Article

Summary of the Article

How Endpoint Central helps

2

General Elements of ICT Security Policies, Procedures, Protocols, and Tools
Integration with ICT Risk Management Framework

Financial entities must ensure their ICT security policies, procedures, and tools are embedded within their ICT risk management framework, as required under DORA (Regulation (EU) 2022/2554). These measures should:

• Ensure network security
• Safeguard against intrusions and data misuse.
• Maintain data availability, authenticity, integrity, and confidentiality, including encryption.
• Enable accurate and timely data transmission without disruptions.
• Alignment with the Digital Operational Resilience Strategy

ICT security policies must:

• Align with the financial entity’s information security objectives, as outlined in its digital operational resilience strategy under DORA.
• Specify the date of formal approval by the management body.

Include mechanisms to:

• Monitor implementation.
• Record and manage exceptions while ensuring operational resilience.
• Responsibilities and Compliance

ICT security policies should:

• Clearly define responsibilities at all staff levels.
• Specify consequences for non-compliance (if not covered by other internal policies).
• Detail required documentation and its maintenance.
• Define segregation of duties using models like the three lines of defense to prevent conflicts of interest.
• Best Practices, Standards, and Roles

Policies must:

• Consider leading practices and standards, as defined in relevant EU regulations.
• Identify clear roles and responsibilities for developing, implementing, and maintaining ICT security measures.
• Adaptability and Periodic Review
• Policies must be reviewed periodically as per DORA requirements.

They should account for material changes, such as:

• Shifts in activities or processes.
• Changes in the cyber threat landscape.
• Updates to legal obligations.

 
Endpoint Central can leverage its endpoint security features such as Endpoint DLP, Browser security, Risk based Vulnerability and Patch management, Next- Gen Antivirus engine, Anti -Ransomware and mobile security capabilities.

In case of a malware attack, Endpoint Central can alert the SOC team and IT admins and enable them to quarantine the system safely.

Endpoint Central offers advanced data leakage prevention capabilities, enabling the detection and classification of personally identifiable information (PII).

It provides complete control over data flow within your IT environment by allowing administrators to configure policies for data transfers through cloud services and peripheral devices.

It also can containerize corporate and personal data and perform remote wipes if the device gets stolen.

3

ICT Risk Management

Risk Tolerance Approval

• Include approval of the ICT risk tolerance level as defined under DORA.

Risk Assessment Procedure

• Establish methods to assess ICT risks by identifying:
• Vulnerabilities and threats affecting business functions, ICT systems, and assets.
• Indicators to measure the likelihood and impact of these vulnerabilities and threats.

Risk Treatment Measures

• Define processes to identify, implement, and document measures to address ICT risks, ensuring they remain within approved tolerance levels.

Management of Residual Risks
For remaining risks after treatment:

• Identify and document these residual risks.
• Assign roles for accepting residual risks that exceed tolerance levels and for reviewing them annually.
• Maintain an inventory with justifications for accepted residual risks.
• Annually review accepted residual risks to assess changes, mitigation options, and whether the reasons for acceptance are still valid.

Continuous Monitoring
Monitor:

• Changes in the ICT risk and cyber threat landscape.
• Internal and external vulnerabilities.
• ICT risks to promptly detect changes affecting the entity’s risk profile.
• Adaptability to Strategic Changes
• Ensure processes account for changes in the financial entity's business strategy or digital operational resilience strategy.

Effectiveness of Risk Treatment

• Monitor the effectiveness of ICT risk treatment measures.
• Assess whether the entity's risk tolerance levels have been met.
• Identify and implement corrective actions where necessary.

 

Endpoint Central delivers robust vulnerability management by offering continuous assessment and comprehensive visibility of threats through a centralized console. Beyond vulnerability assessment, it also includes built-in tools for remediating detected vulnerabilities.

For information systems, Endpoint Central enables risk-based vulnerability management, allowing administrators to prioritize vulnerabilities using metrics such as CVSS scores, CVE impact types, patch availability, and more.

It also serves as a unified platform for IT operations and security teams to manage efficiently and secure endpoints. With role-based access control, security tasks within the IT environment can be delegated to dedicated security specialists, ensuring streamlined and focused management.

