CREST announces first STAR accredited companies

BT, Context Information Security, Nettitude and Portcullis awarded CREST accredited STAR (Simulated Targeted Attack and Response) service provider status

15 October 2014:   CREST has announced that BT, Context Information Security, Nettitude and Portcullis have all passed the stringent assessment to become the first organisations accredited to provide CREST STAR (Simulated Targeted Attack and Response) services.  Working alongside the Bank of England (BoE), UK Government and industry, CREST developed the STAR framework to deliver controlled bespoke, intelligence-led cyber security testing. STAR incorporates advanced penetration testing and threat intelligence services to more accurately replicate cyber security threats to critical assets.

Being part of the STAR scheme is a prerequisite for membership of the BoE CBEST scheme that was announced earlier in the year and aims to provide assurance to the most critical parts of the UK’s financial services industry.

“Existing penetration testing services in the financial services sector do not address the more sophisticated cyber attacks on critical systems,” said Ian Glover, President of CREST.   “STAR is threat intelligence based and has been developed to replicate the behaviours of those serious threat actors that pose a genuine threat to the UK financial services sector.”

Quotes from the STAR accredited companies:
“Our Ethical Hacking Centre of Excellence performs vulnerability assessments for global financial organisations every day.  Being part of the STAR scheme is important for BT.  Our experience has shown us that it’s vital to use intelligence-led attack scenarios to determine the actual security posture of the applications and network infrastructures used by our customers.  It’s all about helping our customers uncover the vulnerabilities, recommending remediation steps and helping them protect themselves against more advanced cyber-attacks.  We look forward to working with CREST and continuing to provide an exceptional service to our customers.” Mark Hughes, President BT Security

“CREST STAR accreditation is an important benchmark and formalises the approach we have been using with many of our clients over recent years,” said Owen Wright, Assurance Director at Context Information Security.   “We see it is a critical addition to traditional pen testing methodologies as it simulates real-world attacks in a realistic way to identify current vulnerabilities and further strengthen the protection provided by our UK financial institutions.”

“Nettitude is extremely proud to part of the first tranche of CREST companies to be formally accredited under the STAR scheme,” explains Rowland Johnson, CEO at Nettitude.   “We see the STAR scheme as a benchmark for delivering some of the most sophisticated and robust assurance in the industry today.  Through procuring STAR services, organisations will have confidence that their testing program uses current and up to date threat information to give a highly targeted assessment on their cyber security posture.”

“Portcullis is very pleased to be one of the first organisations to have achieved CREST STAR accreditation,” says Paul Docherty, Technical Director, Portcullis.   “STAR heralds not only a new era of security assessments but brings focused attack scenarios to engagements, recognition of real world attacks and helps organisations focus on Response as well as Compliance”.