CREST Star Scheme

Cyber Red-Teaming and Simulated Targeted Attack and Response (STAR) Testing

Overview

Cyber Red-Teaming provides penetration testing and attack simulation using the Techniques, Tactics and Procedures (TTPs) of advanced and sophisticated attackers. The objectives of Red-Team engagements are focussed primarily on identifying threats to wider business critical data rather than being confined to a specific subset of systems. Engagements are tailored uniquely to each client and the specific threats faced within their sector and also as an organisation. Unlike standard penetration testing, Cyber Red-Teaming also allows internal incident response teams to assess their capabilities and processes in a controlled and managed way.

Dependent on the scenarios and threat actors being simulated, Cyber Red-Teaming can include a variety of attack methods such as spear phishing, watering hole, media dead drops, physical and telephone social engineering.

Cyber Red-Teaming is also known as Simulated Targeted Attacks or Advanced Threat Simulation

Methodology

BSI Info-Assure utilises a tried and tested methodology specifically developed for Cyber Red-Teaming and STAR assessments which draws on common industry cyber kill chains.
The attack steps opposite are intended to effectively mimic those of an advanced threat actor, from performing initial reconnaissance against an organisation, profiling and exploiting victims, gaining a foothold on systems before moving laterally throughout the network. Long term persistence on targets systems is also simulated and where appropriate, egress of sensitive data in a controlled manner.
Risk management is a key focus throughout the engagement and enables the simulation to be realistic, whilst minimising risks to system availability and performance.

Standards

STAR is a framework that delivers controlled, bespoke, intelligence-led targeted cyber attack assessments which replicate the behaviours of identified threat actors. A STAR engagement ensures that attack groups which pose a genuine threat to an organisation’s business critical assets are identified and realistically simulated. Threat intelligence ensures that credible threats to an organisation are not only identified, but that their modus operandi are effectively simulated during the engagement.

BSI Info-Assure is a certified member of CREST STAR.

Bespoke Cyber Red-Teaming Assessments

BSI Info-Assure are able to tailor Cyber Red-Teaming engagements to meet the unique requirements and budgets of organisations by focussing on key areas of the methodology. This allows organisations to focus on keys areas and obtain assurance of their organisation’s resilience to attack.
Examples of bespoke Red-Teaming may include one or more of the following:

• Open source intelligence gathering

• Spear phishing simulation

• Malware delivery / foothold establishment

• Endpoint and server persistence

• Data exfiltration simulation

In each of the above cases, the testing can be performed on a zero or partial knowledge basis.

 

Business Benefits

1. Identify the risk and susceptibility of attack against key business information assets using realistic testing methods that replicate highly advanced threat groups.

2. Assess an organisation’s ability to detect, respond and prevent sophisticated and targeted threats. BSI Info-Assure CSIR works closely with internal incident response and blue teams to provide meaningful mitigation provides comprehensive post-assessment debrief workshops and

3. STAR engagements are intelligence-based and utilise cyber threat intelligence allowing the Techniques, Tactics and Procedures (TTPs) of genuine threat actors to be effectively simulated in a risk managed and controlled manner.

Why BSI Info-Assure?

1. BSI Info-Assure is certified to perform Cyber  Red-Teaming engagements using the CREST  STAR framework.

2. BSI Info-Assure have considerable experience  providing bespoke Cyber Red-Teaming engagements to organisations in a range of sectors.

3. Trained and qualified staff accredited to the following standards:

a. CREST Certified Attack Specialist (CCSAS)

b. CREST Certified Attack Manager (CCSAM)