Our Philosophy

Secbüro’s research and development strategy in Europe follows two guiding principles: (1) develop novel cybersecurity concepts tailored to the needs of the European market, and (2) deeply collaborate with research and development organizations, higher education and European industry partners.

Over the years we've partnered with other like-minded organizations to form special interest groups which have enabled us to incubate and mature new ideas into applicable solutions.


  • 2007


    Secbüro Labs had its beginnings in early 2007, when it was tasked to research and apply advanced cyber-attack countermeasures for a consortium of prominent telecommunications companies.

  • 2016

    Global Reach

    From humble beginnings to a global reach. Secbüro brings on board Government, Telecommunication, Military and Financial Institution clients in Africa, Middle East and North America.

  • 2022

    Present Day

    Since those early days, the group has deepened its cybersecurity R&D activities and actively works to develop emerging security technologies for some of the world’s largest government, military, telecommunication and financial organizations.

Current Research Projects


A novel minimalistic NFV firewall & middlebox solution which incorporates adaptive cyber attack countermeasures, is dynamically controlled, has a tiny memory footprint and is able to boot within a matter of milliseconds.

Welcome to the next generation of on-demand firewalls.


Software-defined security (SDSec) delivers network security enforcement by separating the security control plane from the security processing and forwarding planes.

SDSec provides an easy way to provision virtaul HSMs, IDS/IPS, Firewalls etc., using a RESTful API.


Cloud-SOC is a hyper-scale cloud-based security operations center designed to mitigate against the OWASP Top 10 vulnerabilities such as XSS, SQLi, Command Injection, undisclosed zero-day & distributed denial of service (DDoS) attacks while utilizing real-time analytics and geolocation correlation data.


An improved and hardened stealth port-knocking methodology which enables a firewall to remain in stealth mode until, based on some predetermined criteria, it is dynamically reconfigured and de-cloaked to allow two way communication with the requesting client.


Vulnerabilities are typically found by security researchers, which is a posh name for smart people who like to find flaws in systems and break them.

Pentest-K builds on the Metasploit framework to deliver a penetration testing environment designed specifically for government and military applications.


CERT’s open source SiLK tool suite allows retrospective analysis of a network's traffic to help with forensic analysis, passive network profiling, and threat discovery.

iHog is an improved normalization algorithm for SiLK which significantly increases the overall throughput of log processing.


Protecting cryptographic keys in cloud environments can be a complex undertaking, especially when dealing with heterogeneous virtualization fabrics.

vHSM-T is a FIPS 140-2 L3 compliant virtual hardware security module (HMS) with the ability to transparently abstract multiple physical HSMs.


IBM’s X-Force® Exchange provides a great cloud-based threat intelligence platform, but is relatively difficult to automate and integrate with existing systems.

X-Target is a library designed to automate countermeasure deployment based on real-time X-Force data feeds.


IPv6 introduces some unique security challenges that were not present in IPv4. While more organizations move towards deploying IPv6, these additional vulnerabilities may go unnoticed without a method for effective testing.

IPv6-T is a network testing tool with integrated pentest functionality which can help discover these IPv6-specific vulnerabilities.


Real-time behaviour analysis can dramatically improve the security posture of any organization when coupled with an advanced monitoring and alerting engine.

bProfile-RT protects against insider threats by using deep machine learning and anomaly detection to identify and profile high-risk behaviour.

Average Number of Days before Attackers are Discovered (Akamai)
Average attack duration (hours) - vs. 23 hours in previous year
Highest recorded DDoS attack in Gbps (Akamai)
DDoS attacks in 2020 generated 386,500 TB of traffic in total. (NSFocus)
On average, a DDoS attack costs a company $20,000-$40,000 hourly.
The biggest DDoS attack to date took place in September of 2017. The attack targeted Google services and reached a size of 2.54 Tbps.
The majority of DDoS attacks in Q3 2021 (90%) lasted under 240 minutes, which is 4 hours. (Kaspersky Lab)
July 2020 alone saw a 653% increase in malicious activity compared to the same month in 2019 (Deep Instinct)
Cisco estimates that distributed denial-of-service (DDoS) attacks will grow to 15.4 million by 2023

DDoS Statistics

Distributed Network Attacks can affect companies of any size, but they can target and debilitate internet shopping sites, hosting platforms, online casinos, and businesses that provide online services. Distributed Network Attacks are also referred to as Distributed Denial of Service (DDoS) attacks and they can be extremely damaging to an organization’s reputation and profit.

YoY increase in total DDoS attacks recorded.

YoY increase in application layer (Layer 7) DDoS attacks

YoY increase in reflection DDoS attacks

YoY increase in infrastructure layer (Layer 3 & 4) DDoS attacks

Hack attacks and data breaches on cloud services are DDoS attacks.

DDoS attacks on businesses last longer than a week.(Source: Kaspersky Lab)

The majority of DDoS attacks (50%) lead to a significant service disruption.

Percentage of publicly reported breaches decreased by 51% compared to the same time last year.