By Ben Turner | Managing Principal Security Consultant at Nettitude
We're pleased to announce that Nettitude have been listed as the first STAR-FS accredited company that are able to deliver both ‘Threat Intelligence’ and ‘Intelligence-Led Penetration Testing’ Services.
STAR-FS is a new regulatory tool used to assess the effectiveness of a firm’s cyber capability and risk profile. This assessment created by CREST is designed to be delivered by the Threat Intelligence (TI) and Penetration Testing (PT) providers. STAR-FS was designed to deliver similar outcomes to that of CBEST while being less onerous and resource intensive on the regulatory services that back it up.
So what does this mean for our customers within the financial services sector? In the following blog post, we'll discuss the details of the STAR-FS accreditation and how this will impact on our future business within the financial sector.
What is STAR-FS?
CREST define STAR-FS as “an intelligence-led penetration testing approach that mimics the actions of cyber threat actors’ intent on compromising an organisation’s important business services and the technology assets and people supporting those services. Collaboration, evidence and improvement lie at the heart of STAR-FS as well as a close liaison with key stake holders.”
Our Global Head of Red Teaming, Ben Turner, comments:
"Being one of the first companies accredited is a significant achievement and demonstrates our commitment to building out a professional and sophisticated service. It is testament to the strength of the team, as well as the incredible work we are doing, where we were so rapidly able to meet the stringent accreditation process. We are further delighted that we were able to enter the platform for both Threat Intelligence Services as well as Penetration Testing Services.
The accreditation further augments our existing services and sits nicely beside other intelligence-led services such as CBEST, GBEST and TBEST….."
Our approach to STAR-FS
Nettitude deliver most simulated attack services through the same robust and well tested approach. The basis of Nettitude’s approach is built on clear and detailed scoping that encompasses risk management strategies throughout. Nettitude’s team comprises many certified individuals that hold CREST CCSAS, CCSAM and CCTIM certifications and have a strong list of testimonials to support our capability to operate within this space.
An engagement will be delivered in the following five high level stages:
- STAGE 1 – Scoping / Planning and Risk Workshop
- STAGE 2 – Threat Intelligence & Penetration Testing
- STAGE 3 – Detection and Response Assessment (DRA) / Workshop
- STAGE 4 – Tactical, Strategic and Governance Reporting & Recommendations
- STAGE 5 – Executive and Technical Debriefs
Nettitude’s offering will help you to identify the likely threat actors and the tools and techniques they may use to gain access to your data and networks. Nettitude will also simulate the identified sophistication levels of those threat actors which will assess your organisation’s security posture, allowing you to verify how your people, process and technology are able to collectively defend your organisation and its data.
Nettitude have built a team from diverse backgrounds including military and civilian police intelligence, cyber technical experts and offensive security consultants. We operate a very strong open source intelligence finding capability that brings real life results into our reports. We focus on providing actionable intelligence that is specific to your organisation and sector.
Nettitude has comprehensive methodologies for Threat Intelligence, and is continually adapting its information sources and collection techniques, providing you with relevant and timely actionable intelligence and advice.
Nettitude’s red team is renowned for their experience and continually evolving capabilities. Using dedicated vulnerability researchers and highly skilled red team members with our own in house highly sophisticated tool-sets Nettitude is able to mimic and replicate a wide range of threat actor behaviours and techniques. A very clear risk-based approach to operational security and transparency at all levels of the engagement ensure successful outcomes where assurance levels can be determined with real value.
Unlike typical penetration testing, intelligence-led testing is a mature approach which focuses more on depth and looks to exploit both known and unknown vulnerabilities in an organisations attack surface. The testing does not follow automated patterns, and is not an emulation of a threat actors Tactics, Techniques and Procedures (TTPs). Instead it is a bespoke and tailored simulation of threat actors sophistication levels and capabilities, enabling the testing team to make decisions similar to the threat actor, based on new intelligence as the attack unfolds.
Detection and Response
Nettitude carry out a detection and response assessment post testing phase. This allows both the ‘red’ and ‘blue’ team to collaborate on key events through the cyber kill chain and identify gaps in the defensive security posture across people, process and technology. This phase is key to providing quality information to senior stakeholders and making appropriate remedial advice that helps an organisation assess actions from both a tactical and strategic viewpoint.
Reporting and Executive Debrief
Nettitude’s focus is on providing clear and concise information to help drive security strategy and improve the organisations ability to detect, respond and recover from a security incident.
The deliverables comprise multiple reports across each phase of the engagement and include both technical and executive debriefs. Nettitude’s debriefs are designed to be easily digestible by multiple stakeholders across different areas of the business to provide a holistic view of the organisation's security posture and enable informed decision making.
We hope this teaser has peaked your interest and we would love to talk to you about how we are shaping many of our offensive service offerings.
Want to speak to our team about our Attack Simulation?