CBEST assessments reflect some of the most sophisticated types of assessments that exist within the financial services sector today. Created by the Bank of England and supported by CREST, CBEST assessments have the following key elements
- Make significant use of Cyber Threat Intelligence
- Deliver sophisticated Red Team style assessments that mimic known threat actors
- Provide Incident Response maturity assessments
CBEST engagements are unique when compared to many other types of assessments. This is due to the following key elements.
- CBEST engagements can only be instigated by the Bank of England. The Bank of England are involved in the scoping of the assessments and determine which types of assets and systems comprise the test scope.
- The threat intelligence used to determine the testing approaches is augmented by GCHQ (Government Communications Head Quarters)
These 2 elements make CBEST engagements highly unique, providing unparalleled levels of value to all of the stakeholders involved in the assessments.
Request a free quote
Nettitude is one of only a handful of CBEST approved service providers to be accredited by both CREST and the Bank of England as CBEST Penetration Testing providers and CBEST Threat Intelligence providers. This unique capability allows us to provide our clients with end-to-end CBEST services.
CBEST Threat Intelligence Requirements
CBEST requires organisations to commission a Threat Intelligence gathering exercise by a CBEST approved threat intelligence provider. This exercise delivers the following.
- Reviews geo-political threats known to be operating in the sector and sub-sector
- Reviews TTP and Modus Operandi of threat actors known to be targeting similar types of organisations
- Review Open Source Intelligence relating to the organisation and the industry they operate within
- Gathers and reviews closed source intelligence relevant to the organisation
- Creation of a series of scenarios that reflect real world ‘likely’ threats
- Inclusion of TTP’s to be simulated, goals to be executed and targets to be pursued.
- All threat intelligence is reviewed and ratified by GCHQ
Nettitude has extensive experience with CBEST, and has a full team of certified individuals that hold CREST CCSAS, CCSAM and CCTIM certifications. All of our CBEST engagements are fully project managed, and we have dedicated managers assigned to each CBEST engagement that we deliver. We have comprehensive methodologies for our CBEST process, and a strong list of testimonials to support our capability to operate within this space.
Advanced Red Team Tooling
Nettitude has developed its own state of the art custom tooling to mimic sophisticated threat actors that are known to be prevalent within the financial services sector. As a consequence, when we deliver CBEST engagements, we are able to deliver a true reflection of the types of TTPs that threat groups are known to be leveraging. This toolset is unique within the industry and is one of the reasons why Nettitude’s team has been highly successful in supporting organisations intelligence led assurance strategies.
How Nettitude can help
Nettitude has a strong reputation for delivering cyber assurance within the Financial Services sector. We have worked on intelligence led red teaming frameworks in the UK, US and many other European and Middle Eastern countries. Our team have amassed significant experience in assessing high speed critical financial systems and we fully understand both the intricacies and the risks associated within the sector.
Nettitude was one of the first CBEST approved Penetration Testing service providers. We have been committed to working with both the financial services regulator and CREST from the outset, and consequently have taken a proactive role in supporting and educating the sector. In 2015, we worked with SC Magazine to create a specific eBook, titled CBEST demystified. This eBook was issued to help explain what CBEST is, and how it delivers value within the financial services sector.