Introducing STAR FS – Enabling enhanced collaboration, evidence and movement within the Financial Industry.
LRQA Nettitude have been listed as the first STAR-FS accredited company that are able to deliver both ‘Threat Intelligence’ and ‘Intelligence-Led Penetration Testing’ Services.
Leamington Spa, Warwickshire: We’re pleased to announce that LRQA Nettitude have been listed as the first STAR-FS accredited company that are able to deliver both ‘Threat Intelligence’ and ‘Intelligence-Led Penetration Testing’ Services
STAR-FS has been created by a number of UK regulatory bodies and CREST, as another tool to assess the effectiveness of a firm’s cyber capability and risk profile. This assessment is designed to be hands-off and delivered by the Threat Intelligence (TI) and Penetration Testing (PT) provider only. STAR-FS was designed to deliver similar outcomes to that of CBEST while being less onerous and resource-intensive on the regulatory services that back it up.
CREST define STAR-FS as “An intelligence-led Penetration Testing approach that mimics the actions of cyber threat actors’ intent on compromising an organisation’s important business services and the technology assets and people supporting those services. Collaboration, evidence and improvement lie at the heart of STAR-FS as well as a close liaison with key stakeholders.”
Our Global Head of Red Teaming, Ben Turner, comments:
“Being one of the first companies accredited is a significant achievement and demonstrates our commitment to building out a professional and sophisticated service. It is a testament to the strength of the team, as well as the incredible work we are doing, where we were so rapidly able to meet the stringent accreditation process. We are further delighted that we were able to enter the platform for both Threat Intelligence Services as well as Penetration Testing Services.
The accreditation further augments our existing services and sits nicely beside other intelligence-led services such as CBEST, GBEST and TBEST.”
The benefits of this scheme include:
The scheme; created by a governing UK financial body, will help the UK Financial organisations understand the Cybersecurity Posture of selected regulated entities. It has proved to be an effective way to deliver tailored intelligence-led Cybersecurity Tests. To allow other organisations in the UK Financial Services Sector to have access to a similar type of assurance service, the STAR-FS scheme has been developed by a UK financial authority and CREST.
STAR-FS assessments are similar to CBEST engagements as they both leverage the concepts of red teaming and utilise Threat Intelligence to simulate the tactics, techniques and procedures (TTPs) of threat actors against financial institutions. However, STAR-FS assessments are designed to allow for a lighter or optional involvement of the Regulator. Additionally, in STAR-FS engagements there is no validation of the Threat Intelligence (TI) from the National Cyber Security Centre (NCSC).
LRQA Nettitude were one of the first organisations to be recognised under the original CREST STAR scheme. We were also the first organisation to conduct a joint Threat Intelligence and Penetration Testing CBEST engagement. LRQA Nettitude has gone onto to deliver extensive services within global financial services and within the UK governments GBEST scheme having built a range of highly capable tooling to mimic the behaviours of threat actors.
About LRQA Nettitude:
Founded in 2003, as an industry thought leader, LRQA Nettitude aspires to lead the way in cybersecurity and technical assurance, on a global scale. Whilst many cybersecurity measures are reactive to emerging threats, we believe in proactively working with our clients to put in place preventative measures that reduce business’s vulnerabilities.
LRQA Nettitude provide a range of award-winning cybersecurity services from Penetration Testing to Security Risk and Consulting, Compliance Management, Incident Response, Training, Managed Security Services and Vulnerability Research.
About CREST:
CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market.