Cybersecurity services and Integrated Risk Management solutions provider SureCloud has today announced that it has been accredited to provide Simulated Target Attack and Response (STAR) Intelligence-Led Penetration Testing services by the not-for-profit accreditation and certification body, CREST that represents the technical information security market.
CREST developed the STAR framework to deliver intelligence-led cybersecurity testing, incorporating advanced penetration testing and threat intelligence services to more accurately replicate cybersecurity threats to critical assets.
To meet CREST’s stringent requirements to secure STAR service provider status, SureCloud had to demonstrate its robust methodologies and sophisticated capabilities relating to the latest vulnerabilities and cybercrime techniques, as well as meeting government and risk management requirements.
“SureCloud have been successfully assessed against our strict criteria for the supply of Simulated Target Attack and Response (STAR) Intelligence-Led Penetration Testing services. In accrediting SureCloud we have recognised their high professional service standards and the rigorous approach they take in helping their customers mitigate risks and safeguard against advanced cyber attacks. We congratulate them on this excellent achievement.”
President of CREST, Ian Glover.
SureCloud’s VP of Cybersecurity, Mike Harrison, said: “The CREST STAR accreditation is a real testament to our capabilities as a business and it’s an important industry benchmark for delivering STAR intelligence-led penetration testing services. We’re proud to be amongst only 5% of UK penetration testing vendors that have been awarded this accreditation and are therefore able to offer STAR services in line with the high standards set by CREST. The fact we can deliver this excellent service through our vulnerability management platform means further value for our clients.”
This accreditation reinforces the strong performance of the SureCloud team in undertaking Red-Team simulated Cyber Attack services for their clients. Techniques used are typically a blend of penetration testing, social engineering, and physical breach attempts, with the overall aim being that organizations can prevent, detect and respond to the attack as if it were real. Crucially, this gives them a realistic overview for testing crisis management procedures, and how they might need to improve.
Given the complexity of these engagements, the standards you need to achieve a STAR accreditation are set exceptionally high, as it is imperative that the increasing number of organizations looking to undertake these engagements can understand who has the capability to deliver the highest quality service to them.
SureCloud’s Penetration Testing services have been CHECK approved since 2009 and has been re-certified by the Payment Card Industry Security Standards Council (PCI SSC) as a PCI Approved Scanning Vendor (PCI ASV) for more than 10 years running. SureCloud is certified by internationally recognized ISO/ IEC 27001 for achieving operational excellence, minimizing the risks of potential data breaches. SureCloud is also certified by Cyber Essentials Plus, complying with the requirements of the scheme, which focuses on technical control themes such as firewalls, secure configuration, user access control, malware protection, and patch management.
SureCloud is a provider of cloud-based, Integrated Risk Management (IRM) products, Cybersecurity and Risk Advisory services, which reinvent the way you manage risk. SureCloud connects the dots with IRM solutions enabling you to make better decisions and achieve your desired business outcomes. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset.
CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years.