Managed Detection and Response Capabilities for DORA and NIS 2 Compliance
The information provided in this marketing post is for general informational purposes only and is not intended to be legal advice. Please be aware that reading or interacting with this content does not establish an attorney-client relationship between you and ReliaQuest or any of its representatives. This post is not a substitute for professional legal counsel tailored to your specific circumstances. ReliaQuest recommends that you seek personalized advice from a qualified attorney regarding any legal matters or concerns you may have. Reliance on any information provided in this post is solely at your own risk.
As the world becomes increasingly digitised, the risk of cyberattacks has grown exponentially. In response, governments are imposing requirements on organisations in critical sectors to standardise incident response processes and reporting to ensure uptime and recovery in the event of an incident. The Network and Information Security Directive (NIS 2) and the Digital Operational Resilience Act (DORA) are part of this effort.
Managed detection and response (MDR) providers can play a crucial role in helping organisations navigate the complex requirements of DORA and NIS 2. By leveraging advanced tools and expertise, MDRs can scale an organisation’s threat detection, investigation, and response (TDIR) processes and enhance its resilience and operational continuity in the face of cyber incidents.
What Is Network and Information Security Directive (NIS 2)?
The NIS 2 Directive is an expansion of cybersecurity rules that apply to members of the European Union. The first set of rules was introduced in 2016. This most recent iteration modernises the legal framework to reflect growth in digitisation and evolving cybersecurity threats.
The NIS 2 Directive aims to improve cybersecurity across the EU by:
- Requiring that member states are properly equipped
- Facilitating cooperation and communication among member states via an established Cooperation Group
- Fostering a culture of security across critical sectors such as energy, transport, water, banking, financial market infrastructures, healthcare, and digital infrastructure
When Does NIS 2 Go into Effect?
NIS 2 goes into effect on 17 October 2024.
Please note that NIS2 is an EU Directive, which will be adopted and enforced through the national laws of each member state (e.g., Germany’s KRITIS-Dachgesetz, Austria’s NIS-Gesetz, etc.). While meeting the deadline remains uncertain for some states, many are on track, and countries like Belgium have already adopted the law and are ready for 17 October 2024. If your organization operates across borders, you may encounter overlapping jurisdictions.
Who Does NIS 2 Apply To?
- Organisations with greater than 50 full-time employees or more than €10 million in turnover
- Operating entities in specific sectors:
| Sectors of High Criticality |
|---|
| Energy |
| Financial Market Infrastructures |
| Waste Water |
| Public Administration |
| Transport |
| Health |
| Digital Infrastructure |
| Banking |
| Drinking Water |
| ICT Service Management (B2B) |
| Space |
| Other Critical Sectors |
|---|
| Postal and Courier Services |
| Production, Processing and Distribution of Food |
| Waste Management |
| Manufacturing |
| Research |
| Manufacture, Production, and Distribution of Chemicals |
| Digital Providers |
What Are the Key Requirements of the NIS 2 Directive?
Minimum requirements include:
- Established security policies for and regular risk assessments of information systems
- Incident handling, including detection, containment, investigation, and response measures
- Business continuity plans, including backup management and disaster recovery plans
- Supply-chain security between the entity and its suppliers or service providers
- Policies and procedures to evaluate the effectiveness of cybersecurity measures
- Policies and procedures for the use of cryptography and data encryption
- Secure acquisition, development, and operation of network and information systems, including policies for managing and reporting vulnerabilities
- Basic cybersecurity training
- Security around human resources, access control policies, and asset management
- Multifactor or continuous authentication and secured communications within the entity
In the event of an incident, the affected company has 24 hours from the time they become aware of the incident to submit an initial report. Full notification is expected within 72 hours, and a final report is required no later than one month after the initial incident.
What Is the Digital Operational Resilience Act (DORA)?
The Digital Operational Resilience Act (DORA) requires financial institutions to secure its information and communication technology (ICT) using a specific set of guidelines. Ultimately, the goal of DORA is to ensure the resilience and recovery of financial institutions in the EU in the face of severe operational disruption.
Note that DORA’s provisions related to ICT risk management and reporting, digital operational resilience testing, information sharing, and third-party risk vary from those outlined in NIS 2.
When Does DORA Go into Effect?
DORA goes into effect on 17 January 2025.
Who Does DORA Apply To?
Financial entities such as banks, insurance companies, and investment firms.
What Are the Key Requirements of DORA?
- A risk management framework that establishes procedures for the assessment, control, and monitoring of risks; the prevention, detection, and management of incidents; and strategies for incident-related communications.
- Plans for incident classification and reporting to relevant authorities
- Digital operational resilience testing and proof via regular testing of system and tool key functions, with results documented and evaluated
- Supply chain risk management, including regular assessments, monitoring, and reporting
- Mandatory threat intelligence sharing
DORA mandates that financial organisations adopt systems, protocols, and tools that reliably support the entity’s data and business functions detailed in the risk management framework.
How ReliaQuest Can Help
The ReliaQuest GreyMatter security operations platform has capabilities that can help organisations build towards DORA and NIS 2 requirements. In addition to comprehensive threat detection, investigation, and response (TDIR), GreyMatter provides security program measurement and benchmarking via its Model Index.
| Regulatory Requirements | How GreyMatter Helps |
|---|---|
| Incident management and reporting | Unified threat detection, investigation and response (TDIR) capabilities; automated documentation of the entire process |
| Threat intelligence | GreyMatter Intel pulls threat intelligence from custom and open threat feeds, and the ReliaQuest Threat Research team builds detailed threat actor reports to aid in building detections and during investigation. |
| Governance, risk management, and resilience | The GreyMatter Model Index provides live security performance metrics. A dedicated customer success manager helps customers uncover areas of improvement and builds roadmaps to higher maturity. |
| Early detection | Digital risk protection monitors your attack surface as well as the dark web for potential threats. GreyMatter’s detection-at-source capability shortens the time between an incident and detection. |
| Robust incident management and prevention strategies | ReliaQuest- or customer-run threat hunts allow companies to proactively locate and eliminate lurking threats. |
| Quickly detect and respond to incident | ReliaQuest brings AI and automation to the TDIR process, shortening the mean time to resolve a security incident from hours to minutes. |
See GreyMatter in Action
Get a live demo of our security operations platform, GreyMatter, and learn how you can improve visibility, reduce complexity, and manage risk in your organization.
