Tried, Tested and Proven

Portcullis Computer Security hosted a special briefing at The House of Commons on Friday 20th March. Together with members of the banking, finance and corporate community, Portcullis held the briefing in The Members’ Dining Room to highlight the CBEST/CREST STAR (CSTAR) testing frameworks launched in 2014. Now well underway, these initiatives encourage organisations in the UK to reinforce their defences against cyber attack.

The CBEST and CSTAR systems work with banks and business respectively to improve and test their resilience to cyber attack. Using state of the art threat intelligence services from companies like Digital Shadows, who also presented at the briefing, companies are adopting a more informed approach to testing their strength against attempts to compromise their computer systems.

Portcullis was the first company to be selected as an approved provider of CBEST testing and one of the initial accredited suppliers of CSTAR services.

Intelligence led testing applies equally outside of the banking community. Across the private sector as a whole there has been a significant increase in the use of red teaming to test an organisations defences against a realistic scenario based attack using bespoke threat intelligence. The Council for Registered Ethical Security Testers or CREST established the new CSTAR service specifically designed to meet this need within the enterprise space.

What CBEST offers to banking, CSTAR offers to the entire private sector. As an early adopter of both schemes, Portcullis is perfectly placed to provide CBEST testing and CSTAR through their RedIntel service.

Understanding as much as possible about the nature of those who perpetrate attacks and their methods helps a target company to defend more effectively. Portcullis intelligence led testing, called RedIntel, recognises the constantly changing nature of the threat landscape, helping organisations to respond dynamically. Modifying and developing new tools and tactics to keep pace with the latest threats.

The financial sector has led the way in sharing information and consolidating their approach to cyber security. The concept of herd immunity, working together as an industry to strengthen the whole is something that RedIntel is designed to encourage. The argument for co-operation and information sharing to boost the level of protection across the industry is a compelling one.

The event attended by over a hundred guests from the financial services sector and related industries heard a keynote from the banking community as well as further presentations from Portcullis and Digital Shadows.

Paul Docherty Technical Director at Portcullis stated “The cyber threat is rising significantly and our response to it must be robust. Its time to raise our game and prove that the UK is a safer place to do business than other nations. RedIntel helps enterprise level organisations to do just that.”

Portcullis offers a range of intelligence led testing services called RedIntel providing cyber-attack scenarios using real-world tactics, techniques and procedures.