Digital Operational Resilience Act

 

 

Endpoint Central is a trusted solution for financial entities aiming to meet DORA's stringent requirements. With its robust capabilities in ICT risk and incident management, Endpoint Central not only ensures compliance but also enhances your organization’s digital resilience.

Article

DORA Article - Summary

How Endpoint Central helps

6

ICT Risk Management Framework

1. Purpose and Scope

  • Ensure quick, efficient, and comprehensive handling of ICT risks to achieve high digital operational resilience.
  • Protect all information and ICT assets (e.g., software, hardware, data centers, premises) from risks like damage or unauthorized access.

2. Key Components

  • Include strategies, policies, procedures, ICT protocols, and tools necessary for risk management and asset protection.
  • Deploy measures to minimize ICT risk and provide updates on the framework to competent authorities when requested.

3. Governance and Oversight

  • Assign ICT risk management responsibilities to a control function with adequate independence to avoid conflicts of interest.
  • Segregate ICT risk management, control, and audit functions using the three lines of defense model or a similar internal risk management model.

4. Documentation and Review

  • Document and review the framework at least annually, after major ICT incidents, or upon supervisory requests.
  • Continuously improve the framework based on lessons learned and monitoring outcomes.
  • Submit review reports to competent authorities when requested.

5. Internal Audits

  • Conduct regular internal audits on the framework, performed by skilled and independent auditors.
  • Audit frequency and focus should align with the financial entity’s ICT risk level.
  • Establish a formal process for verifying and addressing critical audit findings in a timely manner.

6. Digital Operational Resilience Strategy

  • The framework must include a strategy outlining how ICT risk will be addressed and specific objectives achieved, including:
  • Aligning ICT risk management with the entity’s business strategy.
  • Defining ICT risk tolerance and analyzing disruption impact tolerance.
  • Setting information security objectives with performance indicators and risk metrics.
  • Explaining ICT reference architecture and required changes.
  • Detailing mechanisms to detect, prevent, and protect against ICT-related incidents.
  • Assessing resilience through incident reporting and effectiveness of preventive measures.
  • Implementing operational resilience testing (as per Chapter IV of the Regulation).
  • Defining a communication strategy for reporting ICT-related incidents.

7. Multi-Vendor Strategy

  • Financial entities may establish a multi-vendor strategy to show key dependencies on ICT third-party providers and justify their procurement choices.

8. Outsourcing Compliance Tasks

  • Entities may outsource compliance verification tasks to intra-group or external providers but remain fully responsible for ensuring compliance with ICT risk management requirements.



Endpoint Central has comprehensive reporting capability. Apart from providing deep insights about endpoint estate, it can also be used for governance and auditing purposes.

 

7

ICT Systems, Protocols, and Tools

Financial entities must use and maintain updated ICT systems, protocols, and tools to manage ICT risks. These systems must be:

1. Proportionate to Operations

  • Suitable for the scale and complexity of the entity’s activities, following the proportionality principle (Article 4).

2. Reliable

  • Dependable for supporting operational and business needs.

3. Sufficient Capacity

  • Capable of accurately processing necessary data.
  • Able to handle peak transaction volumes and accommodate new technology.

4. Technologically Resilient

  • Equipped to manage additional information processing requirements during stressed market conditions or adverse situations.


Endpoint Central uses FIPS 140-2 compliant algorithms. Users can enable FIPS mode to run their IT on a highly secure environment.

Endpoint Central's Multi- tenent, Summary Server architecture helps you enroll/ onboard more endpoints as your business grows. This architecture is also flexible for organizations that has global presence. 

Endpoint Central has multiple third-party software integrations to blend into your organization's IT seamlessly

8

Identification

As part of their ICT risk management framework, financial entities must implement the following measures to identify and manage ICT risks:

1. ICT Asset and Function Identification

  • Identify, classify, and document all ICT-supported business functions, roles, responsibilities, and their supporting information and ICT assets, including dependencies related to ICT risks.
  • Review and update classifications and documentation at least annually or as needed.

2. Risk and Threat Identification

  • Continuously identify ICT risk sources, including risks from other financial entities.
  • Assess cyber threats and vulnerabilities affecting ICT-supported business functions, information assets, and ICT assets.
  • Regularly review and update risk scenarios, at least annually.

