Threat-Led Penetration Testing

Simulate real-world attacks, uncover vulnerabilities, and strengthen your defenses in line with DORA requirements with guidance from Kroll's offensive security experts.

Explore Cyber and Data Resilience

Cyber Insights

Cyber Case Studies

Cyber Awards

What is Threat-Led Penetration Testing?

The new Digital Operational Resilience Act (DORA) requires significant financial entities in the EU to carry out controlled assessments – ‘Threat-Led Penetration Tests (TLPTs)- of their cyber resiliency on a regular basis. This involves an intelligence-led approach to classic red team testing that target your most critical business systems by mimicking the tactics, techniques and procedures (TTPs) of real-life threat actors. Kroll's intelligence-driven approach to TLPTs combines cutting-edge methodologies and real-world attack simulations to assess your resilience against adversaries.

What Are the Key Requirements Under the DORA Regulation?

Articles 25-27 stipulate that TLTPs take place against IT assets:
- Supporting ‘critical or important functions’ of a financial entity (including third party systems if/as appropriate).
- Using real world TTPs obtained via tailored Threat Intelligence Analysis.
- To proactively identify - and allow entities to swiftly mitigate/remediate - any weaknesses, deficiencies or gaps in their implementation of controls and counteractive measures.
TLPTs must be performed at least every 3 years if your organisation is deemed in scope by the supervising authorities.
TLPTs for DORA should be followed in accordance with the pre-existing TIBER-EU framework, with some additional considerations and aspects now also formalised and included in DORA e.g. purple team exercises are now mandatory.

How Kroll Can Help with Threat-Led Penetration Testing

Kroll is an award-winning provider of threat intelligence, penetration testing and red teaming services, conducting over 150,000 hours of security assessments every year. With more than 100 security qualifications, including CREST CRT, STAR, CC SAM and many more, we perform testing to the highest technical, legal and ethical standards.

Simulate Real-World Threats

Emulate adversarial tactics, techniques, and procedures to uncover vulnerabilities and assess your organization’s ability to detect and respond to attacks.

Show Defensible & Transparent Compliance

Achieve compliance with frameworks like DORA and TIBER-EU through structured TLPT, comprehensive reporting, and actionable evidence to support audits and attestations

Enhanced Detection & Response Capabilities

Enhance your blue team’s readiness against advanced threats through tailored attack scenarios, replay sessions, and collaborative purple team workshops designed to improve detection and response capabilities.

Get Actionable Insights & Remediation

Receive detailed, prioritized insights and remediation strategies, mapped to MITRE ATT&CK, to effectively address vulnerabilities and fortify your security posture.

Utilize the Latest Threat Intelligence

Our testing approach is fueled by the largest exposure to frontline intel from thousands of IR cases a year our testers frontline threat intelligence from handling thousands of cyber incidents every year.

Award-Winning Offensive Security Experts

Kroll is an award-winning pen testing and red teaming provider, conducting over 100,000 hours of security assessments every year, with more than 100 security qualifications across the team, including CREST CRT, STAR, CC SAM and many more.

How Threat-Led Penetration Testing Works

Our process begins with a detailed understanding and scoping of your critical business processes and supporting systems to align with compliance frameworks like DORA and TIBER-EU. Using real-world TTPs from advanced adversaries, we develop customized attack scenarios that emulate the behaviors of nation-states, cybercriminals, and insider threats.

Through controlled simulations, we test your defenses against techniques such as lateral movement, privilege escalation, and data exfiltration. Comprehensive reports provide detailed insights into attack paths, exploited vulnerabilities, and root cause analysis, with recommendations mapped to MITRE ATT&CK for prioritized remediation. Collaborative replay sessions and purple team workshops enhance your blue team’s detection and response capabilities, fostering stronger defenses through knowledge sharing. To ensure continuous improvement, we validate remediation efforts through retesting and integrate ongoing threat intelligence to keep your security posture adaptive and robust.

Why Kroll?

Real-World Threat Intelligence
With over 150,000 hours of offensive security engagements annually, Kroll leverages real-world insights from advanced adversaries, ensuring your defenses are tested against the latest TTPs observed globally.
Regulatory Expertise
Kroll ensures compliance with critical frameworks like DORA and TIBER-EU by delivering structured, auditable reports and evidence tailored to meet regulatory standards.
Tailored Testing Scenarios
Every engagement is customized to align with your unique risk landscape, critical assets, and business objectives, providing actionable and prioritized insights.
Comprehensive Reporting
Our detailed reports include root cause analysis, MITRE ATT&CK mappings, and prioritized remediation strategies to empower effective vulnerability management.
Collaborative Approach
Replay sessions and purple team workshops foster collaboration between your teams and our experts, enhancing detection and response capabilities while strengthening overall defenses.

Talk to a Kroll Expert

Kroll is ready to help, 24x7. Use the links on this page to explore our services further or speak to a Kroll expert today via our 24x7 cyber hotlines or our contact page.

Cyber Hotlines

Connect With Us

Tiernan Connolly

Managing Director

Cyber and Data Resilience

Dublin

+353 14283125 Tiernan Connolly

George Glass

Associate Managing Director

Cyber and Data Resilience

London

+44 2071478785 George Glass

Stay Ahead With Kroll

Cyber and Data Resilience

Incident response, digital forensics, breach notification, security strategy, managed security services, discovery solutions, security transformation.

Cyber and Data Resilience

Financial Services Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate, drive efficiencies and remediate operational, legal, compliance and regulatory risk.

Financial Services Compliance and Regulation

Cyber Governance and Strategy

Manage cyber risk and information security governance issues with Kroll’s defensible cyber security strategy framework.

Cyber Governance and Strategy

DORA Compliance Assessment

Are you ready for DORA compliance? Understand your gaps and build long-term digital and operational resilience.

DORA Compliance Assessment

Threat Exposure and Validation

Proactively identify your highest-risk exposures and address key gaps in your security posture. As the No. 1 Incident Response provider, Kroll leverages frontline intelligence from 3000+ IR cases a year with adversary intel from deep and dark web sources to discover unknown exposures and validate defenses.

Threat Exposure and Validation

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

24x7 Incident Response

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Cyber Risk Retainer

Explore Insights

A Phased Approach: Thoughts on EU AI Act Readiness

Cyber