Intelligence-Led Penetration Testing
Security Alliance is one of the leading providers of threat intelligence assessments. Having performed numerous CREST STAR threat assessments and one of the first STAR-FS engagements, we are one of the most experienced and best qualified providers of CREST STAR and STAR-FS threat intelligence assessments in the market.
Our Intelligence Driven structured approach to performing this service provides the customer with a clear picture of the most likely and dangerous threats they face, how those threats are likely to manifest, and the elements of the organisation’s digital footprint threat actors would exploit in an attack.
CREST STAR (Simulated Targeted Attack and Response) is a framework similar to CBEST, which allows organisations outside CBEST or similar frameworks, of any maturity, in any industry to conduct a structured and professional intelligence led penetration test (simulated attack/Red Team) with accredited providers and certified individuals.
CREST STAR adopts the same core principles of CBEST, whereby the threat intelligence guides the testing, replicating credible threat actors, leveraging up-to-date tactics, techniques, and procedures (TTPs).
STAR-FS Follows the exactly the same principles, except that it is designed to be applied to the financial sector without geographic constraint, again outside the remit of CBEST and with limited involvement from the regulator.
The assessment offered by Security Alliance covers two main areas: the Threat Intelligence Assessment and Targeting Intelligence:
This contains the detailed analysis of your unique threat landscape. It is an assessment leveraging structured analytical techniques to identify the most relevant threat actors to you based on your organisation and critical business functions. A key output of this phase is the creation of realistic threat scenarios, which can be used by the red team to simulate during their attack. These are underpinned by threat level scoring, relevant use cases, and threat actor profiling.
In combination with the threat assessment, we also provide an in-depth review of your digital footprint. The purpose is to perform reconnaissance in the same way an attacker would against your organisation. We explain how these findings, which will be gathered through technical and manual collection techniques, can be leveraged by threat actors. These findings feed into the final attack scenarios. We also provide supporting mitigation and remediation advice for the findings.
To create the threat scenarios we fuse the likely attack scenarios, business functions, compromise actions, and infrastructure with the identified targeting findings, modus operandi and TTPs of the relevant threat actors. This provides you with detailed, technical and narrative based scenarios, fully mapped to MITRE ATT&CK.