Portcullis Red Teaming – RedIntel Services
Portcullis worked with CREST, Bank of England, Her Majesty’s Treasury and the Financial Conduct Authority to develop the CBEST and CREST STAR penetration testing standards. The aim of these partnerships was to create a solid framework to deliver bespoke tests that replicate the behaviour of real-life threats.
Aiming to provide a holistic framework to identify vulnerabilities found in the integration between people, processes and technology, CBEST currently sits at the top tier of testing assurances provided within the industry, representing a level of security assurance that exceeds even CHECK or CREST IT health check services.
Portcullis is proud to have been one of the first companies accredited to deliver Simulated Target Attack & Response (STAR) penetration testing service by CREST. The CBEST and CREST STAR services are provided by Portcullis within the RedIntel service stream.
RedIntel delivers STAR services at the CBEST standard, augmenting the abilities of our most skilled penetration testers with robust evidenced threat intelligence. Our testers understand how to conduct technically challenging testing activities that accurately reflect the types of attacks being used against organisations, often very successfully every day, whilst ensuring that risks to systems are kept to an absolute minimum.
Intelligence Led Testing
The world of threats to computer systems is constantly changing and evolving, leading to an increasing need for our clients to evaluate their security so that they are protected from these threats. By incorporating the latest threat intelligence into our engagements, Portcullis is able to ensure that our testing remains cutting-edge and reflects the dangers posed by the latest real-life threats.
CBEST is the first initiative of its kind that demands accreditation of intelligence providers. This ensures that any cyber threat intelligence will meet the high level of demands required for RedIntel engagements.
RedIntel provides a series of cyber-attack scenarios using the real-world tactics, techniques and procedures identified by the data gathered from an intelligence exercise. RedIntel’s extensive arsenal of attack tools are designed for use in Red Team engagements and allow our team to extensively test the client organisation’s response capabilities and preparedness.
By incorporating real-life attack vectors, Portcullis’ RedIntel team are able to provide a clear understanding of our client’s security posture. These real-life attack vectors include using the increasing realisation that users are becoming the weakest link in an organisation’s security to gain a foothold within an organisation’s system.