Threat Intelligence Led Penetration Testing STAR (Simulated Target Attack and Response) services

JUMPSEC is a CREST STAR provider. We help organisations measure how effectively they respond to advanced attacks and how their internal incident response teams identify, contain, and neutralise threats.

Threat Intelligence Led Penetration Testing STAR (Simulated Target Attack and Response) services

‘Working alongside the Bank of England (BoE), UK Government and industry, CREST developed the STAR framework to deliver controlled bespoke, intelligence-led cyber security testing. STAR incorporates advanced penetration testing and threat intelligence services to more accurately replicate cyber security threats to critical assets.’ -CREST website.

In order to perform attacks using the STAR framework, ethical hacking companies must have completed the required tests in order to become CREST approved. The framework is designed to replicate a real hacker in both approach and method. Though the CREST approval can provide assurance that it is being done properly and with all the required precautions in place to protect the company being tested, from any form of disruption.

Why is Intelligence Led Penetration Testing important?

While traditional penetration tests can provide an insight into specific aspects of your company’s security stance, a more holistic approach of STAR Testing can be hugely valuable for a broader picture.

The STAR service, by design, is not restricted by dated methods and therefore provides a more current and realistic security test, than other available in the market.

STAR assessments are broken down into 3 components: STAR threat assessment, STAR targeted attack assessment and Incident response maturity assessment (IRMA). (links)

Traditional penetration testing is a proven method of testing the effectiveness of security controls. It can demonstrate a good baseline of resilience against common and well understood threats.

However, to address the more targeted and sophisticated attacks preferred by your unique cast of threat actors, you need to test with intelligence.

Intelligence lead penetration testing has always represented the most realistic way to stress test our client’s cyber defences against real-world attacks, and STAR sets the standard in this area. Being part of the STAR scheme is a prerequisite for membership of the BoE CBEST scheme and aims to provide assurance to the most critical parts of the UK’s financial services industry.

What do JUMPSEC provide?

JUMPSEC provides fully managed, end-to-end CREST STAR (Simulated Targeted Attack and Response) engagements.  

Our CREST STAR simulated attack service uses detailed scenarios provided by approved threat intelligence sources (including JUMPSEC’S in-house Team) to identify potential attackers (threat actors).

Our Threat Assessment identifies three things:

  • Demographic and behavioural information on the threat actors targeting your organisation
  • Their preferred methodologies and most likely attack vectors
  • Your critical systems and high-value assets and their potential vulnerabilities

These findings directly improve the accuracy and quality of the simulated attack scenarios that we then generate during the CREST STAR engagement.

The inclusion of specific cyber threat intelligence greatly increases the relevancy and accuracy of the CREST STAR process by aligning the simulated tests with the realities of your evolving threat landscape, thus uncovering true unique cyber risks relating to your organisation.