- Surfshark was independently tested by using “real-world” attack scenarios
- SecuRing found no critical vulnerabilities or high-risk issues
- One minor SSL/TLS configuration issue was identified and promptly resolved
Independent auditors have confirmed that the technical infrastructure behind Surfshark, which consistently ranks as a top contender in our best VPN guide, aligns with the highest security standards.
Conducted by external cybersecurity firm SecuRing, the comprehensive security assessment was designed to verify the resilience of Surfshark’s network against sophisticated, real-world cyberattacks. The auditors were tasked with identifying potential weak points in the design, configuration, and maintenance of the servers that keep user data private.
The results appear to vindicate Surfshark‘s internal security protocols. SecuRing’s report confirmed that no critical vulnerabilities were found, nor were there any high-risk issues that could impact user security. The testing also verified that the infrastructure holds strong protection against the specific attack scenarios used during the assessment.
Real-world stress testing
For the average user, the “black box” nature of this audit is particularly reassuring. Rather than inspecting code with a guide to help them, the auditors attacked the system from the outside, just as a malicious hacker would.
Tomas Stamulis, Chief Security Officer at Surfshark, explained that the testing mirrored real-world attack scenarios to simulate external attackers compromising the network. “It was performed without any privileged credentials, inside information, or special access,” he added.
The goal was to ensure no stone was left unturned.
“With this, we wanted to ensure that unauthorized users cannot access our infrastructure, client data always remains protected, servers cannot be interrupted for our clients, security misconfigurations cannot occur, and potential weaknesses are noted immediately before they can be abused,” said Stamulis.
While no critical vulnerability or high-risk issues were found, the audit did uncover one area for improvement: a single, minor SSL/TLS configuration issue. However, Surfshark confirmed this was “promptly resolved.”
Transparency regarding minor fixes is often seen as a positive sign in the cybersecurity community, as no complex system is ever perfectly secure 100% of the time. The willingness to find, fix, and publish these minor faults is what separates premium vendors from budget options that hide behind marketing jargon.
“Digital security is constantly under the bad actors’ radar, and an independent audit examining our security systems is a crucial part of building trust and ensuring transparency, allowing us to identify and implement minor improvements,” said Stamulis.
Why it matters
This isn’t Surfshark’s first rodeo regarding transparency. We have previously covered how Surfshark confirmed its commitment to user privacy with a second no-log audit in June, proving that the provider doesn’t store user data.
However, an infrastructure audit is a different beast. While a no-logs audit verifies that the company won’t spy on you, an infrastructure audit verifies that a third party can’t break in to spy on you.
By inviting SecuRing to attack its systems without “special access,” Surfshark effectively put its defensive capabilities to a stress test.
This latest move aligns Surfshark with the broader industry trend toward “security by verification” rather than “security by trust.” Major competitors like NordVPN and ExpressVPN also engage in regular third-party testing to validate their claims.
For Surfshark, this specific infrastructure audit serves as tangible proof that their server network is not just fast, but hardened against intrusion.
“The successful completion of this infrastructure audit highlights, once again, that our systems align with the highest security standards, providing tangible proof to our users that the services they use are protected,” Stamulis concludes.
Users who wish to dive into the technical specifics can read the detailed version of the SecuRing audit report here.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
https://cdn.mos.cms.futurecdn.net/6VzZ7RU3eucApD2fbBP9sg-2000-80.jpg
Source link
