Portcullis is very pleased to be one of the first organisations to have achieved CREST STAR accreditation. STAR heralds not only a new era of security assessments by combining Threat Intelligence with focused attack scenarios, it also raises the bar for companies providing Penetration Testing services.
STAR will demystify the differences between actual penetration testing and vulnerability analysis (VA). Whilst both have a place, a robust penetration test will include exploitation of vulnerabilities to ascertain actual risk and exposure rather than the VA model which is based on automated tools identifying potential vulnerabilities.
In other words STAR is not only Intelligence lead testing, it’s intelligence driven, using people not products….
Portcullis have provided Red Team testing for a number of years, however, to coincide with CREST’s launch of CBEST/STAR will be launching our threat intelligence led penetration testing service – RedIntel. https://www.portcullis.co.uk/test-your-security/redintel/
RedIntel – Red Team Testing service provides cyber-attack scenarios using real-world tactics, techniques and procedures. RedIntel utilizes threat intelligence to gain an understanding of the actual threats, techniques and campaigns used against specific organizations or business sectors to create a bespoke, targeted attack scenario. This scenario is then executed in order to test the effectiveness of technical defences, response procedures and staff awareness.
The STAR scheme is a prerequisite for membership of the BoE CBEST scheme, used to provide assurance to the most critical parts of the UKs financial services.