone else’s network is not very friendly and there might be some liability issues too.

One problem with creating your own network in a serviced office is that you can’t really run your networking cables under the floor.

This can mean using cardboard, gaffa tape and cable ties to construct a sort-of over-floor networking setup that is fractionally less hazardous than simply having cables looping all over the floor.

At this stage we were at least able to start work, although we quickly discovered the limitation of cheap network switches and, thanks to the speed of Amazon Prime, managed to upgrade without too much disruption.

While the testers were busy attacking systems and logging how the security products handled these threats, we also had to start work designing the award logos that we would eventually hand out to any vendors who did a great job.

Here are the early sketches, made in the Easy Hotel adjacent to the developing office. As you will see from our reports, the design we ended up with was the round badge. Did we make the right decision?

While all of this was going on, the main office was under construction. You can see the progress below, as the main open-plan office, the server room and our corner office take shape.

Why is there no furniture, even right at the end? Because there was a problem with the delivery and our desks were stuck on a boat somewhere near Europe, while we worked from temporary, bolted-together desks. At least we had chairs…

One large, empty shell…

The area to the right will become the server room.

The new server room is visible through the window on the right.

The corner office, full of junk.

A tidy corner office.

The open-plan area starts to take shape.

We moved into the new office with zero days to spare.

Our name is on the door (sort of).

After a busy night we head to the pub. This is now our new home. (The building in the photo. Not the pub.)

The corner office is now full of junk again.

We have chairs but little else.

The server room starts to take shape.

A working office space!

All systems go. Neatly.

Well, neat on the face of it…

We use physical systems for most tests. So we need a lot of them.

Posted on May 13th, 2016 by Simon PG Edwards and tagged security, startup, testing

I am proud to announce the first public reports from SE Labs, a new security testing company that tests a whole range of security products, from the sort of anti-malware program you run on your home PC to complex combinations of enterprise endpoint agents and appliances.

The new website will be live in the next day or so, after we’ve ironed out what I hope will be the last few wrinkles. (Update: 12/05/2016 – the website is live now).

Since January 2016 we’ve been testing endpoint security products by exposing them to live web threats and targeted attacks. The results are very interesting and will probably cause some controversy.

Targeted attack testing?

How is it possible to test using targeted attacks? We’ll go into detail over the coming weeks on this blog but for now I’ll say that the tests are run using threats found and used against real targets, and include realistic variations that simulate closely how attackers with a range of resources behave.

If you can make it to the Virus Bulletin conference in Denver this year you can hear me talk about advanced ‘next-gen’ testing and challenge me in person : )

Startup challenges

We faced significant challenges in bringing the new lab up and running over a relatively short period of time. This involved using serviced offices with fairly restrictive internet connections, cheap hardware that failed fast (thanks to Amazon prime for saving us on many, many occasions) and expensive hardware that also failed badly (‘thanks’ to Lenovo – avoid ThinkCentre desktops at all costs if you are relying on them to power your new startup! More on this sorry episode later…)

In addition to writing about the threats we see on the internet; the way we handle them; and (most importantly) the way that security products protect against them, I’ll also be contributing some advice to those considering starting up their own businesses.

I have a catalogue of “what not to do” tips to share and maybe one or two more positive pieces of advice!

The next step

Please check out our new website (SELabs.uk) and follow us on Twitter (@SELabsUK). We also have email newsletters for the old-skool.

Posted on May 10th, 2016 by Simon PG Edwards and tagged security testing, startup, targeted attacks