Our Philosophy

Secbüro’s research and development strategy in Europe follows two guiding principles: (1) develop novel cybersecurity concepts tailored to the needs of the European market, and (2) deeply collaborate with research and development organizations, higher education and European industry partners.

Over the years we've partnered with other like-minded organizations to form special interest groups which have enabled us to incubate and mature new ideas into applicable solutions.


  • 2007

    Secbüro Labs had its beginnings in early 2007, when it was tasked to research and apply advanced cyber-attack countermeasures for a consortium of prominent telecommunications companies.

  • 2019

    Since those early days, the group has deepened its cybersecurity R&D activities and actively works to develop emerging security technologies for some of the world’s largest government, military, telecommunication and financial organizations.

Current Research Projects


A novel minimalistic NFV firewall & middlebox solution which incorporates adaptive cyber attack countermeasures, is dynamically controlled, has a tiny memory footprint and is able to boot within a matter of milliseconds.

Welcome to the next generation of on-demand firewalls.


Software-defined security (SDSec) delivers network security enforcement by separating the security control plane from the security processing and forwarding planes.

SDSec provides an easy way to provision virtaul HSMs, IDS/IPS, Firewalls etc., using a RESTful API.


Cloud-SOC is a hyper-scale cloud-based security operations center designed to mitigate against the OWASP Top 10 vulnerabilities such as XSS, SQLi, Command Injection, undisclosed zero-day & distributed denial of service (DDoS) attacks while utilizing real-time analytics and geolocation correlation data.


An improved and hardened stealth port-knocking methodology which enables a firewall to remain in stealth mode until, based on some predetermined criteria, it is dynamically reconfigured and de-cloaked to allow two way communication with the requesting client.


Vulnerabilities are typically found by security researchers, which is a posh name for smart people who like to find flaws in systems and break them.

Pentest-K builds on the Metasploit framework to deliver a penetration testing environment designed specifically for government and military applications.


CERT’s open source SiLK tool suite allows retrospective analysis of a network's traffic to help with forensic analysis, passive network profiling, and threat discovery.

iHog is an improved normalization algorithm for SiLK which significantly increases the overall throughput of log processing.


Protecting cryptographic keys in cloud environments can be a complex undertaking, especially when dealing with heterogeneous virtualization fabrics.

vHSM-T is a FIPS 140-2 L3 compliant virtual hardware security module (HMS) with the ability to transparently abstract multiple physical HSMs.


IBM’s X-Force® Exchange provides a great cloud-based threat intelligence platform, but is relatively difficult to automate and integrate with existing systems.

X-Target is a library designed to automate countermeasure deployment based on real-time X-Force data feeds.


IPv6 introduces some unique security challenges that were not present in IPv4. While more organizations move towards deploying IPv6, these additional vulnerabilities may go unnoticed without a method for effective testing.

IPv6-T is a network testing tool with integrated pentest functionality which can help discover these IPv6-specific vulnerabilities.


Real-time behaviour analysis can dramatically improve the security posture of any organization when coupled with an advanced monitoring and alerting engine.

bProfile-RT protects against insider threats by using deep machine learning and anomaly detection to identify and profile high-risk behaviour.

Average Number of Days before Attackers are Discovered
Average attack duration (hours) - vs. 23 hours in previous year
Highest recorded DDoS attack in Gbps (Akamai)

DDoS Statistics

Increase in total DDoS attacks

Increase in application layer (Layer 7) DDoS attacks

Increase in reflection DDoS attacks

Increase in infrastructure layer (Layer 3 & 4) DDoS attacks