Threat-Led Penetration Testing
Simulate real-world attacks, uncover vulnerabilities, and strengthen your defenses in line with DORA requirements with guidance from Kroll's offensive security experts.
What is Threat-Led Penetration Testing?
The new Digital Operational Resilience Act (DORA) requires significant financial entities in the EU to carry out controlled assessments – ‘Threat-Led Penetration Tests (TLPTs)- of their cyber resiliency on a regular basis. This involves an intelligence-led approach to classic red team testing that target your most critical business systems by mimicking the tactics, techniques and procedures (TTPs) of real-life threat actors. Kroll's intelligence-driven approach to TLPTs combines cutting-edge methodologies and real-world attack simulations to assess your resilience against adversaries.
What Are the Key Requirements Under the DORA Regulation?
- Articles 25-27 stipulate that TLTPs take place against IT assets:
- Supporting ‘critical or important functions’ of a financial entity (including third party systems if/as appropriate).
- Using real world TTPs obtained via tailored Threat Intelligence Analysis.
- To proactively identify - and allow entities to swiftly mitigate/remediate - any weaknesses, deficiencies or gaps in their implementation of controls and counteractive measures.
- TLPTs must be performed at least every 3 years if your organisation is deemed in scope by the supervising authorities.
- TLPTs for DORA should be followed in accordance with the pre-existing TIBER-EU framework, with some additional considerations and aspects now also formalised and included in DORA e.g. purple team exercises are now mandatory.
How Kroll Can Help with Threat-Led Penetration Testing
Kroll is an award-winning provider of threat intelligence, penetration testing and red teaming services, conducting over 150,000 hours of security assessments every year. With more than 100 security qualifications, including CREST CRT, STAR, CC SAM and many more, we perform testing to the highest technical, legal and ethical standards.
How Threat-Led Penetration Testing Works
Our process begins with a detailed understanding and scoping of your critical business processes and supporting systems to align with compliance frameworks like DORA and TIBER-EU. Using real-world TTPs from advanced adversaries, we develop customized attack scenarios that emulate the behaviors of nation-states, cybercriminals, and insider threats.
Through controlled simulations, we test your defenses against techniques such as lateral movement, privilege escalation, and data exfiltration. Comprehensive reports provide detailed insights into attack paths, exploited vulnerabilities, and root cause analysis, with recommendations mapped to MITRE ATT&CK for prioritized remediation. Collaborative replay sessions and purple team workshops enhance your blue team’s detection and response capabilities, fostering stronger defenses through knowledge sharing. To ensure continuous improvement, we validate remediation efforts through retesting and integrate ongoing threat intelligence to keep your security posture adaptive and robust.
Why Kroll?
- Real-World Threat Intelligence
With over 150,000 hours of offensive security engagements annually, Kroll leverages real-world insights from advanced adversaries, ensuring your defenses are tested against the latest TTPs observed globally. - Regulatory Expertise
Kroll ensures compliance with critical frameworks like DORA and TIBER-EU by delivering structured, auditable reports and evidence tailored to meet regulatory standards. - Tailored Testing Scenarios
Every engagement is customized to align with your unique risk landscape, critical assets, and business objectives, providing actionable and prioritized insights. - Comprehensive Reporting
Our detailed reports include root cause analysis, MITRE ATT&CK mappings, and prioritized remediation strategies to empower effective vulnerability management. - Collaborative Approach
Replay sessions and purple team workshops foster collaboration between your teams and our experts, enhancing detection and response capabilities while strengthening overall defenses.
Stay Ahead With Kroll
Cyber and Data Resilience
Kroll merges elite security and data risk expertise with frontline intelligence from thousands of incident response, regulatory compliance, financial crime and due diligence engagements to make our clients more cyber resilient.
Financial Services Compliance and Regulation
In the ever-evolving financial services landscape, Kroll's award-winning team offers comprehensive regulatory and compliance services, guiding clients through registration, licensing, and compliance support to minimize risks and enhance efficiency globally.
Threat Exposure Management
Kroll’s field-proven cyber security assessment and testing solutions help identify, evaluate and prioritize risks to people, data, operations and technologies worldwide.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
