After a two-year implementation period, EU financial companies are obliged to implement the DORA (Digital Operational and Resilience Act) by the deadline of January 17, 2025.
DORA focuses on the risk management of business processes classified as critical or important. This includes identifying and monitoring the assets involved. To ensure seamless monitoring, financial institutions generally rely on detection and response tools such as SIEM and EDR systems. The alarm messages generated by these systems are usually processed by the analyst team in the Security Operations Center (SOC). In order to be able to guarantee the alarm processing required by DORA both inside and outside of working hours, companies often rely on specialized external service providers. Due to the staffing of the SOCs of financial companies, the initial analysis of alarms is often outsourced in full to an MDR or co-managed SOC service provider, but an outsourcing model to cover off-peak times is also possible.
If an alarm based on the required scenario-based monitoring and anomaly detection in the log data is confirmed as a serious incident, this must be reported to the supervisory authorities within 4 hours of classification, but no later than 24 hours.
To enable this notification, the DORA article calls for the alert messages to be prioritized. SECUINFRA recommends using the risk-based alerting approach. In such an approach, the severity of the detection scenario, e.g. progress in the killchain, the criticality of the information assets, systems and user classes involved, as well as the false positive rate can be taken into account. The resulting alarm prioritization enables analysts to focus on the alarm messages that are particularly critical in the corporate context and can therefore be a key component in complying with the required reporting obligations.
SECUINFRA supports affected companies with experienced cyber defense consultants in the design and implementation of measures to meet the technical SOC and SIEM requirements stipulated by DORA. SECUINFRA also offers various services tailored to customer needs in the area of 24/7 managed and co-managed SOC operations.
