What is TIBER EU?
Threat Intelligence-based Ethical Red Teaming (TIBER-EU), is a framework launched by the European Central Bank (ECB) to deliver a controlled, bespoke, intelligence-led, Red Team test of an entities’ critical live production systems.
The need for TIBER-EU was driven by the apparent need that other intelligence-led assurance programmes have enhanced the resiliency of various financial systems. Consequently, multiple regulators around the world started to explore, creating their own frameworks. Recognising the challenges of having multiple competing frameworks, the ECB decided to look at building a pan-European framework that could be leveraged across the whole of the Eurozone.
TIBER-EU is a framework of frameworks for Europe-wide adoption and is designed to provide commonality of approaches, yet flexibility, for domestic regulators to implement their own discrete assurance activities.
LRQA Nettitude has a very strong alignment to the financial services sector globally and have a dedicated team of professionals that are solely focused on delivering services for this segment. We are fully immersed in the TIBER cyber security framework, and can provide all elements of the Threat Intelligence and Red Team testing requirements. Our consultants deliver services across the EU, and we have language skills in most EU countries.
LRQA Nettitude not only holds some of the highest Cyber Threat Intelligence (CTI) and Penetration Testing/Red Teaming accreditations worldwide, but is accredited by various Regulators around the globe to conduct advanced testing. LRQA Nettitude is also quite unique in that it is both a CREST accredited CTI and Red Team provider. As a result of this capability, LRQA Nettitude has been responsible for delivering multiple high-profile Threat Intelligence-led Red Team assessments, in multiple jurisdictions across all sectors.
In addition to LRQA Nettitude’s accreditations, we have significant breadth of experience in global regulatory testing frameworks. Furthermore, we possess industry leading experience of regulatory collaborative testing focussed on people, processes and technologies – where results and recommendations must ensure organisations remain resilient to cyber-attacks.
The LRQA Nettitude CTI team is a global advisory practice, made up of individuals from a range of intelligence backgrounds, who work with leading government departments, regulators and organisations across multiple sectors and other specialist areas. The team hold vast experiences and CREST qualifications, such as the Crest Certified Threat Intelligence Manager (CCTIM); these are essential to manage and deliver the work required by TIBER-EU. Beyond their CREST certifications, the CTI team’s qualifications also extend to technical capabilities in technology, malware analysis, reverse engineering as well as understanding the technical, people, social and process elements of an organisations attack surface.
LRQA Nettitude’s CTI capabilities allow it to execute broad, intelligence-based targeting exercises, of the kind typically undertaken by real world threat actors as they prepare for their attack. The objective is to draw a picture of the target organisation, through the lens of an attacker. This approach allows us to design and deliver testing scenarios for a TIBER test. Our CTI team will not only shape the tests through the production of the key TIBER intelligence documents, but also provide added value to your organisation by reducing uncertainty, while aiding in identifying threats and opportunities that will reduce the risk of a real attack.
Our TIBER red teaming analysts will look to identify similarities and differences in vast quantities of information and detect deceptions to produce accurate, timely and relevant intelligence to help your organisation to answer the following key questions:
• Who are my real adversaries?
• What are their tactics, techniques and procedures?
• How do I defend against them?
• Where do opportunities lie?
• Is my security posture commensurate to my threat profile?
• What threats are of significance to the sector?
LRQA Nettitude’s CTI methodology, which not only meets but exceeds the requirements of TIBER, is based on industry standards. It follows best practice from global industry bodies.
Case Study – Deployed TIBER framework testing for a European National Bank
Designed for (supra) National Authorities and entities that form the core financial infrastructure, the TIBER-EU framework delivers a controlled, bespoke, and intelligence-led red team test of entities critical to live systems. As a result the bank’s detection mechanisms were significantly improved in its detection and response capabilities.
“The quality of the services delivered by LRQA Nettitude was outstanding…”
Find out more information on this case study below…
TIBER Red Team Testing
LRQA Nettitude has continued to build on its capabilities over the past decade. Positioned as one of the most highly experienced and capable cybersecurity companies in the world, LRQA Nettitude is proud to hold an extensive range of Penetration Testing and Red Teaming accreditations including CREST, TIBER, CBEST, STAR-FS and STAR – all of which fully exceed the minimum requirements of TIBER suppliers. TIBER engagements are designed to address the threat posed by real world threat actors. The ultimate aims of these engagements are to assess the real-world security posture of the target environment with a special focus on detection and response capabilities. LRQA Nettitude’s world class teams ensure the engagement maintains maximum realism and overall engagement integrity.
These engagements are run by a team that includes CCSAM (CREST Certified Simulated Attack Managers) and CCSAS (CREST Certified Simulated Attack Specialists) personnel. These are top tier certifications which help ensure that the engagement – which is naturally of a higher risk than Penetration Testing – is run to the high-quality standards that is demanded by TIBER testing, helping to maximise success and minimise associated risk. Building on TIBER requirements, to add even more value, LRQA Nettitude will also review your Incident Response activity throughout the TIBER engagement, and correlate this with both the Incident Response Plan, investigation reports and wider industry best practice advice. We will also review the overall escalation process, the actions taken on discovery, remediation and recovery actions that would have been enacted.
The purpose of this is to ensure that your organisation has the maximum opportunity to detect and respond to sophisticated cyber-attacks. The maturity assessment will provide you with both a current assessment, but also the foundations on which to build any remediation, improvement and future development roadmaps for your detection and response capability.
Why LRQA Nettitude
Quite simply, TIBER-EU has been designed as a blueprint for using Threat Intelligence and Red Teaming to identify and combat cyber risk. A TIBER assessment can be a daunting prospect from a time and resource perspective, which if not done correctly, can provide an invalid or weak output. A key differentiator for LRQA Nettitude is our dedicated Research and Innovation team who are at the forefront of the industry, creating new tools and techniques to further our capability. This team proactively gathers CTI and has implemented a global honeypot network with over 200 nodes distributed around the world, including strategically placed devices in key global services hubs.
LRQA Nettitude is fully experienced and seasoned to guide you on your TIBER cyber security journey, catering for the scale and complexity of a multi-stakeholder testing engagement, delivering a fully collaborative, risk-managed engagement where there is cross-border acceptance of testing results. We firmly believe that one of the key outcomes from a TIBER engagement is to enhance an organisation’s ability to detect and respond to sophisticated adversaries. As a consequence, a purple teaming initiative is conducted as a final stage in the engagement, this facilitates prescriptive guidance on how to enhance detection and responsive capabilities.
Ultimately, LRQA Nettitude will help you test your security posture and operating model, provide insight and clarity around your ability to reliably prevent attacks and also detect and implement a response. By working with LRQA Nettitude, your TIBER test will provide you with this insight and unparalleled levels of value to all of the stakeholders involved – answering the question ‘how vulnerable are we?’.