Preparation for the Mandatory Security Check  

The IT landscape is subject to constant evolution due to the advancement of digitization, resulting in an ever-changing environment that is exposed to a growing number of threats. Ransomware attacks and security gaps in supply chains are prominent concerns, often resulting in significant financial losses.

In response, the EU has adopted the Digital Operational Resilience Act (DORA). This regulation aims to enhance the digital resilience of companies and organizations in the financial sector, as well as their service providers.

A central aspect of the regulation is the mandatory requirement for regular security checks on a technical level. These checks include threat-led penetration tests (TLPT) based on the TIBER-EU framework. A TLPT is a structured, holistic attack simulation under real-world conditions.

Our Offer for You

In light of the recent DORA regulation, is your company obligated to conduct periodic security assessments? What implications does this have for your systems and processes? What preparations are required? We are here to assist you with these and any other questions you may have. As part of our DORA Resilience Testing, we work with you to determine measures so that you are well prepared for when mandatory security checks are imposed .
Our services include:

Attack Simulation as Part of a Pre-TLPT: We offer the opportunity to test the resilience of your technical and organizational measures in a riskless environment, free from any consequences or conditions imposed by the Federal Financial Supervisory Authority (BaFin). This allows you to optimally prepare for both the prescribed TLPTs and for serious attacks.
During TLPTs, the approach and methodology of specific attacker groups are simulated in order to realistically model various attack scenarios. Our selection of scenarios is based on statistics from the BaFin on TLPTs that have already been carried out under the TIBER-EU framework. Based on this, we offer selected test scenarios that are implemented as part of a Red Team campaign.

Targeted Examination of Certain Systems, Networks or Devices as Part of a Penetration Test: Have you introduced a new system and would now like to verify its security mechanisms without exposing your entire corporate infrastructure to an attack simulation? We would be pleased to conduct targeted analyses of individual systems for you and assist you in achieving and sustaining a consistent security level.
Our services include penetration tests  for web and mobile applications, IT/OT infrastructures, cloud environments, embedded devices, and automotive hardware and software. Additionally, we can examine your systems for configurative deficiencies and deviations from best practices as part of our hardening checks. We can also check your source code during a source code analysis.

Threat and Risk Analysis: With our comprehensive threat and risk analysis service, we assist our clients in identifying potential risks and issues in a timely manner. In the initial phase, we identify and categorize critical assets, including facilities, systems, and data objects. Subsequently, potential threats to these assets are determined and evaluated in terms of probability of occurrence and resulting damage. This approach empowers you to fortify your security measures from the outset and adapt your conceptual decisions to potential threats early on.
This tool is particularly suitable for systems that are still in the planning or development stages. The results of the analysis can also be used to prepare for a penetration test or attack simulation.