4

ICT Asset Management Policy

Financial entities must establish and implement a policy for managing ICT assets as part of their ICT security framework, in line with DORA . The policy must include:

• Lifecycle Management
• Ensure monitoring and management of the entire lifecycle of ICT assets, as identified and classified under DORA Article 8(1).

Comprehensive Record-Keeping
Financial entities must maintain records for each ICT asset, including:

• Unique identifier.
• Physical or logical location.
• Classification as per DORA Article 8(1).
• Owner identity.
• Business functions or services supported.
• ICT business continuity requirements, including recovery time and recovery point objectives.
• Exposure to external networks, including the internet.
• Links and interdependencies with other ICT assets and business functions.
• End dates for third-party support services, including regular, extended, or custom support, after which assets are no longer supported.
• Legacy Systems Risk Assessment
• Non-microenterprises must maintain additional records needed to conduct specific ICT risk assessments for legacy systems, as outlined in DORA Article 8(7).

 

Endpoint Central delivers powerful asset management capabilities for both hardware and software, offering a comprehensive inventory of computers, devices, installed hardware, software, and stored files across your network.

Its Mobile Device Management (MDM) feature enhances these capabilities by providing detailed visibility into all mobile devices within your organization.

With advanced inventory reporting, Endpoint Central streamlines audit preparation and ensures adherence to industry compliance standards.

It also allows administrators to distribute terms of use policies that include security requirements, compliance guidelines, and best practices. Furthermore, administrators can clearly communicate to users what data is collected from their devices and the specific purposes for its collection.

For auditing critical computers having sensitive applications, User Logon reports can help admins track users' access to critical endpoints.

With Endpoint Central, admins can analyze software usage duration and the number of times the software is used. With these insights, they can make informed decisions on software purchases while also determining peak usage trends in their IT.

Endpoint Central has a license management feature to assess if you have adequate software licenses for your users. Also, it allows the admins to keep a tab on soon-to-expire and expired software licenses.

Note:
ManageEngine' ServiceDesk Plus (ITSM) leverages Endpoint Central's agent for discovering endpoint related assets. For a comprehensive asset management with asset mapping, and CMDBs, ServiceDesk Plus could complete this requirement along with Endpoint Central

5

ICT Asset Management Procedure

Procedure Development

• Financial entities must create, document, and implement a procedure for managing ICT assets.

Criticality Assessment
The procedure must define criteria for assessing the criticality of information and ICT assets supporting business functions, considering:

• ICT risks associated with these functions and their dependencies on the assets.
• The impact of losing confidentiality, integrity, or availability of these assets on the entity's business processes and activities.

 
Endpoint Central provides robust asset management capabilities for both hardware and software, offering a detailed inventory of computers, devices, installed hardware, software, and stored files across your network.

In addition to delivering in-depth insights into your endpoint landscape, Endpoint Central’s advanced reporting capabilities support governance and auditing requirements.

6

Encryption and Cryptographic Controls

Financial entities must establish a policy on encryption and cryptographic controls as part of their ICT security framework, in compliance with DORA. The policy must include:

• Policy Development
• Design, document, and implement encryption and cryptographic controls based on data classification and ICT risk assessment.

Encryption Rules
Define rules for:

• Encrypting data at rest and in transit.
• Encrypting data in use, if necessary. If not feasible, process data in secure and isolated environments or apply equivalent measures to ensure confidentiality, integrity, and availability.
• Encrypting internal network connections and external traffic.
• Managing cryptographic keys, including their usage, protection, and lifecycle.
• Cryptographic Technique Selection
• Include criteria for selecting cryptographic techniques and practices based on leading standards and ICT asset classifications.
• If unable to use leading practices or reliable techniques, implement mitigation and monitoring measures to maintain resilience against cyber threats.

Updating Cryptographic Technology

• Provisions must be included for updating or changing cryptographic technology as needed to address advancements in cryptanalysis and ensure resilience against cyber threats.
• If updates are not possible, adopt mitigation and monitoring measures to maintain protection.
• Recording Mitigation Measures
• Record all mitigation and monitoring measures adopted due to limitations in adhering to leading practices or updating cryptographic technology, along with a detailed justification for these actions.

