Threat-Led Penetration Testing

Simulate real-world attacks, uncover vulnerabilities, and strengthen your defenses in line with DORA requirements with guidance from Kroll's offensive security experts.

What is Threat-Led Penetration Testing?

The new Digital Operational Resilience Act (DORA) requires significant financial entities in the EU to carry out controlled assessments – ‘Threat-Led Penetration Tests (TLPTs)- of their cyber resiliency on a regular basis. This involves an intelligence-led approach to classic red team testing that target your most critical business systems by mimicking the tactics, techniques and procedures (TTPs) of real-life threat actors. Kroll's intelligence-driven approach to TLPTs combines cutting-edge methodologies and real-world attack simulations to assess your resilience against adversaries.

What Are the Key Requirements Under the DORA Regulation?

Articles 25-27 stipulate that TLTPs take place against IT assets:
- Supporting ‘critical or important functions’ of a financial entity (including third party systems if/as appropriate).
- Using real world TTPs obtained via tailored Threat Intelligence Analysis.
- To proactively identify - and allow entities to swiftly mitigate/remediate - any weaknesses, deficiencies or gaps in their implementation of controls and counteractive measures.
TLPTs must be performed at least every 3 years if your organisation is deemed in scope by the supervising authorities.
TLPTs for DORA should be followed in accordance with the pre-existing TIBER-EU framework, with some additional considerations and aspects now also formalised and included in DORA e.g. purple team exercises are now mandatory.

Explore Cyber and Data Resilience

AI Security Testing Services

Cybersecurity Due Diligence Services

Penetration Testing Services

Agile Penetration Testing Program

Get a Quote

24X7 Hotline

Loading component...

How Kroll Can Help with Threat-Led Penetration Testing

Kroll is an award-winning provider of threat intelligence, penetration testing and red teaming services, conducting over 150,000 hours of security assessments every year. With more than 100 security qualifications, including CREST CRT, STAR, CC SAM and many more, we perform testing to the highest technical, legal and ethical standards.

Simulate Real-World Threats

Emulate adversarial tactics, techniques, and procedures to uncover vulnerabilities and assess your organization’s ability to detect and respond to attacks.

Show Defensible & Transparent Compliance

Achieve compliance with frameworks like DORA and TIBER-EU through structured TLPT, comprehensive reporting, and actionable evidence to support audits and attestations

Enhanced Detection & Response Capabilities

Enhance your blue team’s readiness against advanced threats through tailored attack scenarios, replay sessions, and collaborative purple team workshops designed to improve detection and response capabilities.

Get Actionable Insights & Remediation

Receive detailed, prioritized insights and remediation strategies, mapped to MITRE ATT&CK, to effectively address vulnerabilities and fortify your security posture.

Utilize the Latest Threat Intelligence

Our testing approach is fueled by the largest exposure to frontline intel from thousands of IR cases a year our testers frontline threat intelligence from handling thousands of cyber incidents every year.

Award-Winning Offensive Security Experts

Kroll is an award-winning pen testing and red teaming provider, conducting over 100,000 hours of security assessments every year, with more than 100 security qualifications across the team, including CREST CRT, STAR, CC SAM and many more.

Loading component...

How Threat-Led Penetration Testing Works

Our process begins with a detailed understanding and scoping of your critical business processes and supporting systems to align with compliance frameworks like DORA and TIBER-EU. Using real-world TTPs from advanced adversaries, we develop customized attack scenarios that emulate the behaviors of nation-states, cybercriminals, and insider threats.

Through controlled simulations, we test your defenses against techniques such as lateral movement, privilege escalation, and data exfiltration. Comprehensive reports provide detailed insights into attack paths, exploited vulnerabilities, and root cause analysis, with recommendations mapped to MITRE ATT&CK for prioritized remediation. Collaborative replay sessions and purple team workshops enhance your blue team’s detection and response capabilities, fostering stronger defenses through knowledge sharing. To ensure continuous improvement, we validate remediation efforts through retesting and integrate ongoing threat intelligence to keep your security posture adaptive and robust.

Loading component...

Why Kroll?

Real-World Threat Intelligence
With over 150,000 hours of offensive security engagements annually, Kroll leverages real-world insights from advanced adversaries, ensuring your defenses are tested against the latest TTPs observed globally.
Regulatory Expertise
Kroll ensures compliance with critical frameworks like DORA and TIBER-EU by delivering structured, auditable reports and evidence tailored to meet regulatory standards.
Tailored Testing Scenarios
Every engagement is customized to align with your unique risk landscape, critical assets, and business objectives, providing actionable and prioritized insights.
Comprehensive Reporting
Our detailed reports include root cause analysis, MITRE ATT&CK mappings, and prioritized remediation strategies to empower effective vulnerability management.
Collaborative Approach
Replay sessions and purple team workshops foster collaboration between your teams and our experts, enhancing detection and response capabilities while strengthening overall defenses.

Loading component...

Connect With Us

Tiernan Connolly

Managing DirectorCyber and Data ResilienceDublin

Tiernan Connolly tiernan.connolly@kroll.com +353 14283125

Loading component...

Stay Ahead With Kroll

Cyber and Data Resilience

Kroll merges elite security and data risk expertise with frontline intelligence from thousands of incident responses and regulatory compliance, financial crime and due diligence engagements to make our clients more cyber- resilient.

Learn More

Financial Services Compliance and Regulation

In the ever-evolving financial services landscape, Kroll's award-winning team offers comprehensive regulatory and compliance services, guiding clients through registration, licensing, and compliance support to minimize risks and enhance efficiency globally.

Learn More

Cyber Governance and Strategy

Manage cyber risk and information security governance issues with Kroll’s defensible cyber security strategy framework.

Learn More

Threat Exposure Management

Kroll’s field-proven cyber security assessment and testing solutions help identify, evaluate and prioritize risks to people, data, operations and technologies worldwide.

Learn More

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Learn More

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Learn More