Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Research Team Finds 50% Increase in Exposed Data in One Year
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Threat led penetration testing is, in essence, using threat intelligence to emulate the tactics, techniques and procedures (TTPs) of an adversary against a real time mission critical system. The concept is currently being implemented in a number of ‘flavors’ around the globe including schemes such as the UK’s STAR (Simulated Target Attack and Response) or CBEST scheme, the Netherlands TIBER (Threat Intelligence Based Ethical Red teaming) scheme and the Hong Kong based iCast schemes.
The recent quarter has seen some extremely significant development within the realm of threat led penetration testing (TLPT). The concept of TLPT is rapidly expanding beyond the United Kingdom. TLPT advances the boundaries of conventional penetration testing by seeking to adopt the tactics, techniques and procedures of an advanced threat actor aggressively targeting a critical system. You can read more about TLPT in a previous blog. Our work with the first two Dutch TIBER projects, as well as our workshop at the Bahrain International Cyber Security Forum & Expo, are great examples of this.
Given this expansion, I wanted to review of where the TLPT concept has come from and where it may be going to.
The origins of TLPT began with the UK’s CBEST scheme in 2013, to which Digital Shadows was a major contributor both in terms of the development of the original framework and the implementation of the actual projects. Since then, there have been around fifty CBEST style engagements of which Digital Shadows has carried out the majority, from which three lessons have emerged:
The CBEST scheme has been a huge success, which has led to the concept of TLPT being expanded beyond the financial services in the UK. Currently Hong Kong and the Netherlands have ‘in flight’ schemes with Singapore and the United States considering implementing their own proprietary schemes.
it is worth a speculating about some of the features that I feel will become fixtures within TLPT in the future.
The success of the CBEST scheme and the subsequent expansion suggests that threat led penetration testing is an exciting trend. Of course, CBEST and TIBER are evolving rapidly, and so predicting the future adoption by providers and users is unknown. However, by building on past successes and learning lessons, threat led penetration testing could go from strength to strength.