BAE Systems first firm to receive CBEST approval for pentesting/threat intel
BAE Systems Applied Intelligence is the first company to receive Bank of England approval to deliver threat intelligence and penetration testing services to the UK financial sector.
It gained the approval by passing the financial industry's bespoke testing regime, CBEST, set up by HM Treasury, the Financial Conduct Authority (FCA) and the Bank of England (BoE) to addressed weaknesses in independent cyber-security assessment schemes.
According to the BoE, “CBEST differs from other security testing currently undertaken by the financial services sector because it is threat intelligence based, is less constrained and focuses on the more sophisticated and persistent attacks on critical systems and essential services.”
The tests are designed to simulate real attacks, based on up-to-date threat intelligence, enabling boards of directors to understand business impacts and take meaningful action.
BAE Systems Applied Intelligence said that intelligence-led penetration testing is one of the cornerstones of CBEST and the exercise has given BAE a wealth of information on the tools and techniques known to be employed by attackers who are actually attacking financial institutions.
Scott McVicar, managing director, EMEA Commercial Solutions for BAE Systems Applied Intelligence, said: “Intelligence-led penetration testing has to be based upon rich contextualized intelligence which informs and guides how the test should be conducted, what attack methods should be simulated and where testers should focus their resources. This method of testing provides a more structured and effective approach for companies to mitigate their cyber-risk and understand the real effectiveness of the key technical security controls they have in place.”