3. Risk Assessment for Major Changes

  • Conduct risk assessments after major changes to network and information systems, processes, or procedures affecting ICT-supported business functions, information, or ICT assets.

4. Critical ICT Asset Mapping

  • Identify and map all ICT and information assets, including remote sites, network resources, and hardware.
  • Map configurations, interdependencies, and links between critical assets.

5. Third-Party Dependency Identification

  • Document all processes dependent on ICT third-party service providers.
  • Identify interconnections with providers supporting critical or important functions.

6. Inventory Management

  • Maintain and periodically update inventories of ICT assets, including after major changes.

7. Legacy ICT System Assessment

  • Conduct specific ICT risk assessments on legacy systems at least annually and before and after connecting them with new technologies, applications, or systems.

Endpoint Central uses its agents to fetch the complete details of the inventory present in your IT.

Endpoint Central provides comprehensive vulnerability management in terms of constant assessment and visibility of threats from a single console.

Apart from vulnerability assessment, it also provides built-in remediation of the vulnerabilities detected.

Refer to the types of Inventory scans leveraged by Endpoint Central for monitoring your IT.

Admins can configure Inventory Alerts in case of any unauthorized changes taking place inside your IT network.

Endpoint Central can help admins track high-risk software such as outdated software, peer-to-peer software, unsecure remote sharing software, and eliminate them.

Endpoint Central's Custom Group feature enables the admins to logically segregate critical systems of their convenience so that they can manage and secure them effectively.

With Endpoint Central's Network Access Control, admins could Quarantine the End-of-Life OS systems.
 

9

Protection and Prevention

Financial entities must implement measures to continuously monitor, control, and minimize ICT risks to ensure the security, resilience, and availability of ICT systems and data. These measures include:

1. ICT System Monitoring and Control

  • Continuously monitor and control the security and functioning of ICT systems and tools.
  • Minimize ICT risks using appropriate security tools, policies, and procedures.

2. ICT Security Policies and Tools

  • Develop and implement policies, procedures, protocols, and tools to:
  • Ensure resilience, continuity, and availability of ICT systems supporting critical functions.
  • Maintain high standards for data availability, authenticity, integrity, and confidentiality (at rest, in use, or in transit).

3. ICT Solutions and Processes

  • Use solutions and processes aligned with proportionality (Article 4) to:
  • Secure data transfers.
  • Minimize risks of data corruption, loss, unauthorized access, or technical flaws.
  • Prevent breaches of availability, authenticity, integrity, and confidentiality.
  • Protect data from risks related to poor administration, processing errors, and human mistakes.

4. Key Components of ICT Risk Management Framework

  • Information Security Policy: Define rules to protect data and ICT assets, including customer data.
  • Network and Infrastructure Management:
  • Use automated mechanisms to isolate assets during cyber-attacks.
  • Design networks to allow instant severing or segmentation to minimize contagion, especially for interconnected processes.
  • Access Control Policies: Restrict access to ICT and information assets to only legitimate and approved activities.
  • Strong Authentication:
  • Implement strong authentication based on relevant standards.
  • Protect cryptographic keys and ensure encryption is based on approved data classification and risk assessment.
  • ICT Change Management:
  • Establish risk-based policies for managing ICT changes (e.g., software, hardware, systems).
  • Ensure changes are documented, recorded, tested, approved, and implemented in a controlled manner.
  • Have specific protocols approved by appropriate management lines.
  • Patch and Update Policies: Develop comprehensive, documented policies for patches and updates.

Endpoint Central can leverage its endpoint security features such as Endpoint DLP, Browser security, Risk based Vulnerability and Patch management, Next- Gen Antivirus engine, Anti -Ransomware and mobile security capabilities.

Endpoint Central provides comprehensive patch support for Windows, Linux, and macOSs and Windows Server OS. It also can patch 1,000+ third party applications, hardware drivers, and BIOS

Endpoint Central uses FIPS 140-2 compliant algorithms. Users can enable FIPS mode to run their IT on a highly secure environment.

Endpoint Central can help admins to encrypt end-users Windows devices using its Bitlocker Management and Mac devices with FileVault encryption.

Endpoint Central comes handy for admins to configure Windows Firewall for the end-users.

SecOps can do a port audit in their environment and reduce their attack surface to a great extent, in case of zero -day exploit using Endpoint Central.

It enables secure browsing by enabling admins to enforce extensive threat protection configurations.
 