 

Endpoint Central utilizes FIPS 140-2 compliant algorithms, allowing users to enable FIPS mode for operating in a highly secure environment.

It also empowers administrators to encrypt end-users' devices by managing BitLocker for Windows systems and FileVault for Mac devices. 

 7

Cryptographic Key Management

Key Lifecycle Management

• Define processes for the entire lifecycle of cryptographic keys, including:
• Generation, renewal, storage, backup, archiving, retrieval, transmission, retirement, revocation, and destruction.

Key Protection Controls

• Implement controls to safeguard cryptographic keys from loss, unauthorized access, disclosure, or modification throughout their lifecycle, based on data classification and ICT risk assessments.

• Certificate and Device Registry
• Maintain an updated register of all certificates and certificate-storing devices, at least for ICT assets that support critical or important functions.
• Certificate Renewal
• Ensure certificates are renewed promptly before their expiration

 
Endpoint Central enables administrators to encrypt end-users' devices by managing BitLocker for Windows systems and FileVault for Mac devices.

Endpoint Central leverages SCEP protocol for certificate based authentications

 9

Capacity and Performance Management

Key Requirements

• Identifying ICT capacity needs to ensure systems can meet business requirements.
• Optimizing resources to enhance efficiency and effectiveness.

Monitoring and improving:

• Data and ICT system availability.
• ICT system efficiency.
• Prevention of capacity shortages.
• Adaptability for Specific ICT Systems

Ensure appropriate measures are in place for ICT systems with:

• Long or complex procurement or approval processes.
• High resource demands.

 
Endpoint Central helps you identify and manage high-risk software, such as outdated applications, peer-to-peer programs, and insecure remote sharing software, allowing you to eliminate potential threats effectively.

Its warranty management system provides detailed reports on hardware with expiring or expired warranties, helping you stay proactive in managing them.

With Endpoint Central, administrators can monitor software usage, including duration and frequency, enabling data-driven decisions for software procurement and identifying peak usage trends across the IT landscape.

Additionally, it helps track expiring and expired software licenses to ensure compliance and timely renewals.

Endpoint Central also includes a license management feature to evaluate whether you have sufficient software licenses to meet user requirements

 10

Vulnerability and Patch Management

1. Vulnerability Management

• Awareness and Identification
• Use trusted resources to stay updated on vulnerabilities.
• Automated Scanning
• Conduct automated vulnerability scans and assessments for ICT assets at a frequency and scope aligned with their classification and risk profile.
• Critical ICT assets must be scanned at least weekly.
• Third-Party Provider Oversight
• Verify that ICT third-party service providers handle and report vulnerabilities, including critical ones, and provide trends and statistics in a timely manner.
• Require providers to investigate vulnerabilities, determine root causes, and take mitigating actions.

Third-Party Libraries and Custom ICT Services

• Monitor third-party libraries (including open-source) and ICT services developed or customized for the entity.
• Track off-the-shelf ICT assets to the extent possible.
• Responsible Disclosure
• Establish procedures for responsibly disclosing vulnerabilities to clients, counterparties, and the public.
• Patch Prioritization
• Prioritize applying patches or other mitigation measures based on vulnerability criticality, asset classification, and risk profile.
• Monitoring and Recording
• Monitor, verify, and record the remediation of vulnerabilities.

2. Patch Management

Patch Identification

• Identify and assess available patches and updates for software and hardware, using automated tools where possible.
• Emergency Patching Procedures
• Define emergency protocols for urgent patching and updates.
• Testing and Deployment
• Test and deploy patches for ICT systems, ensuring adherence to secure development and testing requirements.

Deadlines and Escalations

• Set deadlines for patch installations and define escalation procedures if deadlines are missed.

 
Endpoint Central's lightweight agent will be deployed into your Windows, Mac and Linux endpoints and that agent will perform the vulnerability scan in your enterprise and will be posted to Endpoint Central server

Endpoint Central offers comprehensive vulnerability management with continuous assessment and real-time visibility of threats through a centralized console. In addition to vulnerability assessment, it includes built-in tools for remediating detected vulnerabilities.

For information systems, Endpoint Central enables risk-based vulnerability management, allowing administrators to prioritize vulnerabilities using metrics such as CVSS scores, CVE impact types, patch availability, and more.
It serves as a unified platform for IT operations and security teams (ITOps and SecOps) to efficiently manage and secure endpoints.

