F-Secure Receives STAR-FS Accreditation from CREST

F-Secure Consulting is accredited as a provider of intelligence-led penetration testing services for the financial sector as part of the CREST STAR-FS framework.

Helsinki, Finland – July 8, 2021: F-Secure Consulting, a research-led cyber security consultancy, has been accredited by CREST, the international accreditation and certification body supporting the technical information security market, to provide intelligence-led penetration testing services for the financial sector as part of the STAR-FS framework.

The STAR-FS testing framework (Simulated Targeted Attack and Response for Financial Services) was developed to support organizations in enhancing their cyber resilience by assessing the effectiveness of financial firms’ cyber capability and risk profile.

With lighter involvement from regulators in comparison to CBEST (a similar framework for which F-Secure has been accredited since its inauguration in 2014), STAR-FS makes rigorous testing standards available to a wider array of financial institutions.

Like CBEST and its European counterpart TIBER from the European Central Bank, STAR-FS assessments leverage red teaming concepts to simulate the tactics, techniques and procedures threat actors have been observed using against financial organizations.

“This accreditation once again underscores our commitment to helping financial firms across the globe, no matter their regulatory territory, to ensure their cyber resiliency in response to the global threat landscape,” says Dave Hartley, Global Technical Director at F-Secure Consulting. “STAR-FS accreditation complements our existing approved and accredited regulatory and supervisory testing service portfolio, such as CBEST, GBEST, TBEST, TIBER, iCAST, AASE, CORIE, STAR, and other tests. When combining these engagements with our full spectrum of rainbow teaming activities, organizations can continuously develop their cyber security capabilities and build resilience in response to the latest threats.”

The STAR-FS process, which is currently undergoing tests and pilot assessments, uses commercially available threat intelligence services to define realistic, current threat scenarios that are used by penetration testers to replicate real-world attacks on critical operational systems. The process allows for consistent formal reports that provide evidence to regulators or supervisors of the evaluated firm’s level of cyber resilience. It also helps firms understand where improvements in their security can be made across the scope of their people, processes and technologies.

F-Secure Consulting is a multi-disciplinary global team that helps enterprises overcome the most complex security challenges and build resilience against the most advanced targeted attacks. Its offerings cover a wide variety of capabilities, including incident response, adversary simulation, and cloud assurance.

About F-Secure

Nobody has better visibility into real-life cyber attacks than F-Secure. We’re closing the gap between detection and response, utilizing hundreds of our industry’s best technical consultants, millions of devices running our award-winning software, and ceaseless innovations in artificial intelligence. Top banks and enterprises trust our commitment to beating the world’s most potent threats. Together with our network of the top channel partners and over 200 service providers, we’re on a mission to make sure everyone has the enterprise-grade cyber security we all need.

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.

f-secure.com | twitter.com/fsecure | linkedin.com/f-secure

F-Secure media relations

Adam Pilkey

PR Content Manager

+358 40 637 8859

Press list

Sign up for media information from F-Secure.

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Press archive

By year

Browse through our news by year.

By category

Browse through our news by category.