STAR & CBEST Testing


Nettitude is proud to be an accredited CBEST and an approved STAR company for Threat Intelligence and Penetration Testing services.

Nettitude has been delivering security assurance services for more than a decade. As a CREST company, we have certified infrastructure, application and wireless testers as well as a team of consultants that have been active contributors to the STAR and the CBEST programme. Simulated Target Attack & Response (STAR) and CBEST testing have been developed so as an organisation you can understand who the potential real-world threats are. Nettitude can help you to identify the likely threat actors, and the tools and techniques they may use to gain access to your data and networks. Fill in a contact form to speak to a consultant today.

Request a free quote

STAR Programme – Overview

Nettitude is an approved provider of STAR threat intelligence and testing services. CREST has launched the STAR (Simulated Target Attack & Response) programme to cater for the growing requirement to combine threat intelligence with penetration testing services. CREST recognises that there are varying levels of sophistication in threat actors. As a consequence, for organisations that want to maximise the level of sophistication associated with their security tests, a STAR based security assessment is recommended.

CBEST Programme – Overview

Nettitude is an accredited supplier of the CBEST threat intelligence and testing services. CBEST is geared specifically towards the financial services and banking sector. CBEST penetration testing is used to utilise threat intelligence data to deliver more sophisticated and persistent attacks against critical systems and essential services. Through using specific threat intelligence data, CBEST penetration tests are able to ensure that they are delivering a true simulation of relevant threats that are always kept up to date.

CBEST & STAR Threat Intelligence

CBEST and STAR has been built around the starting point of understanding who the potential real threat actors are against your organisation. If you can identify the credible, likely threat actors and understand their typical approach, tools, tactics, techniques and procedures, this can then be used as a basis for building and simulating focused real world attacks. The threat data is used to build a number of scenarios that the penetration testing team will then build and simulate.

STAR/CBEST threat intelligence providers are required to go through additional levels of assurance to deliver intelligence led security assessments. As well as having a revised code-of-conduct and more rigorous company requirements, STAR threat intelligence companies demonstrate their capabilities and methodologies for data collection in line with strict ethical and legal obligations.

Data to build out threat intelligence is collected from a wide variety of sources including our in house developed global platforms and bespoke sensors, commercial feeds from our partners and through open source data. We deliver intelligence that is both technical, strategic and targeted in nature. This data can be used by an organisation to understand who their threat actors are and what attack vectors they are known to be operating within. Through understanding what threats an organisation may be facing, it is possible for an organisation to prepare a series of countermeasures to mitigate against these risks.

CBEST & STAR Penetration Testing

So as to deliver CBEST tests, there is a requirement for penetration testing organisations to work closely with threat intelligence providers.  The threat data is used by the penetration testing company to tailor the assessment in line with the threats that the financial services organisation faces. As a consequence, this provides the closest simulation of threat that a penetration testing organisation can deliver.

STAR/CBEST penetration testing providers are required to go through additional levels of assurance to deliver intelligence led security assessments. As well as having a revised code-of-conduct and more rigorous company requirements, STAR penetration testers are also required to undertake additional levels of technical and operational assessment. These assessments are designed to mirror real life scenarios, with attack scenarios being consistent with many modern day APT’s (Advanced Persistent Threat).

The ability to customise the testing approach and use bespoke malware implant and simulations that reflects the real threats faced by your organisation increases significantly the value of this type of testing.

A robust analysis of the monitoring and detection, after the scenarios have been played out, provide you with an assurance level and roadmap to address any concerns raised.

Partnering with Digital Shadows

Nettitude has formed a strategic relationship with Digital Shadows, a provider renowned for their high quality data analytics and tailored threat intelligence. Through this relationship, we are able to provide a seamless delivery of service for the banking and financial services sector.

Through a collaborative and hands on scoping service we are able to deliver pragmatic and responsive services for organisations pursuing STAR and CBEST focused tests.  The Nettitude and Digital Shadows teams work closely with one another to deliver a highly sophisticated approach to security assessment in a time efficient and cost effective manner.