Research

Microsoft Defender Extended Detection & Response (XDR) CyberRisk Validation Report

SecureIQLab tested the ability of Microsoft’s Extended Detection and Response (XDR) solution to manage the Threat Detection and Incident Response (TDIR) lifecycle comprehensively. Validation was completed to ensure the unification of threat data across endpoints, networks, and cloud environments while highlighting AI/ML contributions to the detection model. The evaluation, based on SecureIQLab’s XDR v1.0 Validation Framework, focused on the solution’s efficiency in detecting and responding to threats, reducing alert overload, and enhancing incident prioritization using analytics, machine learning, and integrated threat intelligence. The real-world performance of the XDR solution was demonstrated through deployment in a controlled, segmented environment that contained varied user permissions, aiding in the assessment of the solution’s effectiveness and its ability to minimize false positives.

CLICK HERE FOR DOWNLOAD

2024 Content Disarm and Reconstruction (CDR) Validation Report – OPSWAT Deep CDR

SecureIQLab has successfully conducted the testing for CDR solutions, evaluating the OPSWAT Deep CDR technology, which is a core module of the OPSWAT MetaDefender Core product. The SecureIQLab CDR validation test showcases the file sanitization efficacy of OPSWAT’s leading CDR solution. Sanitization efficacy is validated by file type and against different attack vectors

CLICK HERE FOR DOWNLOAD

AT&T Dynamic Defense Mini Report

AT&T Dynamic Defense Firewall Validation Report

AT&T Dynamic Defense is a network security solution offering features like dynamic IP blocking, stateful firewall monitoring, Geo IP filtering, and simple onboarding through AI-suggested configurations. It includes web filtering, basic threat detection, and detailed reporting on network health. SecureIQLab conducted a validation of AT&T Dynamic Defense as a software service, with results indicating that AT&T has significantly enhanced its firewall offering. The AI-based configuration assistance notably improves ease of use, helping users quickly deploy appropriate firewall rules.

SecureIQLab’s testing evaluated the onboarding and offboarding process, firewall policy configuration, and the solution’s operational efficiency, scalability, and performance in protecting small and medium-sized business networks against threats like spyware, data exfiltration, and command-and-control attacks. The results from SecureIQLab’s 2024 Public Advanced Cloud Firewall Testing showed that AT&T’s Dynamic Defense outperforms the group averages in both security efficacy and operational efficiency.

CLICK HERE FOR DOWNLOAD

Google Cloud Next Generation Firewall Enterprise Validation Report

This validation report evaluates Google Cloud Next Generation Firewall Enterprise, the advanced tier of Google Cloud Firewall Service. The Google Cloud Firewall leverages the Next-Generation Firewall (NGFW) capabilities, including intrusion prevention service (IPS) and transport layer security (TLS) inspection. Figure 1 highlights SecureIQLab’s overall findings.

Testing covered the deployment and configuration of Google Cloud Next Generation Firewall Enterprise, including the evaluation of features like hierarchical firewall policies and workload security efficacy. The test scenarios used to validate Google’s firewall examined cloud traffic flows between the enterprise workloads and from the internet.

Additionally, SecureIQLab evaluated the firewall’s operational efficiency, scalability, and performance while verifying that it secured Google Cloud workloads against various cyber threats, such as spyware, protocol misuse, data exfiltration, and command-and-control attacks.

CLICK HERE FOR DOWNLOAD

Hacking Firm I-Soon Data Leak Reveals Chinese Government Hacking Capabilities

On February 16, 2024, an unidentified person/group published a significant amount of data on GitHub. The treasure trove of confidential information resulted from a breach of the China-based company iSoon, also known as Anxun, a contracted entity associated with the Chinese Ministry of Public Security (MPS). The incident is reportedly linked to Chengdu 404, a structure under the control of Chinese cyber intelligence, famously recognized as APT41.

CLICK HERE FOR DOWNLOAD

LevelBlue XDR CyberRisk Report

LevelBlue Extended Detection & Response (XDR) Validation Report

SecureIQLab tested the ability of LevelBlue’s Extended Detection and Response (XDR) solution to manage the Threat Detection and Incident Response (TDIR) lifecycle comprehensively. Validation was completed to ensure the unification of threat data across endpoints, networks, and cloud environments. The evaluation, based on SecureIQLab’s XDR v1.0 Validation Framework, focused on the solution’s efficiency in detecting and responding to threats, reducing alert overload, and enhancing incident prioritization using analytics, machine learning, and integrated threat intelligence. The real-world performance of the XDR solution was demonstrated through deployment in a controlled, segmented environment that contained varied user permissions, aiding in the assessment of the solution’s effectiveness and its ability to minimize false positives.

CLICK HERE FOR DOWNLOAD

Command & Control Prevention: SecureIQLab CyberRisk Comparative Security Vendor Report

SecureIQLab tested the ability of nine popular cybersecurity solutions to protect against command-and-control attacks. Testing was executed from Q3 through Q4 of 2022. Six of these solutions were Next-Generation Firewall (NGFW), on-prem & virtual appliance. These include solutions from Checkpoint, Cisco, Fortinet, and Palo Alto Networks. The remaining three solutions tested were Security Service Edge (SSE) based cloud solutions from Cisco, Palo Alto Networks, and Zscaler. All products were tested to block the command-and-control capabilities of the Cobalt Strike attack suite. The test methodology measured the block rate of the tested NGFW & SSE solutions against Cobalt Strike in multiple attack scenarios.

