F-Secure Consulting is accredited as a provider of intelligence-led penetration testing services for the financial sector as part of the CREST STAR-FS framework.
Helsinki, Finland – July 8, 2021: F-Secure Consulting, a research-led cybersecurity consultancy, has been accredited by CREST, the international accreditation and certification body supporting the technical information security market, to provide intelligence-led penetration testing services for the financial sector as part of the STAR-FS framework.
The STAR-FS testing framework (Simulated Targeted Attack and Response for Financial Services) was developed to support organizations in enhancing their cyber resilience by assessing the effectiveness of financial firms’ cyber capability and risk profile.
With lighter involvement from regulators in comparison to CBEST (a similar framework for which F-Secure has been accredited since its inauguration in 2014), STAR-FS makes rigorous testing standards available to a wider array of financial institutions.
Like CBEST and its European counterpart TIBER from the European Central Bank, STAR-FS assessments leverage red teaming concepts to simulate the tactics, techniques and procedures threat actors have been observed using against financial organizations.
“This accreditation once again underscores our commitment to helping financial firms across the globe, no matter their regulatory territory, to ensure their cyber resiliency in response to the global threat landscape,” says Dave Hartley, Global Technical Director at F-Secure Consulting. “STAR-FS accreditation complements our existing approved and accredited regulatory and supervisory testing service portfolio, such as CBEST, GBEST, TBEST, TIBER, iCAST, AASE, CORIE, STAR, and other tests. When combining these engagements with our full spectrum of rainbow teaming activities, organizations can continuously develop their cybersecurity capabilities and build resilience in response to the latest threats.”
The STAR-FS process, which is currently undergoing tests and pilot assessments, uses commercially available threat intelligence services to define realistic, current threat scenarios that are used by penetration testers to replicate real-world attacks on critical operational systems. The process allows for consistent formal reports that provide evidence to regulators or supervisors of the evaluated firm’s level of cyber resilience. It also helps firms understand where improvements in their security can be made across the scope of their people, processes and technologies.
F-Secure Consulting is a multi-disciplinary global team that helps enterprises overcome the most complex security challenges and build resilience against the most advanced targeted attacks. Its offerings cover a wide variety of capabilities, including incident response, adversary simulation, and cloud assurance.
Nobody has better visibility into real-life cyber attacks than F-Secure. We’re closing the gap between detection and response, utilizing the unmatched threat intelligence of hundreds of our industry’s best technical consultants, millions of devices running our award-winning software, and ceaseless innovations in artificial intelligence. Top banks, airlines, and enterprises trust our commitment to beating the world’s most potent threats. Together with our network of the top channel partners and over 200 service providers, we’re on a mission to make sure everyone has the enterprise-grade cybersecurity we all need.
Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.
F-Secure media relations
PR Content Manager