Threat Intelligence Based Ethical Red Teaming

TIBER - Threat Intelligence Based Ethical Red Teaming

TIBER - Threat Intelligence Based Ethical Red Teaming - is a framework for security testing based on specific threats to the finance industry.
The framework was promoted by the Dutch Central Bank to improve the protection, detection and response capabilities of financial institutions against cyber attacks and to improve the overall cyber resilience of the financial sector.

The TIBER security tests are based on tactics, techniques and procedures of real hackers and specific threats to the financial industry. Our researchers perform controlled attacks on the critical functions of the institution and its underlying systems and services, including its people, processes and IT infrastructure. To demonstrate the consequences, only a small team of people know that it is is a test attack. The goal of the test is for the institution to learn from the attack and to improve their security measures.

TIBER takes Red Teaming a little further, and defines two additional main activities, namely the Threat/Target Intel phase (with specific components and deliverables) and the detailed Blue Team evaluation session. In fact these activities are useful and necessary in creating value for the target organization, that Secura nearly always performs these steps, even in non-TIBER-based Red Team assignments.

Our TIBER assessments comprise three main deliverables: a clear Threat Intelligence report
with relevant threats and executed OSINT, a detailed Red Teaming report with all attacks and steps taken, and the Blue Team evaluation workshops with re-play sessions/PurpleBox.

Secura’s experience in Red Teaming, combined with our capabilities, passion and TIBER-specific experience, provides our customers with the best possible basis for the clean, solid execution and management of TIBER engagements.

Download White Paper


Download TIBER White Paper

Detailed description of Secura's TIBER Service.





Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.