Zerolynx: reference in TLPT Tests - Red Team for the financial sector
Juan Antonio CallesShare
The DORA (Digital Operational Resilience Act) regulation, adopted by the European Union, establishes a regulatory framework to strengthen the digital operational resilience of financial entities, understanding financial entities not only to banks, but also to insurers, investment funds , cryptoasset companies and countless financial service providers of different types. This regulation seeks to ensure that financial sector institutions can resist, respond and recover from any type of cyber incident and other technological disruptions. In an environment where dependence on technology is crucial, DORA becomes a fundamental pillar to protect the stability of the European financial system and customer confidence.
One of the key elements of DORA is the requirement to perform Advanced Threat Led Penetration Testing, known as TLPT (Threat Led Penetration Testing). These exercises allow financial institutions to evaluate their ability to detect, respond and mitigate advanced simulated cyberattacks under realistic conditions. The threat-driven nature of these exercises ensures that testing is relevant and specific to the risks each organization is exposed to.
The implementation of TLPT exercises not only evaluates technical preparation, but also internal coordination and crisis response capacity. These exercises are carried out by Red Team teams, which simulate advanced attacks to identify vulnerabilities in the organization's systems, processes and personnel. The objective is to strengthen the entity's global security, improving both technological controls and mitigation and recovery strategies. And, since the ECB itself already had a methodology called Tiber-EU, transposed in many countries such as Spain (Tiber-ES), which was already aimed at training entities with cyber exercises based on flags that emulated TTPs, They have decided that this and no other is the reference framework on which to base themselves.
Ultimately, the DORA regulation, together with the TLPT exercises, represents an essential step towards the comprehensive protection of the European financial ecosystem. By requiring rigorous testing and robust resilience practices, we foster a proactive and robust cybersecurity culture that protects not only institutions, but also customers and the broader economy from emerging threats.
Red Team Exercises under TIBER-EU
Since Regulation (EU) 2022/2554: Digital Operational Resilience Act (DORA) was published on December 27, 2022, the Tiber-EU framework has begun to be seen as an indispensable travel companion for financial institutions. , who until then saw it as a voluntary methodology that, as best practices, provided them with a repeatable way to measure whether they were doing their homework well. Although its origin dates back well before DORA and dates back to the British proposal for CBEST, which was later pushed by the Netherlands with its Tiber-NL, it has not been until recent years when it has been established as a key framework and reference. fully compatible with DORA and will probably see a more aligned approach if possible in its next update.
And there is no doubt that 2024 has been fundamental for DORA, as it has been the year in which the largest RTS package has been published and it was the last year before the starting gun on January 17, 2025, the date which marks the end of the transition period since its entry into force. For this reason, many financial entities have already begun to catch up with the regulation, and have begun to train through TLPT exercises carried out by companies that are experts in Cybersecurity and Red Teaming. In this sense, Zerolynx has been one of the preferred options, since it has been the company that more than 10 financial entities have chosen to carry out their TLPT exercises in 2024, in order to anticipate what is to come in this near future. 2025.
TLPT (Threat Led Penetration Testing)
Unlike traditional penetration testing, TLPTs focus on emulating real attacks based on the tactics, techniques and procedures (TTPs) of specific malicious actors that pose a plausible threat. This approach allows a more realistic assessment of the organization's ability to detect, respond and mitigate targeted attacks, ensuring effective protection against advanced threats.
The main objective of TLPT is to measure the organization's resilience against specific threats. This includes evaluating the effectiveness of defense systems in detecting and responding to attacks, identifying critical vulnerabilities in infrastructure, applications and processes, and validating the effectiveness of existing security controls. Additionally, TLPTs help improve preparedness against targeted attacks, allowing organizations to adjust their defensive strategies based on realistic scenarios that reflect the current threat landscape.
