CBEST/STAR Threat Intelligence

Transcription

1 CBEST/STAR Threat Intelligence

2 Systemically-important financial institutions that form part of the UK s Critical National Infrastructure need to remain resilient to cyber attack. To help them achieve this, the Bank of England has launched CBEST. This intelligence-led test mimics the actions of cyber attackers intent on stealing, compromising or destroying organizational assets that have financial, operational, intellectual, confidential or reputational value. In parallel with CBEST, the Certified Register of Ethical Security Testers (CREST) has created a security-testing framework called STAR. This delivers the same rigorous approach to testing as CBEST but is conducted internally, without formal input from the Bank of England or the UK Government Security Services. STAR has been created to provide non-financial markets with an approach to threat-led security testing as an optional pre-cursor to a formal CBEST test. 78% of large organizations were attacked by an unauthorized outsider in 2013 *Source: PwC, % increase in targeted attack campaigns in 2013 *Source: Symantec, 2014 Organizations undertaking a CBEST or STAR test must work with a threat intelligence provider who can provide realistic, threat-informed attack scenarios that underpin simulated cyber attacks. However, many threat intelligence providers deliver little more than elementary facts about commodity threats, with an emphasis on lower-level technical forensics rather than higher-level insights into the attacker, their motivation and their modus operandi. Marketing hype and jargon only serve to complicate matters. As the UK s leading specialist provider of cyber intelligence services, Digital Shadows has been working with the Bank of England, CREST and a community of security vendors to define a framework for developing the CBEST tests. We therefore have the capability and experience to provide clients with intelligence of the standard required for CBEST or STAR test purposes.

3 IN PRACTICE - A THREE-PHASED APPROACH Should you wish to engage with us, the work will typically consist of three phases: Having understood your critical information assets, risks and social media policy, we will configure Digital Shadows SearchLight to meet your requirements. As part of this process we will issue a Baseline Report covering historical incidents. Working in tandem with Digital Shadows SearchLight, and other intelligence gathering and analysis facilities at our disposal, we will generate a credible picture of the current threat situation and issue a Threat Intelligence Report containing the results of our research. On the basis of the Threat Intelligence Report we will emulate a threat actor s approach to researching a target s digital footprint. A Targeting Report containing the results of our reconnaissance will then form the basis of our handover discussions with your CBEST/STAR security test provider. ASSESSMENT THREAT INTELLIGENCE FOOTPRINTING (optional) 3 weeks 1 week Deliver baseline report Threat intelligence Report: Scope Threat profiles Threat scenarios Targeting report: Human targets Process targets System targets. As part of our CBEST/STAR test service we will provide you with a complimentary one-month subscription to the Digital Shadows SearchLight Portal from where you can access our entire intelligence base.

4 Why Digital Shadows? Real insight: Employing advanced natural language processing, our Digital Shadows SearchLight facility scans over 80 million open and closed information sources across the visible and dark web in 27 languages in nearreal-time. Working in tandem with the technology, our intelligence analysts develop curated profiles of attackers, their capabilities, motivation, techniques and attack characteristics and apply a critical level of judgment to minimise false alarms. Follow-through: As well as developing detailed intelligence profiles, our analysts have the skills to take these forward into threat scenarios that narrate how the attacker compromises the target. They will also undertake reconnaissance exercises during which they emulate the attacker and identify the attack surface of people, processes and systems within the target. Flexibility: If you have already selected your security test partner then we will work flexibly with them. As an alternative, we have developed close and efficient working relationships with a number of trusted security test providers who have the capability and maturity to undertake CBEST/STAR vulnerability tests. About Digital Shadows Digital Shadows is the cyber threat intelligence company that delivers beyond the boundary security for safer digital business. By applying our award-winning blend of expertise and technology we enable organizations to embrace digital business while protecting themselves from data loss and targeted cyber attack.

5 San Francisco: 535 Mission St, Flr. 14, San Francisco, CA London: Level 39, One Canada Square, London, E14 5AB. +44 (0) Digital Shadows, Inc. ALL RIGHTS RESERVED. This document is copyright of Digital Shadows Inc. Digital Shadows, the Digital Shadows logo and/or names of Digital Shadows products or services referenced herein are trademarks of Digital Shadows, Inc. and are registered in certain jurisdictions. Other company names, marks, products, logos and symbols referenced herein may be the trademarks or registered trademarks of their owners. Digital Shadows Inc has its registered office in the State of Delaware is National Registered Agents, Inc., 160 Greentree Drive, Suite 101, Dover, Delaware,