Endpoint Central offers extensive patching support for Windows, Linux, macOS, Windows Server OS, and over 1,000 third-party applications, including hardware drivers and BIOS.

It features a vulnerability age matrix and a vulnerability severity summary, providing detailed insights into the impact of patch implementation. Additionally, Endpoint Central generates comprehensive reports on vulnerable systems and missing patches across your IT environment.

To ensure smooth deployment, Endpoint Central allows IT admins to test and approve patches by first deploying them to a small group of computers before rolling them out organization-wide.

For enterprises with multi-level patch approval requirements, Endpoint Central provides low-code policy orchestration/ workflow builder (in beta) enabling customized patch approval workflows.

If a deployed patch produces undesired or unexpected outcomes, Endpoint Central also includes the ability to uninstall patches.

 11

Data and System Security

1. Access Restrictions

• Implement access controls to protect data and systems based on classification levels as per DORA Article 8(1).

2. Secure Configuration

• Define secure baseline configurations for ICT assets to minimize exposure to cyber threats.
• Regularly verify that these baselines are effectively deployed, following leading practices and techniques outlined in the Standardization Regulation.

3. Authorized Software and Devices

• Ensure only authorized software is installed on ICT systems and endpoint devices.
• Permit only authorized data storage media, systems, and devices for data transfer and storage.

4. Malicious Code Protection

• Identify and implement security measures to guard against malicious codes.

5. Portable and Private Devices
For endpoint devices, establish:

• Remote management and wiping capabilities.
• Security mechanisms that cannot be bypassed or removed without authorization.
• Use of removable storage devices only within the financial entity’s risk tolerance.

6. Data Deletion and Disposal
Define processes to:

• Securely delete data no longer required.
• Securely dispose of or decommission storage devices containing confidential information.

7. Data Loss and Leakage Prevention

• Implement security measures to prevent data loss and leakage on systems and endpoint devices.

8. Teleworking Security

• Ensure teleworking and use of private devices do not compromise ICT security.

9. Third-Party ICT Services
For ICT assets or services operated by third-party providers:

• Follow vendor-recommended settings.
• Clearly allocate roles and responsibilities between the financial entity and the provider, ensuring the financial entity retains full accountability.
• Maintain adequate in-house expertise for managing and securing the services.
• Minimize risks related to third-party infrastructure by adopting technical and organizational measures aligned with Standardisation Regulation and leading practices.
   

Endpoint Central empowers organizations to implement the principle of least privilege by providing robust endpoint privilege management. This includes application-specific privilege controls and just-in-time access for end users.

It enforces conditional access policies, ensuring that only authorized users can access critical business systems and sensitive data.

For IT administrators and security teams, Endpoint Central strengthens console security with role-based access control (RBAC) and multi-factor authentication (MFA).

Endpoint Central's Application Control module allows the admins to allowlist/ blocklist software applications in your systems.

With Endpoint Central's peripheral devices control feature, you can allow, block, or configure a set of trusted devices to access your endpoints based on the end user's role in the organization.

Endpoint Central helps admins perform remote wipes to ensure corporate data security in case a device is lost.

Endpoint Central offers advanced data leakage prevention capabilities, enabling the detection and classification of personally identifiable information (PII).

With its BYOD policies, Endpoint Central ensures a clear separation between personal and corporate data on end-user devices, maintaining privacy and security.

Endpoint Central leverages 256-bit Advanced Encryption Standard (AES) encryption protocols during remote troubleshooting operations.
 

13

Network Security Management

1. Network Segmentation and Segregation

• Separate and segment ICT systems and networks based on:
• The criticality or importance of the functions they support.
• Classification as per DORA Article 8(1).
• The risk profile of ICT assets involved.

2. Network Documentation

• Maintain detailed records of all network connections and data flows.

3. Dedicated Administration Network

• Use separate networks exclusively for managing ICT assets.

4. Network Access Controls

• Prevent and detect unauthorized device or system connections.
• Restrict endpoints not meeting security requirements.

5. Network Encryption

• Encrypt network connections across corporate, public, domestic, third-party, and wireless networks based on:
• Data classification.
• ICT risk assessments.
• Encryption requirements outlined in DORA Article 6(2).

