Threat intelligence based ethical red teaming, or TIBER, is a framework for performing threat intelligence-based red teaming exercises. It is meant as a guide on how authorities, entities, threat intelligence and red teaming providers should work together to test and improve the cyber resilience of your organization by carrying out a controlled cyberattack. FalconForce is an experienced TIBER red teaming provider and has been involved in the design of the framework since its beginning. We are happy to provide the red and purple teaming parts of a TIBER exercise, or organize the complete TIBER exercise by partnering up with a trusted threat intelligence provider that focuses on the threat intelligence part.
In summary, the approach consists of:
- Threat intelligence (TI): conducting a comprehensive threat intelligence assessment on your organization. Deliverables of this phase are a detailed targeting report and a threat intelligence report. These include suggested attack scenarios and a scenario X (an additional, creative scenario as backup). This part of the exercise is provided by our trusted TI provider, or another TI provider of your choice.
- Red teaming: at the end of the TI phase, a handover to the FalconForce red team takes place. We take the TI results as input for a thorough red team test plan, detailing the attacker scenarios, targets, learning goals, leg-ups and risks to be taken into account. After extensive discussion with and approval of this plan by the white team, our offensive professionals take the approach of an adversary and perform a realistic cyber attack on your organization to reach pre-defined goals. This comprises of executing the attack scenarios, and – where feasible – scenario X. During the red teaming phase, we collaborate very closely with the white team to discuss progress, next steps, risks and opportunities. Results and recommendations are captured in an elaborate red team report. At the end of the red teaming phase, a blue teaming debrief is held to detail to the blue team on the results. Moreover, the red team report is discussed with your management, security and IT stakeholders.
- Purple teaming: we believe that the ultimate objective of a TIBER exercise is to learn and enhance your cyber defensive capability. Therefore, we always facilitate at least one – but preferably two – purple teaming exercises as part of the TIBER exercise.
FalconForce is uniquely positioned to support your TIBER experience since:
- We have been involved with the TIBER framework since the very beginning. Our team regularly spars with TIBER Cyber Teams (TCT) in various countries about further enhancing the TIBER framework.
- Our team members are experienced security professionals that have been involved as red team operators, red team leads or red team managers in multiple TIBER projects.
- We have both offensive and defensive experts in-house, and will actively involve both expertises in the TIBER exercise. Since we speak both the language of attackers and defenders, this will greatly enhance the collaboration and discussions on defensive improvements.
- We can provide an integrated experience by teaming up with an outstanding threat intelligence provider, and oversee the complete exercise as one team.