Admins can Block / Restrict their end users from downloading files (which might contain malware) from malicious websites or perhaps, accessing them.

It also has provisions for hardening web servers and fixing security misconfigurations.

Endpoint Central leverages the principle of least privilege and has a robust endpoint privilege management capability, providing for application specific privilege management and just-in-time access to the end users.

It has conditional access policies to validate authorized users to access business critical systems and data.

10

Detection

Financial entities must implement mechanisms to promptly detect anomalous activities, ICT network performance issues, and ICT-related incidents. Key requirements include:

1. Detection Mechanisms

  • Establish mechanisms to identify anomalies, potential single points of failure, and ICT-related incidents, including network performance issues.
  • Regularly test these mechanisms as per Article 25.

2. Multi-Layered Controls

  • Enable multiple layers of control within detection mechanisms.
  • Define alert thresholds and criteria to trigger ICT-related incident response processes.
  • Include automated alert mechanisms for relevant ICT incident response staff.

3. Monitoring Resources
Allocate sufficient resources and capabilities to monitor:

  • User activity.
  • ICT anomalies.
  • ICT-related incidents, especially cyber-attacks.

4. Data Reporting Service Providers
Ensure systems can:

  • Verify the completeness of trade reports.
  • Identify omissions or errors.
  • Request re-transmission of incomplete or incorrect reports.


In case of a malware attack, Endpoint Central can alert the SOC team and IT admins and enable them to quarantine the system safely. After a thorough forensic analysis, the system can be brought back to production.

Endpoint Central also guards enterprise endpoints against Ransomware and provides instant, non-erasable backup in case of a ransomware attack.

Endpoint Central can quarantine endpoints that exhibit suspicious behavior and, after a thorough forensic analysis, can be deployed back into production.

Endpoint Central also provides instant, non-erasable backup of the files in your network every three hours by leveraging Microsoft's volume shadow copy service. If a file is infected with ransomware, it can be restored with the most recent backup copy of the file.
 

11

Response and Recovery

1. ICT Business Continuity Policy

  • Develop a comprehensive ICT business continuity policy, which can be a standalone policy or part of the overall business continuity policy.
  • Ensure the policy supports critical or important functions and responds effectively to ICT-related incidents.

2. Implementation of the Policy

Implement the policy through documented arrangements, plans, and procedures to:

  • Ensure continuity of ritical functions.
  • Respond to and resolve ICT incidents quickly and effectively.
  • Activate containment measures, tailored response, and recovery procedures to prevent further damage.
  • Estimate impacts, damages, and losses from incidents.
  • Establish communication and crisis management actions to update internal staff, external stakeholders, and competent authorities as required.

3. Response and Recovery Plans

  • Implement ICT response and recovery plans subject to independent internal audit reviews for entities other than microenterprises.
  • Periodically test ICT business continuity and recovery plans, especially for critical functions outsourced to third-party service providers.

4. Business Impact Analysis (BIA)

  • Conduct a BIA to assess the potential impact of severe disruptions using quantitative and qualitative criteria.
  • Align ICT assets and services with the BIA, ensuring redundancy for all critical components.

5. Testing and Review

  • Test ICT business continuity and response plans annually or after substantive changes to critical systems
  • Include cyber-attack scenarios, switchovers, and backups in testing plans.
  • Review plans regularly based on test results, audits, and supervisory feedback.

6. Crisis Management

  • Establish a crisis management function for managing communications during activations of ICT continuity or recovery plans.

7. Record-Keeping

  • Maintain accessible records of activities before and during disruption events when plans are activated.

8. Reporting

  • For Central Securities Depositories: Provide competent authorities with results of ICT continuity tests.
  • For Other Entities: Report aggregated annual costs and losses from major ICT incidents to competent authorities upon request.

9. ESA Guidelines

  • By 17 July 2024, the European Supervisory Authorities (ESAs) will develop common guidelines for estimating aggregated costs and losses from major ICT incidents.

 

Endpoint Central also guards enterprise endpoints against Ransomware and provides instant, non-erasable backup in case of a ransomware attack.

Endpoint Central can quarantine endpoints that exhibit suspicious behavior and, after a thorough forensic analysis, can be deployed back into production.

Endpoint Central also provides instant, non-erasable backup of the files in your network every three hours by leveraging Microsoft's volume shadow copy service. If a file is infected with ransomware, it can be restored with the most recent backup copy of the file.