6. Network Design and Traffic Security

• Design networks to ensure confidentiality, integrity, and availability.
• Secure traffic between internal networks and external connections, including the internet.

7. Firewall and Connection Filters

• Define roles and procedures for creating, approving, updating, and reviewing firewall rules and connection filters.
• Review rules regularly:
• At least every 6 months for ICT systems supporting critical or important functions.

8. Regular Network Reviews

• Annually review network architecture and security design for potential vulnerabilities.
• For microenterprises, conduct periodic reviews.

9. Temporary Isolation

• Implement measures to isolate subnetworks, network components, or devices when necessary.

10. Secure Configuration Baselines

• Apply secure baselines for network components and harden networks/devices according to vendor instructions, relevant standards (Standardisation Regulation), and best practices.

11. Session Management

• Limit, lock, or terminate system and remote sessions after specified periods of inactivity.

12. Network Services Agreements

• Define ICT security measures, service levels, and management requirements for all network services, whether provided by intra-group or third-party service providers.

Endpoint Central's Network Access Control allows you to quarantine unpatched systems, critical systems, or those that fail to meet compliance requirements.

Endpoint Central comes handy for admins to configure Windows Firewall for the end-users.

In case of a malware attack, Endpoint Central can alert the SOC team and IT admins and enable them to quarantine the system safely. After a thorough forensic analysis, the system can be brought back to production.

Endpoint Central helps your organization comply with 75+ CIS benchmarks

It also allows to set an application profile based on the employee's role,delineate the applications they can and cannot use, and reduce the attack surface by removing the local admin privileges.

Endpoint Central can help you with Certificate based device authentication, deploy end-users restrictions on screen capture, and prohibiting public Wi-fi connections to your corporate endpoints
 

 14

Securing information in transit

• Protect Data During Transmission: Ensure data availability, authenticity, integrity, and confidentiality with regular compliance checks.
• Prevent Leaks and Secure Transfers: Safeguard against data leaks and ensure secure exchanges with external parties.
• Maintain Confidentiality Agreements: Establish and periodically review confidentiality protocols for staff and third parties.
• These measures must be aligned with the entity's data classification and ICT risk assessment outcomes.

 
Endpoint Central offers advanced data leakage prevention capabilities, enabling the detection and classification of personally identifiable information (PII).

It provides complete control over data flow within your IT environment by allowing administrators to configure policies for data transfers through cloud services and peripheral devices.

Endpoint Central allows admins to implement file tracing to track sensitive files, especially when the users move them to external devices. Admins can also perform file shadowing operations for sensitive data whenever end-users copy or modify data in peripheral devices.
 

 21

Access Control

• Principles for Assigning Access: Access is granted based on need-to-know, need-to-use, and least privilege principles, including for remote and emergency access.
• Segregation of Duties: Prevent unjustified access to critical data by avoiding combinations of rights that could bypass controls.
• User Accountability: Limit generic/shared accounts and ensure users are identifiable in all ICT system activities.
• Restricted Access: Use controls and tools to prevent unauthorized access to ICT assets.
  
  Account Management:
• Assign roles for granting, reviewing, and revoking access.
• Provide privileged and emergency access on a need-to-use basis.
• Revoke access without delay upon employment termination or when access is no longer necessary.
• Review and update access rights periodically (at least annually for most ICT systems and every six months for critical systems).
  
  Authentication:
• Implement authentication methods based on ICT asset risk profiles.
• Use strong authentication for remote access, privileged access, and critical systems.
• Physical Access Control:
• Log and monitor authorized personnel accessing sensitive areas like data centers.
• Restrict physical access based on need-to-know and least privilege principles.
• Regularly review physical access rights and revoke unnecessary ones.
• Additional Considerations:
• Use dedicated accounts for administrative tasks, automated privilege management where feasible, and align controls with risk assessments and criticality of assets or areas.

It enforces conditional access policies to ensure that only authorized users can access critical business systems and sensitive data.

For IT administrators and security teams, Endpoint Central strengthens console security with role-based access control (RBAC) and multi-factor authentication (MFA), ensuring enhanced protection and operational efficiency.

