STAR-FS is the new standard for threat-led penetration tests within the financial services organisation. Very few organisations are accredited to provide STAR-FS and Orpheus is one of these select companies.
A threat-led penetration test creates realistic and current threat scenarios for penetration test teams to test against. This approach replicates likely tactics from relevant threat actors and tests the scenario in which you are most likely to be attacked. Once a threat intelligence organisation has developed the scenarios, these are passed to penetration testers to enact.
The largest banks in the UK have been required to undertake a CBEST for some time. A CBEST is also a threat-led penetration test but this is directly requested by the regulators. The CBEST requires significant involvement from the regulators, with their sign-off required at various stages of the process. While the largest organisations have been required to undertake a CBEST for some time, STAR-FS is a scaled-down version which does not require as much involvement from the regulator in the process. As this requires less regulator involvement from the CBEST, a STAR-FS is faster and cheaper to undertake while still providing similar results.
With the recent introduction of CQUEST it is expected that more organisations will be looking to the STAR-FS scheme. A STAR-FS test will provide an indication of the cyber resilience of the organisation and provide useful insights for organisations looking to improve their cybersecurity. Undertaking this without a direct request may also help the organisation be seen favourably by the regulator, in addition to providing useful insights into their cybersecurity posture.
A threat-led penetration test will give you insight into the areas where your business is most vulnerable. Remediation can be provided to the most critical areas, making the best use of your resources. Conducting a penetration test using the regulatory framework demonstrates compliance and will reduce the likelihood of further regulatory intervention.
If you would like to discuss your needs for STAR-FS or CBEST, please get in touch.
Get our latest cyber intelligence insights straight into your inbox every week
Fill out the short form below to subscribe to our newsletter so that you never miss out on
our cyber intelligence insights and news.
Privacy Overview
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
Strictly Necessary Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features. These must be enabled at all times, so that we can save your preferences.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
If you do not enable Strictly Necessary Cookies, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
Request Demo Access
Fill out your details below and we'll be in touch to arrange demo access for you as soon as
possible.