Endpoint Central also integrates with SIEM tools like Rapid 7, Splunk and Eventlog Analyzer,etc

12

Backup Policies, Restoration, and Recovery Procedures

Financial entities must establish and implement backup policies, restoration methods, and recovery procedures to ensure ICT systems and data can be restored with minimal downtime, disruption, or loss. Key requirements include:

1. Backup Policies and Restoration Procedures

  • Backup Policies: Define the scope of data to be backed up and the minimum frequency based on the data's criticality and confidentiality.
  • Restoration and Recovery: Develop documented procedures and methods for restoring and recovering data and systems.

2. Backup Systems

  • Set up backup systems aligned with documented policies and procedures.
  • Ensure activation of backup systems does not compromise security, availability, authenticity, integrity, or confidentiality of data.
  • Periodically test backup, restoration, and recovery procedures.

3. Secure Restoration

  • Use physically and logically segregated systems for restoring backup data to ensure protection from unauthorized access or corruption.
  • Ensure timely restoration of services using secure backup systems.
  • For Central Counterparties: Recovery plans must enable restoration of all transactions to maintain operations and complete settlement as scheduled.
  • For Data Reporting Providers: Maintain adequate resources and backup facilities to ensure continuous service availability.

4. Redundant ICT Capacities

  • For Non-Microenterprises: Maintain redundant ICT resources to meet business needs.
  • For Microenterprises: Assess the need for redundancy based on risk profiles.

5. Secondary Processing Sites (For Central Securities Depositories)

  • Maintain at least one secondary site with adequate resources, capabilities, and staffing to ensure business continuity.
  • The site must:
  • Be geographically distant from the primary site to avoid shared risks.
  • Provide continuity of critical operations at the same level or an acceptable alternative level.
  • Be immediately accessible for critical operations if the primary site becomes unavailable.

6. Recovery Time and Point Objectives

  • Define recovery time and point objectives for each function, considering its criticality and potential impact on market efficiency.
  • Ensure recovery objectives meet agreed service levels even under extreme scenarios.

7. Data Integrity Checks

  • Perform thorough checks and reconciliations during data recovery to ensure high data integrity.
  • Include consistency checks when reconstructing data from external stakeholders.



Endpoint Central also guards enterprise endpoints against Ransomware and provides instant, non-erasable backup in case of a ransomware attack.

Endpoint Central can quarantine endpoints that exhibit suspicious behavior and, after a thorough forensic analysis, can be deployed back into production.

Endpoint Central also provides instant, non-erasable backup of the files in your network every three hours by leveraging Microsoft's volume shadow copy service. If a file is infected with ransomware, it can be restored with the most recent backup copy of the file.

15

Further Harmonisation of ICT Risk Management Tools, Methods, Processes, and Policies

The European Supervisory Authorities (ESAs), through the Joint Committee and in consultation with ENISA, are tasked with developing common regulatory technical standards (RTS) to enhance ICT risk management across financial entities. These standards aim to:

1. Strengthen ICT Security Policies and Tools
Specify additional elements for ICT security policies, procedures, protocols, and tools (Article 9(2)) to:

  • Ensure network security.
  • Safeguard against intrusions and data misuse.
  • Preserve data availability, authenticity, integrity, and confidentiality using techniques like encryption.
  • Guarantee accurate and uninterrupted data transmission.

2. Enhance Access Management Controls

  • Further develop access management components (Article 9(4)(c)), including:
  • Rules for granting and revoking access rights.
  • Monitoring anomalous behavior with indicators such as network usage patterns, IT activity, and unknown devices.

3. Improve Anomaly Detection and Incident Response

  • Refine mechanisms for detecting anomalous activities (Article 10(1)) and criteria for triggering ICT incident response processes (Article 10(2)).

4. Refine Business Continuity Policies

  • Specify additional components of the ICT business continuity policy (Article 11(1)).

5. Test Business Continuity Plans

  • Enhance testing of ICT business continuity plans (Article 11(6)) to:
  • Account for scenarios of unacceptable quality or failure of critical functions.
  • Consider the impact of failures by ICT third-party providers or risks from their jurisdictions.

6. Detail Response and Recovery Plans

  • Develop additional elements for ICT response and recovery plans (Article 11(3)).