 22

ICT-Related Incident Management Policy

Financial entities must establish a documented ICT-related incident management policy to detect, respond to, and analyze ICT-related incidents and anomalous activities. Key elements include:

• Document the Incident Management Process: Align with Article 17 of DORA to formalize the steps in managing ICT-related incidents.
  
  Relevant Contact List:
• Maintain a list of internal and external stakeholders involved in ICT operations security, focusing on:
• Cyber threat detection and monitoring.
• Detection of anomalous activities.
• Vulnerability management.
  
  Support Mechanisms:
• Implement technical, organizational, and operational mechanisms to facilitate the prompt detection and handling of anomalous activities and behaviors as per Article 23 of this Regulation.
  
  Retention of Evidence:
• Securely retain evidence of ICT-related incidents for no longer than necessary, considering the criticality of the affected functions and assets, and in compliance with retention rules under Union law.
• Establish mechanisms to analyze significant or recurring ICT-related incidents and identify patterns in their frequency and occurrence.

Apart from real-time threat detection, Endpoint Central also actively performs incident forensics so that SecOps analyze the root cause and severity of the threats.

If the next gen antivirus engine detects a suspicious behavior in endpoints, it can quarantine those endpoints and, after a thorough forensic analysis, can be deployed back into production.

Endpoint Central also provides instant, non-erasable backup of the files in your network every three hours by leveraging Microsoft's volume shadow copy service.

If a file is infected with ransomware, it can be restored with the most recent backup copy of the file.

Endpoint Central also integrates with SIEM tools like Rapid7, ManageEngine Eventlog Analyzer, Splunk, etc

 23

 Anomalous Activities Detection and ICT-Related Incident Management:

• Roles and Responsibilities: Clearly define roles for detecting and responding to ICT incidents and anomalies.
  Detection Mechanisms:
  Collect, monitor, and analyze:
• Logs (per Article 12), user reports, and ICT/business function data.
• Internal and external cyber threats based on threat intelligence.
• Notifications from ICT third-party providers on incidents affecting the financial entity.
• Identify anomalies and generate alerts for critical ICT and information assets.
• Prioritize alerts to manage incidents within specified resolution times, including outside working hours.
• Record and evaluate information about anomalies automatically or manually.
  
  Automated Alerts:
  Use tools with predefined rules to generate alerts for anomalies affecting data integrity or log completeness.
  
  Protect Recorded Data:
  Secure records of anomalous activities from tampering or unauthorized access during storage, transit, and use.
  
  Logging Requirements:
  Maintain logs for each anomaly, including:
• Date and time of occurrence and detection.
• Type of anomalous activity.
  
  Criteria for Incident Response:
• Trigger detection and response processes when:
• Malicious activities or compromises are suspected.
• Data losses affect availability, authenticity, integrity, or confidentiality.
• Transactions or operations are adversely impacted.
• ICT systems or networks are unavailable.
• Consider the criticality of affected services when responding.

 
If the next-gen antivirus engine detects a suspicious behavior in endpoints, it can quarantine those endpoints and, after a thorough forensic analysis, can be deployed back into production.

ManageEngine's Eventlog Analyzer can complement Endpoint Central and help with logging activities.  It also integrates with other SIEM tools like Rapid7,  Splunk, etc

 30

 Classification of Information Assets and ICT Assets

Articles 5 to 15 of DORA do not apply to small and non-interconnected investment firms, payment institutions, electronic money institutions, and small occupational retirement provision institutions. However, these organizations are required to implement a simplified ICT risk management framework as outlined in this Regulatory Technical Standard (RTS). Consequently, Articles 30 to 38 of this RTS are applicable to them.

1. Classification and Documentation

• Identify, classify, and document all critical or important functions, along with the information and ICT assets supporting them, including their interdependencies.
• Review and update these classifications as needed.

2. Third-Party Dependencies

• Identify all critical or important functions supported by ICT third-party service providers.
• This ensures financial entities maintain clear visibility over critical functions and their supporting assets to strengthen ICT risk management and resilience.

Endpoint Central's Custom Group feature allows the admins to logically segregate systems of their convenience so that they can manage and secure them effectively.

