CBEST Red Teaming
Threat Intelligence-led Red Teaming
Pen Test Partners provides CBEST Red Teaming to assess the Prevention, Detection, and Response capabilities of financial institutions. It means that those institutions maintain resilience and are able to withstand attack from sophisticated threat actors.
What is CBEST?
CBEST is a framework for providing threat Intelligence-led simulated attacks against financial institutions in the UK, overseen by the Bank of England and Prudential Regulation Authority (PRA). Pen Test Partners has a history of delivering CBEST Red Teams in concert with Security Alliance, our Cyber Threat Intelligence (CTI) partner.
How does CBEST work?
In most instances, the Bank of England and PRA will notify a financial institution that they must undergo a CBEST. That financial institution is then responsible for procuring the service.
Once CTI and Red Team suppliers have been chosen and procured, the CTI supplier will conduct a detailed analysis of the target’s threat landscape, most relevant threat actors, and the creation of threat scenarios. They will also perform reconnaissance from the perspective of a threat actor, which will be combined to deliver a report to the institution and the regulator that contains the threat scenarios and objectives used to guide the Red Team Simulated Attack.
Pen Test Partners then conduct the Red Team Simulated Attack against the target institution.
Once we have achieved the objectives as laid out in the threat intelligence report, Pen Test Partners compose the final Red Team Simulated Attack report that is delivered to the target institution and the regulator. The report details the security posture of the organisation, attacks conducted during the engagement, and security deficiencies revealed, and recommendations to address the deficiencies and improve the resilience of the institution.
The regulator then has sight of how the recommendations are implemented.
What makes us a CBEST vendor?
As mandated by the Bank of England and PRA, to deliver the Red Team aspect of a CBEST, the engagement must be led by a CCSAM (CREST Certified Simulated Attack Manager) and a CCSAS (CREST Certified Simulated Attack Specialist). Both the CCSAM and CCSAS must also have 14,000 hours of penetration testing experience, and 4000 hours of testing financial institutions. Pen Test Partners maintains the appropriate technical knowledge, skill and competency required to deliver CBEST services as required by the Bank of England and PRA.
What makes Pen Test Partners great?
Pen Test Partners is proud to be a member of the prestigious CBEST framework. We have delivered CBEST Red Team Simulated Attacks in concert with our CTI, Security Alliance.
We have extensive experience performing CBESTs, as well as other threat intelligence-led exercises under frameworks such as GBEST, GCASE and STAR.
We pride ourselves on our communication and will make sure we are there to guide you before, during, and after the exercise.
Contact us, we’ll get back to you.