Information Age has partnered with Tech Nation to help explore 20 of the UK’s leading cyber security scaleups.
Tech Nation Cyber is the UK’s first national scaleup programme for the cyber security sector. It is aimed at ambitious tech companies ready for growth.
In a series of 20 company profiles, we will be introducing you to the cyber security scaleups that make up Tech Nation’s first cyber cohort.
17. SE Labs
1. What does your company do?
SE Labs offers testing services to security software and services vendors and their customers. The information technology security market is growing quickly and, in addition to established technologies, a new generation of protection and investigation tools are currently being launched or are in a pre-launch start-up phase.
Customers need assurance that these products are able to achieve the vendors’ claims. Vendors also require unbiased, third-party validation that their products work correctly and that they fulfil their own marketing claims.
Does your vendor run security checks on their products?
2. How do you differentiate to your competitors?
SE Labs differentiates through innovation in testing, a focus on advanced attack testing and a mission to help improve products when they fail. The lab specialises in running advanced computer attacks (aka ‘hacking attacks’) against tested products to assess their abilities to detect and protect against them, as well as monitoring existing security breaches.
The lab has always innovated and now runs a wide range of tests that cover the full spectrum of product types, from endpoint protection through network security appliances up to cloud-based services. It tests using the full attack chain (from the beginning stages of an attack to its logical conclusion) and focuses on helping improve products, rather than just providing marketing material to successful clients.
3. What are the common challenges in the cyber security space?
Credibility is key because security products and services are expensive and in high demand. Businesses need assurance that they IT security spending will provide good value for money. Aggressive and misleading marketing from some security vendors has made it very difficult for procurement departments to make good buying decisions. “Smoke and mirrors” is a common term used by concerned customers considering where to spend their often very large budgets.
The security vendors themselves require a third-party opinion and data to help identify weaknesses in their products, which their own internal testing is unlikely to identify – they’ll only test what they know about, while an independent tester will introduce new ideas. They may see particular challenges with social engineering attacks, which are hard for automated computer-driven products to detect and prevent. Malware also remains a challenge, despite many bullish and misleading marketing claims from product vendors that ‘anti-virus’ is dead and the main threat is from nation state attackers who ‘hack’ rather than use malware.
Cyber security best practice: Definition, diversity, training, responsibility and technology
4. What are the biggest mistakes a company can make regarding security?
It is easy for companies to assume that no-one will be interested in compromising its security. Alternatively, given that they may have spent many millions on products that were sold as being bullet-proof, they may reasonably assume that their networks are un-hackable. Another dangerous assumption is that the network has not already been compromised! Finally, a common assumption is that the greatest threat is internal, whereas in fact many employees would bend over backwards to help. These assumptions are all big mistakes.
5. Provide your best practice advice/top tip for effective cyber security?
Business or home users can place themselves in the top one per cent of internet users, when it comes to security, by using two-factor authentication. Enabling this double-check on logging in for any compatible account, but most particularly your email accounts (the gateway to your online identity and many of your other accounts), makes a world of difference.
The best way to imagine it is, assume that a hacker has your username and password. They still can’t get into your account without also having access to your phone or some inexpensive physical key. It’s the best value way to secure yourself or your business in terms of cyber security.
6. What’s next?
SE Labs plans to push more testing towards cloud-based services, which haven’t been particularly well-served with security solutions over the years. Some will be good, but how can anyone tell? Where are the independent test results? We aim to address that, as well as collaborating more with companies that need advice on what to buy and where to install it.