 31

ICT Risk Management  (for enterprises mentioned in Article 16 of DORA)
 
1. Core Components of ICT Risk Management

• Risk Tolerance Levels: Define ICT risk tolerance in line with the entity’s overall risk appetite.
• Risk Identification and Assessment: Identify and evaluate ICT risks affecting the entity.
• Mitigation Strategies: Develop strategies to address ICT risks exceeding the risk tolerance levels.
• Monitoring Effectiveness: Continuously monitor the effectiveness of these mitigation strategies.
• Change-Related Risks: Assess risks arising from:
• Major changes to ICT systems, services, processes, or procedures.
• ICT security testing results or major ICT-related incidents.

2. Periodic Risk Assessment

• Conduct and document ICT risk assessments periodically, based on the entity’s ICT risk profile.

3. Continuous Threat Monitoring

• Monitor threats and vulnerabilities impacting critical or important functions, as well as their supporting information and ICT assets.
• Regularly review risk scenarios affecting these critical or important functions.

4. Incident Response Thresholds

• Establish alert thresholds and criteria for triggering ICT-related incident response processes.

Endpoint Central delivers robust vulnerability management by offering continuous assessment and comprehensive visibility of threats through a centralized console. Beyond vulnerability assessment, it also includes built-in tools for remediating detected vulnerabilities.

For information systems, Endpoint Central enables risk-based vulnerability management, allowing administrators to prioritize vulnerabilities using metrics such as CVSS scores, CVE impact types, patch availability, and more.

It also serves as a unified platform for IT operations and security teams to efficiently manage and secure endpoints.

With role-based access control, security tasks within the IT environment can be delegated to dedicated security specialists, ensuring streamlined and focused management.

 33

 Access Control (for enterprises mentioned in Article 16 of DORA)

1. Principles of Access Control

• Manage access rights to information and ICT assets, as well as critical operational locations, based on:
• Need-to-know: Access only when necessary.
• Need-to-use: Access only for specific tasks.
• Least privilege: Minimize permissions to what is essential.
• Apply these principles to remote and emergency access as well.

2. User Accountability

• Ensure all users are identifiable for their actions within ICT systems.

3. Account Management

• Implement processes to:
• Grant, modify, or revoke access rights for user and generic accounts, including administrator accounts.
• Assign privileged, emergency, and administrator access only on a need-to-use or ad-hoc basis.
• Log these access activities as per Article 34.

4. Authentication

• Use authentication methods appropriate to:
• The classification of ICT assets (as per Article 30(1)).
• The risk profile of the assets.
• Strong authentication is required for:
• Remote access to the financial entity’s network.
• Privileged access.
• ICT assets supporting critical or important publicly available functions.

5. Periodic Access Reviews

• Regularly review access rights and revoke them when no longer necessary.

Endpoint Central empowers organizations to implement the principle of least privilege by providing robust endpoint privilege management. This includes application-specific privilege controls and just-in-time access for end users.

It enforces conditional access policies to ensure that only authorized users can access critical business systems and sensitive data.

For IT administrators and security teams, Endpoint Central strengthens console security with role-based access control (RBAC) and multi-factor authentication (MFA), ensuring enhanced protection and operational efficiency.

 34

 ICT Operations Security (for enterprises mentioned in Article 16 of DORA)

1. ICT Asset Management

• Lifecycle Monitoring: Monitor and manage the full lifecycle of ICT assets.
• Third-Party Support: Ensure ICT assets supported by third-party providers are monitored, where applicable.
• Capacity Management: Identify capacity requirements and implement measures to maintain availability, efficiency, and prevent shortages.

2. Vulnerability and Risk Management

• Vulnerability Scanning: Perform automated scans and assessments of ICT assets based on their classification (Article 30(1)) and risk profile.
• Patch Deployment: Apply patches to address identified vulnerabilities.
• Legacy Risks: Manage risks related to outdated, unsupported, or legacy ICT assets.

3. Logging and Monitoring

• Event Logging: Log activities related to:
• Logical and physical access controls.
• ICT operations, including system and network traffic.
• ICT change management.
• Ensure log details are aligned with their purpose and the ICT asset generating them.
• Anomaly Detection: Identify and analyze anomalous activities for critical ICT operations.

• Cyber Threats: Monitor up-to-date information about relevant cyber threats.
• Security Threats: Identify possible information leaks, malicious code, known vulnerabilities, and apply corresponding security updates.

