BAE Systems Applied Intelligence is first company in the world to gain CBEST approval for delivery of both Threat Intelligence and Penetration Testing services
BAE Systems Applied Intelligence today announces that it has become the first company in the world to secure approval to deliver both Threat Intelligence and Penetration Testing services under the CBEST scheme.
The CBEST scheme has been created by the Bank of England, HM Treasury and the Financial Conduct Authority (FCA). The framework delivers penetration tests that replicate the field craft of the sophisticated cyber criminals that the threat intelligence has identified as presenting the greatest risk. The benefit to organisations is that the results will be directly linked to the business impacts of a likely attack from a real threat and therefore enable meaningful board action to create a proactive defence.
This intelligence-led penetration test framework is vital as such criminals are assessed by Government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions (SIFIs). This is the next step in operational cyber defence and is the first such framework developed by industry body CREST to be led by a central bank.
The concept of an intelligence-led penetration test is one of the cornerstones of the CBEST scheme and the BAE Systems Applied Intelligence service will draw on the library of information it has gathered on the specific tools and techniques known to be employed by attackers with the means, motive and opportunity to target financial services.
This intelligence can then be used to specify realistic attack scenarios, simulated by penetration testing, to provide a meaningful insight to the vulnerability of an organisation’s network to cyber attack. Furthermore, these scenarios provide a useful operational context which can be used to determine the consequences to the business should such an attack succeed.
Scott McVicar, Managing Director, EMEA Commercial Solutions for BAE Systems Applied Intelligence, said:
“BAE Systems Applied intelligence is proud to be the first company to receive accreditation for both penetration testing and threat intelligence under the CBEST scheme.
“Intelligence-led penetration testing has to be based upon rich contextualized intelligence which informs and guides how the test should be conducted, what attack methods should be simulated and where testers should focus their resources. This method of testing provides a more structured and effective approach for companies to mitigate their cyber risk and understand the real effectiveness of the key technical security controls they have in place.”
The CBEST framework works alongside the STAR (Simulated Targeted Attack and Response) scheme developed by CREST and for which BAE Systems is also an approved supplier. While CBEST is available to nominated financial organisations, and will be performed with Bank of England and Government involvement, the CREST STAR scheme is available to all organisations who want to benefit from intelligence-led penetration testing.
Source: By BAE Systems / April 30, 2015