Tiber-EU: Threat-driven penetration testing specifically for the financial sector

Standards & Certifications

TIBER EU / DE: How to use the framework
for the security of your company

TIBER EU is the European framework for Threat Intelligence-based Ethical Red Teaming. It is designed for companies in the financial sector that have already achieved a high level of information security maturity, allowing them to assess and further enhance their cyber resilience.

The financial sector is increasingly digitized and highly interconnected. A successful cyber attack on one company could quickly trigger a chain reaction, jeopardizing essential infrastructures.

TIBER EU is available in Germany as TIBER DE for actors with advanced maturity in IT security and a significant impact on the financial sector to enhance cyber resilience.

Does your company belong to one of the following groups? Then find out more about the modalities of a TIBER EU / DE test here!

Major banks operating in Germany

Major insurers with operations
in Germany

Financial market infrastructures
with active operations in Germany

IT service providers active in Germany
and are critical for the financial sector

Do you have any questions?
We advise you individually and realistically – whether you are just starting to explore the topic, already in discussions with the TIBER CYBER Team Germany, or actively looking for a service provider for your project.
Let's have a chat

Process of a TIBER EU Test with ProSec - A Comprehensive Overview

A TIBER EU test within the German framework, TIBER DE can be divided into 3 sections: Preparation, Execution, and Finalisation.

In the Preparation phase, your White Team plays a crucial role, but we are happy to support you even in this early stage. The TIBER DE Framework, for example, allows involving the external service provider to determine the scope in meetings. You can benefit from our extensive experience in scoping penetration tests and Red Teaming projects, ensuring you get the maximum value for your security from this project.

During the Execution phase, our teams take on the task of assessing your company-specific threat landscape and based on that, planning and executing the Red Teaming. While there should be no personnel overlap between the Threat Intelligence Team and Red Team according to the TIBER DE Framework, the uncomplicated communication channels when choosing ProSec are advantageous for you. This enables both teams to exchange information optimally throughout the execution phase, creating the maximum knowledge gain for you in both the report and the attack scenarios.

In the Finalisation phase, we offer you, in addition to a detailed and solution-oriented documentation, the Purple Teaming Workshop as the ideal opportunity for an efficient knowledge transfer from our Red Team to your Blue Team. This way, your IT team can understand how our Red Team proceeded and at which points they could have noticed and stopped it.

The following overview shows the individual phases of your TIBER project with all elements and involved groups. If you have any questions about the process, feel free to contact us anytime!

Preparation

Execution

Finalisation

•

•

•

Your White Team (Lead) + TIBER Test Manager:

  • Initiation meeting
  • Kick-off meeting
  • Test scoping meeting
  • Project plan
  • Scope specification

Your White Team (Lead) + ProSec:

  • If necessary, further test scope meetings

ProSec Threat Intelligence Team:

  • Collection of information on the threat situation
  • Scenario workshop
  • Threat situation report

ProSec Red Team:

  • Test plan workshop
  • Test plan Execution of the Red Team test
  • Addition to the threat situation report

ProSec Red Team:

  • Red Team test report on attacks and observations
    including information on optimization options

 

Your Blue Team:

  • Blue Team Test Report on defensive measures taken

 

Your White and Blue Team + ProSec Red Team + TIBER Test Manager:

  • Replay Workshop
  • Purple Teaming Workshop

 

All actors involved:

  • 360° Feedback Workshop

 

Your White Team Lead + TIBER Test Manager:

  • Response Strategy: Actions & Timeline
  • Final report: Summary of the test & Findings

 

 TIBER Test Manager:

  • TIBER DE Attestation

Roles and Responsibilities in a TIBER EU Test
within the German Framework

PSN_TIBER_Rollen_v2 copy

That's why Prosec is the right partner for the TIBER DE test of your financial company

Your safety is our goal

︾
Our ultimate goal is that our work actually advances YOUR safety. We strive to achieve this with honest advice, realistic test scenarios and pragmatic solutions.

We work 100% independently

︾
We have been operating at 100% without external investors or other obligations to third parties since our inception. Our consulting is based on our expertise, experience, and insider knowledge of the current threat landscape.

Get to know us personally!

For a joint project to be successful, the chemistry has to be right on both sides.

Use a non-binding introductory meeting to check this out!