Threat Intelligence-Based Ethical Red Teaming
Testing your defences for ever and ever
In compliance with the TIBER EU Framework
Learn more on europa.eu
In 2018, the European Central Bank released a reference framework for the execution of Red Teaming activities specific to the financial world, called TIBER-EU. Over the years, several European states have implemented this framework, adapting it to their national context. The Bank of Italy, IVASS and Consob, in August 2022, adopted the TIBER-IT model recommending it to all entities subject to their supervision.
In 2022, the new European regulation DORA, Digital Operational Resilience Act, came into force, relating to the convergence of the requirements that financial institutions must adopt regarding the security of digital systems.
Among the requirements of the regulation, in particular in the Digital Operational Resilience Testing area, it is mandatory to perform red teaming activities through the involvement of Third Parties, qualified in the execution of the aforementioned activities and in compliance with the TIBER-EU framework.
As early as 2018, IMQ Intuity adopted the guidelines of the TIBER EU framework, applying them to its Threat Intelligence and Red Team services, in order to comply with the European model in support of financial institutions.
The tests make it possible to verify the Protection, Detection & Response capabilities, simulating real attacks that reproduce the tactics, techniques and procedures (TTP) of known Threat Actors and using attack methods developed from time to time for the specific context.
Identify, Protect, Detect
01. Preparation Phase
The Financial Entity decides to undergo TIBER testing and chooses Threat Intelligence and Red Team Providers. In this phase, the White Team is set up, the only group within the organization to be aware of the activity.
02. Testing Phase
The test begins with the Threat Intelligence phase aimed at collecting information relating to the financial entity, thanks to which potential threat scenarios are developed. The Red Team Provider relies on these to develop attack scenarios to be used during testing.
03. Closure Phase
All interested parties, including the Blue Team who is finally informed of the test, analyze the outcome and plan the necessary improvements to strengthen the cyber resilience of the entity being tested. This sharing activity, called “Replay Workshop” represents the main Purple Teaming moment of the project. The final report prepared by the providers involved in the tests is also delivered.
Why choose TIBER Red Team?
• Allows the entity to carry out an attack simulation regulated and structured on the model released by the ECB.
• This is currently a voluntary tool and its use is not a requirement for regulation, oversight or supervision. However, the direction taken by the regulator is to make it mandatory and extend it to other sectors and companies critical to the national economy.
• Measure the company’s level of security using a state-of-the-art approach and methodology for the industry.
• Measure the effectiveness of security measures already in place, as well as third-party technologies and services.
• Plan future investments starting from objective and irrefutable data, obtained by simulating a real situation.
• Carrying out specific tests in a structured way, allows the entity to avoid the costs imposed by the supervisory authorities in response to incidents caused by the lack of adequate security measures.
Why choose IMQ Intuity
IMQ Intuity has been performing Red Team activities since 2016, being among the first in Italy to integrate all aspects of Social Engineering and physical security testing into its attack simulation services.
Since 2018, the IMQ Intuity Red Team has implemented the indications of the TIBER-EU framework, adapting its Red Team service accordingly.
The experience gained working with leading European companies, in the financial, insurance, industrial, tertiary and public administration fields, make our company one of the most authoritative and prepared interlocutors in the offensive security market in Italy.
The skills of our experts in Threat Intelligence and Red Teaming, proven by the main industry certifications, allow us to offer companies a complete and integral view of the entire chain of attacks on the business and support them in defining an improvement plan.
Not sure if you’re ready?
IMQ Intuity also offers a service called TIBER-LIKE: an attack simulation compliant with the TIBER-EU specifications but devoid of all formal aspects. The purpose of the TIBER-LIKE service is to prepare the company for a subsequent TIBER-EU, verifying the state of the art, keeping costs and execution times low. The TIBER-LIKE does not have the direct purpose of obtaining the TIBER-EU certification.