Targeted Attack Simulation ■
A Targeted Attack Simulation is a full-scope exercise which recreates a real-world targeted attack against an organisation in a risk-controlled environment
It differs from traditional Penetration Testing with a much wider scope, where not only the organisation’s systems are tested, but also its people, processes and procedures. Penetration Testing focuses on an individual application or system, whereas in this exercise a holistic approach is taken, where any identified weaknesses or combination thereof can be exploited to breach the organisation.
The real value of this exercise stems from its adoption of the assume breach mindset. This makes it possible to assess the effectiveness of an organisation’s security controls as well as its detection and response capabilities at the perimeter, but also once an attacker has a presence in the corporate network.
Targeted Attack Simulations are a way to assess the risk and likelihood of a sophisticated attacker gaining persistent access to the network, being able to target business critical systems and extract sensitive data from the corporate network.
Assess the effectiveness of your monitoring and incident response processes when facing a real-world, persistent, sophisticated attack
Understand your organisation’s Internet footprint and how publicly available information and systems can be used by attackers to target your organisation
Assess the effectiveness of security controls at the perimeter and in the internal corporate network
Test the level of employee security awareness
Assess the maturity of the organisation’s ability to detect and respond to real-world cyber attacks
Find out if your most critical business assets are at risk
A Red Team Exercise is a targeted attack where SECFORCE attempts to gain persistent access to an organisation by any means necessary. This may include the use of social engineering, physical attacks, exploitation of vulnerabilities affecting any system and the use of other modern tactics used by real threat actors.
The exercise is goal-oriented, rather than scope-oriented, therefore prior to the assessment these goals are mapped and usually consist of targeting the business critical systems or data, that if compromised, could cause the greatest impact to the organisation.
Every organisation would benefit from a Red Team Exercise but the benefits are heightened when a company has reached a high degree of security maturity and has robust defensive capabilities in place. The results of the exercise are invaluable to defenders as they are given a chance to assess the effectiveness of their detection and response countermeasures in a simulated and risk-controlled environment.
CBEST & CREST STAR
CBEST is a regulatory driven security exercise enforced by the Bank of England on financial institutions operating at the core of the UK financial system and its infrastructure. The CBEST scheme aims to improve the resilience of UK financial critical operations (confidentiality, integrity and availability of applications and infrastructure) to Internet-borne attacks originated from realistic threat actors such as organised crime and hacking groups.
The CBEST scheme was built on the CREST STAR (Simulated Target Attack & Response) initiative. Like CREST STAR, CBEST differs from other security testing currently undertaken by the financial services sector because it is threat intelligence based, is less constrained and focuses on the more sophisticated and persistent attacks on critical systems and essential services. The inclusion of specific cyber threat intelligence will ensure that the tests replicate, as closely as possible, the evolving threat landscape and therefore will remain relevant.
The main difference between CREST STAR and the CBEST scheme is that the former does not involve a regulator. Consequently, results from a CREST STAR exercise do not need to be shared with a regulator.