Why DORA Makes MTTR the Board’s Business
Based on our reading, the Digital Operational Resilience Act (DORA), is at a fundamental level, a transformative ICT challenge.
DORA makes the speed and accuracy of security threat detection and response a board-level concern. Fail to stop, classify and report on cyber incidents accurately and, from 2025 onwards, your organisation could face a fine of 1% of global turnover.
Before GDPR, How Many Executives Knew What a Cookie Was?
Our forecast is that DORA will do to cybersecurity what the General Data Protection Regulation (GDPR) did to data.
DORA will take the nuances of threat detection and response out of the background and put the things security teams deal with daily on everyone's radar.
The upside for security and IT teams is that DORA might be the catalyst for fixing a broken security operations model. By broken, we mean a model where tiny security teams have to fight against floods of alerts, wrestle with disconnected security systems to figure out basic things, and fight tooth and nail for the headcount they need.
DORA will make security tooling an important part of a business's future instead of a necessary but regretted expense. Siloed tool stacks with different layers of endpoint detection and response (EDR), network detection and response (NDR), antivirus (AV), next-gen antivirus (NGAV), security information and event management (SIEM), etc., will not allow security teams to respond with the speed that DORA requires.
Financial entities are, by their nature, highly risk-intolerant. When DORA becomes law and impacts almost every financial organisation with EU-based customers (including many in the UK), relying on a “traditional” SOC, whether outsourced or in-house, will be too dangerous for any switched-on executive team to tolerate.
What DORA Impacted Organisations Need
A three-point laundry list for security tooling needed for DORA compliance would read something like this:
Advanced threat detection and response capabilities. Ideally, a solution set that would combine heuristics, machine learning, and a wide variety of data inputs to spot zero days, malicious insiders, and persistent threats.
Rich data from everywhere in the environment. The cloud, endpoints, network traffic and more all in a single pane of glass. Everything would be enriched and combined natively so security teams didn't have to connect the dots to find complex threats.
Automation and AI. Not just in threat response but also in reporting, so that, for example, when a suspected exfiltration event happens, the endpoint involved is isolated automatically, all connected information logged and matched to potential MITRE ATT&CK tactics techniques and procedures (TTPs), and, if wanted, turned into an event narrative by an LLM. AI is also there to learn what false positives are and filter them out before burdening the SOC team.
If a DORA covered organisation can get these three capabilities in play, either through a self-managed solution or a managed detection and response (MDR) service, it can be assured that it will, at the very least, meet DORA’s risk framework and reporting requirements.
These capabilities will also allow the kind of testing DORA requires some organisations to undergo to take place smoothly and efficiently.
Finding a DORA Compliant Security Platform
It shouldn’t, and under DORA it can't, take days or even weeks to fully understand security incidents.
SenseOn’s security platform is how more organisations are enriching the data they get from their IT environments to the level they need to be DORA compliant.
SenseOn allows financial entities to meet DORA incident detection, response, and reporting requirements without increasing their security headcount or bringing in specialist security engineering talent.
Deployable as a self-managed solution, an MDR service, or a 24/7 outsourced SOC, SenseOn can help your organisation get “DORA ready.”