DEVOPSdigest

AttackIQ announced the launch of testing aligned with the Digital Operational Resilience Act (DORA).

This empowers financial institutions in the European Union (EU) to gain important visibility to help support their compliance with DORA.

DORA mandates robust cybersecurity measures for financial institutions to withstand and recover from cyberattacks and operational disruptions. Key requirements include establishing ICT risk management frameworks, reporting ICT incidents, and conducting regular testing of ICT systems. AttackIQ has released new DORA assessments to simplify compliance testing by providing:

- Automated Threat Emulation: The DORA assessments execute the top tactics, techniques, and procedures (TTPs) employed by adversaries known to target financial services organizations. These TTPs reflect the latest intelligence and threat research into the top methods used by EU financial sector adversaries.

- Actionable Insights: The DORA Assessment Report provides comprehensive recommendations and mitigation strategies for any testing scenario that was not prevented. Recommendations are derived from the extensive knowledge base of the AttackIQ research team, enriched with insights from MITRE ATT&CK standards and industry best practices.

- MITRE ATT&CK Alignment: The DORA assessments align with MITRE ATT&CK, offering actionable insights in a framework leveraged by cybersecurity practitioners worldwide.

“AttackIQ is committed to helping EU financial entities & critical 3rd party providers strengthen their defenses against targeted attacks and achieve DORA compliance with minimal disruption,” said Carl Wright, Chief Commercial Officer of AttackIQ. “Our DORA assessments streamline the process by automating emulations based on real-world attacker behaviors outlined in MITRE ATT&CK.”

AttackIQ offers two test packages, Basic and Advanced, catering to different testing needs. The DORA Basic assessment evaluates essential, minimum functionalities of controls, providing a foundational understanding of their effectiveness. For a more in-depth analysis, the DORA Advanced assessment utilizes more sophisticated and targeted TTPs to go beyond the scope of the Basic tests.

Organizations leverage AttackIQ, to continuously test their security controls against real-world cyberattacks modeled on the MITRE ATT&CK framework. This allows them to identify weaknesses, prioritize security investments, and ensure their defenses are working effectively to prevent breaches and data loss.

AttackIQ DORA Basic and Advanced Testing Packages are now available to customers.