We have answered the questions we get asked most, have another question? Please Contact us!
TIBER stands for Threat Intelligence Based Ethical Red teaming and is a framework that helps authorities and organisations to use threat intelligence combined with red teaming to increase their cyber resilience.
This is done by simulating realistic (threat intelligence based) attacks on the participating organisations. By attacking yourself like a real threat actor would you learn where your organisation still has room to improve.
For the defenders in your organisation this looks like a realistic attack and therefore doesn’t only show technical vulnerabilities but also where certain detection and response procedures can be improved.
By doing TIBER as a sector lessons can be shared amongst the participants and the authority (like a central bank or supervisor) gets insight into the overall cyber resilience of their sector.
And by sharing lessons learned and discussing solutions to common themes a trusted community is formed in the sector.
There are a lot of different cyber testing methodologies to improve your cyber resilience.
Because they all have added value they should be used in conjunction to serve different goals.
Vulnerability scanning is an easy way to see which vulnerabilities you still have open on your system or network
The view on pentesting has changed in the last 15 years, but most see it as a more technical test to find vulnerabilities on a certain system or network segment and exploit these vulnerabilities to to see what the impact would be on your organisation.
Where red teaming differs from pen testing is that red teaming simulates a certain threat actor that attacks your organisation with a specific motivation. The goal is not to find as many vulnerabilities as possible, but the threat actor wants to reach its goal. By simulating this the defending team sees realistic signals of an attack that they can act upon.
TIBER goes further in this in that red teaming is done via a controlled framework based on threat intelligence, takes the whole organisation in scope, is end to end, is done on live production systems, with board involvement and often goes further then red teaming by actually performing acts like stealing funds or in a controlled way show that ransomware could have disabled critical systems.
Although TIBER was originally developped with and for the financial sector it is sector agnostic and can be used within any (vital) sector to increase it's cyber resillience. We do however encourage you to specificy the framework to your needs. We are happy to assist you in this process.
Since TIBER is an intense test that test not only defensive, but also detective and reactive controls it is not the best test if your organisation doesn’t have detection and reaction capability. For example if there is no Security Operations Center (SOC) or other security team that reacts to alerts you will learn less of this exercise.
Want to know what the best test for your organisation is? Contact us.
The Digital Operational Resilience Act known as DORA has the goal to increase cyber resilience in the financial sector by harmonising the approach authorities take towards financial organisations.
Amongst other things it mandates financial organisations to do testing based on a standard aligned to TIBER. Authorities in Europe who currently do not use TIBER-EU will therefore will need to ensure that they are ready to test their sector with a TIBER aligned framework.
Do you want to know more about how to prepare for DORA? Contact us.
We love the area of threat intelligence and red teaming and can talk about it for hours. Although the TIBER framework is public, actually implementing it and running tests is something that you cannot just do based on the documentation. We have helped many authorities and institutions get the most out of red teaming and are looking forward to helping you.
Please contact us with your questions for a free consult to see if we can help you increase your cyber resilience.
