Threat Intelligence-Based Ethical Red Teaming (TIBER)

With the TIBER-EU framework, the European Central Bank (ECB) created a blueprint in 2018 for red team assessments, i.e. comprehensive cyber attack simulations by professional hackers (e.g. APTs and cybercrime groups) on banks, federal banks, insurance companies and other financial sector players in the European Union. This blueprint serves as a template for various national standards such as TIBER-DE in Germany, published by the Federal Ministry of Finance and the Deutsche Bundesbank.

In general, Red Team Exercises are intended to review the security of organizations (such as banks) holistically, from a technical as well as a human and organizational perspective, strategically and not just with regard to individual technical measures. TIBER uses the same approach to simulate real cyber attacks on critical functions (critical business processes) of financial institutions in order to determine their resilience and derive measures that can be used to further improve them.

TIBER-DE Red Team provider

NSIDE has been one of the first TIBER-DE Red Team Providers since 2022. As an experienced IT security service provider with a primary focus on Red Team Assessments since 2014, NSIDE is the right partner to carry out assessments according to the TIBER-DE framework. Please feel free to contact us for advice.

You are not yet sure whether TIBER-DE is relevant for you or need support in planning a test within the TIBER-DE framework? We will be happy to help you! Simply contact us without obligation and our experienced security analysts will be happy to help you.

TIBER „readiness“ tests

TIBER is not relevant under regulatory law in Germany and the TIBER Cyber Team insists strongly on not sharing any information with the supervisory authority. Nevertheless, the pressure to succeed in a TIBER Red Team Test is high for many institutions. In order to optimally prepare for an impending TIBER test, we offer TIBER “readiness” tests. We use our experience as a TIBER Red Team provider to prepare you in the best possible way for an impending TIBER test. Possible test variants include:

  • Conducting a Red Team Assessment, which is based on the TIBER framework but is not a TIBER test. Here, your Blue Team, i.e. your Security Operations Center (SOC) / defense team, is challenged and can call up what it has practiced so far in a seemingly real threat situation.
  • Conducting a Purple Team Assessment, in which we run through a TIBER test step by step together with your Blue Team in order to discover possible gaps in your detection capacities.

TIBER-DE

The standard called TIBER-EU from the European Central Bank (ECB) has created a blueprint for Red Team Assessments, full-scale cyber attack simulations by professional hackers (like APTs and cybercrime groups), on banks, federal banks, insurance companies, and other financial sector actors in the European Union. This blueprint serves as a template for various national standards, such as TIBER-DE in Germany, published by the Federal Ministry of Finance and the Deutsche Bundesbank.

In general, Red Team Exercises are intended to review the security of organizations (such as banks) holistically, from a technical as well as a human and organizational perspective, strategically and not only with regard to individual technical measures. Up to now, however, there were no standards in Europe regarding the approach to Red Team Assessments in the financial sector. Inspired by efforts such as CBEST in the UK, this has now changed with TIBER.

TIBER-EU

Recommendation of the ‘European Central Bank (ECB)’ on the conduct of Red Team Assessments

TIBER-EU from the European Central Bank created a framework in 2018 to further strengthen the cyber resilience of the financial industry. ‘Threat Intelligence-Based Ethical Red’ teaming simulates real cyber attacks on critical functions (i.e., critical business processes) of financial institutions in order to determine their resilience and to derive measures that can further improve them.

As an experienced IT security service provider with primary focus on Red Team Assessments, NSIDE is the right partner for performing assessments according to the TIBER-DE framework. Please do not hesitate to contact us for advice on this.

If you are not yet sure that TIBER-EU is relevant for you or you need support in planning a test within the framework of TIBER-EU, we will gladly offer support. Simply contact us without obligation. Our experienced security analysts will be happy to help.

Contents of TIBER-EU and TIBER-DE

TIBER stands for ‘Threat Intelligence-Based Ethical Red’ teaming, thus combining two components: Threat Intelligence (TI) and Red Team (RT) engagements. In this context, the Red Teaming part of a TIBER project should be based on Threat Intelligence (TI) findings in order to reflect the current threat situation in the financial sector as realistically as possible.

Who are Red Team Tests According to TIBER-DE Intended For?

Recommended by the Deutsche Bundesbank and the European Central Bank respectively, the framework was developed for the following organizations:

  • Large banks active in Germany
  • Large insurance providers active in Germany
  • Financial market infrastructures active in Germany
  • IT service providers active in Germany and critical to the financial sector

What Steps Does a TIBER Test Consist of?

A Red Team Test according to the TIBER framework consists of the following steps:

  1. Preparatory phase: Kick-off; determine the scope; establish communication channels, responsibilities and roles; define the critical functions that will become the test target of the assessment. Duration: 4 to 6 weeks.
  2. Test Phase: Core of the TIBER project, consisting of the following two parts.
Total duration: approx. 16 to 18 weeks:
  1. Threat Intelligence: Collection of information about the national and company-specific threat situation, which provides the basis of the procedure (TTPs – Tactics, Techniques, Procedures) of the Red Teaming is determined and a rough test plan is defined.
  2. Red Team Test: Full-scale attack simulation against the company according to the test plan
  3. Final phase: A comprehensive RT test report with findings of the test, identified gaps and comprehensive recommendations (technical as well as strategic) is prepared; relevant units in the company are informed about the test; lessons learned are collected; the Blue Team (defender side) also prepares a test report from its point of view (BT test report); a replay workshop can retrace individual attack steps (similar to Purple Teaming); general feedback is exchanged. Duration: up to 4 weeks.

OFFENSIVE CYBER SECURITY

Contact us to uncover and close your security gaps.