CLICK HERE FOR DOWNLOAD

Understanding Prime Numbers in the Context of PKI

Secure communication and the exchange of sensitive information are essential in the current digital era. The basis for securing privacy and authenticity in online transactions, data exchange, and communication for the most part relies upon public key infrastructure (PKI).

CLICK HERE FOR DOWNLOAD

Security Service Edge Command & Control Prevention Comparative Report

TEST PERIOD: DECEMBER 2022—DECEMBER 2022
LAST REVISION: 9 March 2023
COMMISSIONED BY: PALO ALTO NETWORKS

SecureIQLab tested the ability of Security Service Edge (SSE) products to block the command-and-control capabilities of the Cobalt Strike attack suite. Three products were tested: Palo Alto Networks Prisma Access, Cisco Umbrella, and Zscaler ZIA.

The test measured the block rate of the tested SSE solutions against Cobalt Strike in 5 attack scenarios.

CLICK HERE FOR DOWNLOAD

Next-Generation Firewall Command & Control Prevention Comparative Report

TEST PERIOD: JULY 2022—SEPTEMBER 2022
LAST REVISION: 11/30/2022
COMMISSIONED BY: PALO ALTO NETWORKS

SecureIQLab tested the ability of next-generation firewalls to block the command-and-control capabilities of the
Cobalt Strike attack suite. Six firewalls were tested: The Checkpoint SG5100, Cisco Firepower 4110, Fortinet FG301E, Fortinet FG-VM04V, Palo Alto Networks PA-460, and Palo Alto Networks PA-VM-Flex.
The test measured the block rate of the tested firewalls against Cobalt Strike in six attack scenarios.

CLICK HERE FOR DOWNLOAD


Reversing Sunburst’s C&C Server Implementation

The world learned about Sunburst, the backdoor implanted into SolarWinds’ Orion product via a supply chain compromise. Both high-level and low-level details on Sunburst can be found all over the internet, including in a previous post. In this paper, SecureIQLab will reverse enough details of Sunburst’s Command & Control (C&C) to construct a rough C&C server implementation. The technical reader will be able to use this information to supplement their own threat research and improve their organization’s security posture.

CLICK HERE FOR DOWNLOAD

EnterpriseRequirementsEnterpriseRequirementsSecureIQLabAnalysisSecureIQLabAnalysisEnterprise FeedbackEnterprise FeedbackIterateMethodologyIterateMethodologyValidationValidationVendorFeedbackVendorFeedbackPublicationWorkflow PublicationWorkflowReportsPublishedReportsPublished1000110101DifferentiatorsDifferentiators

Publications

EnterpriseRequirementsEnterpriseRequirementsSecureIQLabAnalysisSecureIQLabAnalysisEnterprise FeedbackEnterprise FeedbackIterateMethodologyIterateMethodologyValidationValidationVendorFeedbackVendorFeedbackPublicationWorkflow PublicationWorkflowDifferentiatorsDifferentiatorsReportsPublishedReportsPublished1000110101

SecureIQLab works with enterprises, experts, and security vendors to create relevant security validation methodologies. Results from public testing are available as a complimentary service to the public. 

 

Read SecureIQLab Publications >>


Blog

Introduction to SecureIQLab and thoughts on the cloud security industry.

Podcast

Reining in the Cloud, is hosted by SecureIQLab and focuses on cloud security. We discuss all things cybersecurity related, with a spin in the cloud. Each month, we invite cyber security experts to engage in a wide range of cloud security topics that will leave listeners with a bit more know-how about their own cloud security knowledge. Bridging the cloud security gap one listener at a time. >>


Popular Topics

CI/CD PIPELINE SECURITY MODEL

Choosing the right shift-left or shift-right cloud security model is important

Learn More

CLOUD SECURITY AS A SERVICE

Cloud Security as a Service (SecaaS) providers offer security capabilities as a cloud service. This includes dedicated SecaaS providers, as well as packaged security features from general cloud-computing providers

Learn More

"LIFT-AND-SHIFT" CLOUD MIGRATION APPROACH

"Re-hosting" strategy of migrating an exact copy of an application or workload from one environment to another. This is usually from on-premises to public or private cloud

Learn More

CLOUD WORKLOAD PROTECTION (CWP)

Security is critical in public cloud based workloads while you try to balance scalability, performance, and access for a competitive edge

Learn More

CONTINUOUS SECURITY CLOUD FRAMEWORK

Continuous Security gives the DevOps and SecOps teams a precise location to inject themselves into the development and deployment process without involving the developers

Learn More

CONSIDERING VIRTUALIZATION?

The core technology for enabling cloud computing. It covers an extremely wide range of technologies; essentially any time we create an abstraction, we’re using virtualization

Learn More

DATA SECURITY & TARGETED ATTACKS

Control what data goes into the cloud(and where). There's no one size fits all when it comes to the best approach to stopping these threats

Learn More

CLOUD-CENTRIC INCIDENT RESPONSE

Incident Response (IR) is a critical facet with most organizations having some sort of IR plan to govern how they will investigate an attack

Learn More