Surfshark
We believe strong security isn’t a one-time claim — it’s a continuous commitment to improvement and accountability. That’s why we recently completed an independent infrastructure security audit carried out by SecuRing, an external cybersecurity firm. The goal was simple: verify that our network infrastructure is protected against unauthorized access and business disruption, resilient against real-world attacks, and aligned with the highest security standards. In this post, we’ll break down what the audit covered and what it means for you.
Audit goals
The audit examined our network infrastructure security, with a clear focus on identifying vulnerabilities that could put our systems — or our users — at risk. To do this, SecuRing performed penetration testing, simulating real-world attacks. In simple terms, they tried to break in the same way an attacker would, without special access, inside knowledge, or privileged credentials.
The goal was to confirm that:
- Unauthorized users cannot access our infrastructure;
- Client data remains protected;
- Services will not be interrupted for our clients;
- There are no security misconfigurations;
- Potential weaknesses are detected before they can be abused.
Surfshark’s audit results
The results are reassuring:
- No critical vulnerabilities were found;
- No high-risk issues impacting user security were identified;
- The tested vulnerabilities do not lead to serious security threats;
- Our infrastructure demonstrated strong protection against real-world attack scenarios.
During the assessment, one SSL/TLS-related configuration improvement area was identified and promptly resolved. We found that one server, on a specific occasion, was set up to allow both strong, modern security and some older security methods. While most connections already used the strong protection, the older option could have been misused in rare situations. Even though this would have been difficult to take advantage of, we resolved this minor finding to keep our security standards at the highest level.
SecuRing also provided an additional best-practice recommendation with no direct risk attached, which we addressed and saw as an opportunity to raise our standards even further — exactly the kind of insight we aim to gain from independent security audits.
What this means for you
This independent assessment confirms that our infrastructure is designed, configured, and maintained with security as a top priority. You can trust that our systems are protected against unauthorized access, and potential risks are proactively identified and addressed. Independent verification provides proof, not promises, that we’re doing the work behind the scenes to keep your data and connections secure.
Security and transparency come first
Security is not a destination — it’s an ongoing process. Independent audits like this one help ensure we stay ahead of threats, raise our standards, and keep earning your trust every day.
A detailed version of Surfshark’s SecuRing audit report can be found here.
