SEKurity GmbH

TLPT · DORA · TIBER-EU

Regulator-ready,operationallyrealistic.

Threat-Led Penetration Testing under DORA Article 26 is not a checkbox exercise. It is a multi-month engagement that, under supervision of the competent authority, assesses the actual resilience of critical or important functions against realistic threat actors. We run these tests along the TIBER-EU framework — with a clear role split between threat intelligence, red team and test manager.

Request a TLPT engagement

01 · REGULATORY FRAME

What DORA and TIBER-EU require of you.

DORA Articles 26 and 27 oblige significant financial entities to perform Threat-Led Penetration Tests at least every three years. The European standard is TIBER-EU, implemented nationally — in Germany through TIBER-DE led by the Deutsche Bundesbank and BaFin. The test must cover critical or important functions in production, must not be pre-announced to operational teams, and concludes with a regulator-facing report.

02 · PHASES

Four phases, three parties, one outcome.

  1. PHASE · 01

    Generic Threat Landscape

    Alignment of the threat landscape report with the authority and test manager. Definition of relevant threat actors by sector, geography, and functional profile.

  2. PHASE · 02

    Targeted Threat Intelligence

    Development of an institution-specific threat profile: real TTPs, prioritised entry vectors, scenarios aligned to at least one realistic actor.

  3. PHASE · 03

    Red Team Test

    Execution in production. Blue team stays uninformed. White team controls escalation. Regular legs progress along the agreed scenarios.

  4. PHASE · 04

    Closure & Replay

    Purple-team session with the blue team, remediation plan, regulator reporting along TIBER-EU, attestation.

03 · ROLES

Clean separation is mandatory.

Threat Intelligence Provider and Red Team Provider are explicitly separated roles under TIBER-EU, each with documented qualification evidence. We cover both role profiles but only operate them jointly where the authority permits it. White team on the customer side, test manager typically with the national TIBER Cyber Team. We walk you through the entire governance structure.

DORA DEADLINE APPROACHING

TLPT with experience and clear governance.

We speak the language of your supervisor and the language of real attackers. Start the scoping conversation early — a TLPT under TIBER-EU typically spans six to twelve months including intelligence and closure phases.

Request scoping