F-Secure Oyj

07/08/2021 | Press release | Distributed by Public on 07/08/2021 01:12

F-Secure Receives STAR-FS Accreditation from CREST

Helsinki, Finland - July 8, 2021: F-Secure Consulting, a research-led cyber security consultancy, has been accredited by CREST, the international accreditation and certification body supporting the technical information security market, to provide intelligence-led penetration testing services for the financial sector as part of the STAR-FS framework.

The STAR-FS testing framework (Simulated Targeted Attack and Response for Financial Services) was developed to support organizations in enhancing their cyber resilience by assessing the effectiveness of financial firms' cyber capability and risk profile.

With lighter involvement from regulators in comparison to CBEST (a similar framework for which F-Secure has been accredited since its inauguration in 2014), STAR-FS makes rigorous testing standards available to a wider array of financial institutions.

Like CBEST and its European counterpart TIBER from the European Central Bank, STAR-FS assessments leverage red teaming concepts to simulate the tactics, techniques and procedures threat actors have been observed using against financial organizations.

'This accreditation once again underscores our commitment to helping financial firms across the globe, no matter their regulatory territory, to ensure their cyber resiliency in response to the global threat landscape,' says Dave Hartley, Global Technical Director at F-Secure Consulting. 'STAR-FS accreditation complements our existing approved and accredited regulatory and supervisory testing service portfolio, such as CBEST, GBEST, TBEST, TIBER, iCAST, AASE, CORIE, STAR, and other tests. When combining these engagements with our full spectrum of rainbow teaming activities, organizations can continuously develop their cyber security capabilities and build resilience in response to the latest threats.'

The STAR-FS process, which is currently undergoing tests and pilot assessments, uses commercially available threat intelligence services to define realistic, current threat scenarios that are used by penetration testers to replicate real-world attacks on critical operational systems. The process allows for consistent formal reports that provide evidence to regulators or supervisors of the evaluated firm's level of cyber resilience. It also helps firms understand where improvements in their security can be made across the scope of their people, processes and technologies.

F-Secure Consulting is a multi-disciplinary global team that helps enterprises overcome the most complex security challenges and build resilience against the most advanced targeted attacks. Its offerings cover a wide variety of capabilities, including incident response, adversary simulation, and cloud assurance.