 
Endpoint Central delivers powerful asset management capabilities for both hardware and software, offering a comprehensive inventory of computers, devices, installed hardware, software, and stored files across your network.

With advanced inventory reporting, Endpoint Central streamlines audit preparation and ensures adherence to industry compliance standards.

You can leverage Endpoint Central's warranty management system, which provides you with reports on hardware with soon-to-expire warranty, expired warranty, etc. so that you stay on your toes, managing them.

For information systems, Endpoint Central enables risk-based vulnerability management, allowing administrators to prioritize vulnerabilities using metrics such as CVSS scores, CVE impact types, patch availability, and more.

It serves as a unified platform for IT operations and security teams (ITOps and SecOps) to efficiently manage and secure endpoints.

Endpoint Central offers extensive patching support for Windows, Linux, macOS, Windows Server OS, and over 1,000 third-party applications, including hardware drivers and BIOS.

Endpoint Central can help you track high-risk software such as outdated software, peer-to-peer software, unsecure remote sharing software, and eliminate them.

With Endpoint Central, admins can analyze software usage duration and the number of times the software is used. With these insights, they can make informed decisions on software purchases while also determining peak usage trends in their IT.

Endpoint Central has a license management feature to assess if you have adequate software licenses for your users.

If the next-gen antivirus engine detects a suspicious behavior in endpoints, it can quarantine those endpoints and, after a thorough forensic analysis, can be deployed back into production.

Also, it allows the admins to keep a tab on soon-to-expire and expired software licenses.

 35

 Data, System, and Network Security (for enterprises mentioned in Article 16 of DORA)

1. Data Protection Measures

• Implement measures to protect data:
• In use: While being processed.
• In transit: During network transmission.
• At rest: When stored.

2. Secure Use of Devices and Media

• Establish security measures for the use of software, data storage media, systems, and endpoint devices that transfer or store the financial entity’s data.

3. Network Security

• Implement measures to:
• Prevent and detect unauthorized connections to the financial entity’s network.
• Secure network traffic between internal networks and external connections, including the internet.

4. Secure Data Transmission

• Ensure data availability, authenticity, integrity, and confidentiality during network transmissions.

5. Data Deletion and Device Disposal

• Develop processes to:
• Securely delete data that is no longer needed, whether stored on premises or externally.
• Securely dispose of or decommission data storage devices containing confidential information.

6. Teleworking Security

• Implement measures to ensure teleworking and the use of private devices do not compromise the financial entity’s ability to perform critical activities securely, adequately, and on time

Endpoint Central offers advanced data leakage prevention capabilities, enabling the detection and classification of personally identifiable information (PII).

It provides complete control over data flow within your IT environment by allowing administrators to configure policies for data transfers through cloud services and peripheral devices.

It also can containerize corporate and personal data and perform remote wipes if the device gets stolen.

It also empowers administrators to encrypt end-users' devices by managing BitLocker for Windows systems and FileVault for Mac devices.

Endpoint Central leverages 256-bit Advanced Encryption Standard (AES) encryption protocols during remote troubleshooting operations

 36

• Develop and implement a testing plan to validate ICT security measures outlined in Articles 33, 34, 35, 37, and 38.
• Incorporate threats and vulnerabilities identified through the simplified ICT risk management framework (Article 31).

• Regularly review, assess, and test ICT security measures.
• Tailor testing to the overall risk profile of the financial entity’s ICT assets.

• Monitor and evaluate test results.
• Update security measures without delay, especially for ICT systems supporting critical or important functions.

 38

• Develop, document, and implement a procedure covering all stages of ICT projects, from initiation to closure.
• Clearly define roles and responsibilities for implementing the procedure.

• Create, document, and enforce a procedure to manage changes to ICT systems.
  Ensure changes are:
• Recorded, tested, assessed, approved, implemented, and verified.
• Managed in a controlled manner with safeguards to protect the entity’s digital operational resilience
  

For multi-level patch approval requirements, Endpoint Central has low code policy orchestration, that helps enterprises build customized patch approval workflows.

Endpoint Central provides for uninstall patches if the patch deployment doesn't give desired/unexpected results.

 39