7. Standardize Review Reporting

  • Define the content and format of reports on ICT risk management framework reviews (Article 6(5)).
  • Considerations and Deadlines
  • Standards will account for the financial entity's size, risk profile, nature, scale, and complexity of operations.
  • ESAs must submit these draft RTS to the European Commission by 17 January 2024.

.

 


Endpoint Central helps in complying with RTS (Regulatory Technical Standards)on ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework

Endpoint Central also guards enterprise endpoints against Ransomware and provides instant, non-erasable backup in case of a ransomware attack.

Endpoint Central can quarantine endpoints that exhibit suspicious behavior and, after a thorough forensic analysis, can be deployed back into production.

Endpoint Central also provides instant, non-erasable backup of the files in your network every three hours by leveraging Microsoft's volume shadow copy service. If a file is infected with ransomware, it can be restored with the most recent backup copy of the file.

Endpoint Central uses FIPS 140-2 compliant algorithms. Users can enable FIPS mode to run their IT on a highly secure environment.

Endpoint Central can help admins to encrypt end-users Windows devices using its Bitlocker Management and Mac devices with FileVault encryption.

Endpoint Central enables organizations to adopt the principle of least privilege, offering robust endpoint privilege management. This includes application-specific privilege controls and just-in-time access for end users.

It enforces conditional access policies to ensure that only authorized users can access critical business systems and sensitive data.
 

16

Simplified ICT Risk Management Framework

Certain entities, including small and non-interconnected investment firms, exempted payment institutions, electronic money institutions, and small occupational retirement provision institutions, are not subject to Articles 5 to 15 of this Regulation. However, they must implement a simplified ICT risk management framework with the following requirements:

1. Key Components of the ICT Risk Management Framework

  • Framework Implementation: Develop and maintain a sound, documented ICT risk management framework to manage ICT risks comprehensively and efficiently, including protecting physical components and infrastructures.
  • Monitoring: Continuously monitor the security and functioning of all ICT systems.
  • Resilience: Use resilient, updated ICT systems, protocols, and tools to minimize ICT risks and protect data availability, authenticity, integrity, and confidentiality.
  • Incident Handling: Quickly identify and address ICT risks, anomalies, and incidents in networks and information systems.
  • Third-Party Dependencies: Identify key dependencies on ICT third-party service providers.
  • Continuity Measures: Ensure continuity of critical functions through business continuity plans and recovery measures, including backup and restoration.
  • Testing: Regularly test the continuity plans, recovery measures, and controls implemented.
  • Improvements: Incorporate test results and post-incident analyses into the ICT risk assessment process and, as needed, implement ICT security awareness and resilience training for staff and management.

2. Review and Reporting

  • Periodic Review: Document and periodically review the ICT risk management framework, especially after major ICT incidents, and continuously improve it based on monitoring and implementation outcomes.
  • Reporting: Submit reports on the framework review to the competent authority upon request.

3. Development of Regulatory Technical Standards (RTS)
The ESAs, in consultation with ENISA, will develop RTS to:

  • Define additional elements for the ICT risk management framework.
  • Specify systems, protocols, and tools for minimizing ICT risks, ensuring network security, and protecting data.
  • Refine ICT business continuity plan components.
  • Establish testing rules for business continuity plans, including scenarios of critical function failures.Standardize the content and format of ICT risk management framework review reports.

4. Deadlines and Delegation

  • ESAs will submit draft RTS to the European Commission by 17 January 2024.
  • The Commission is authorized to adopt these RTS under the relevant EU regulations.


Endpoint Central helps in complying with RTS (Regulatory Technical Standards)on ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework

The above RTS includes Simplified ICT Risk Management Framework for small and non-interconnected investment firms, exempted payment institutions, electronic money institutions, and small occupational retirement provision institutions.

Article 30 to Article 38 of this RTS comprehensively deals with the Simplified ICT Risk Management Framework.

17

ICT-Related Incident Management Process

1. Incident Management Framework

  • Define and implement processes to monitor, handle, and follow up on ICT-related incidents.dicators: Implement mechanisms to detect potential incidents early.
  • Incident Classification: Develop procedures to identify, track, log, categorize, and classify incidents based on priority, severity, and
  • Maintain records of all ICT-related incidents and significant cyber threats.
  • Ensure root causes are identified, documented, and addressed to prevent recurrence.

2. Key Components of the Incident Management Process

  • Early Warning Indicators: Implement mechanisms to detect potential incidents early.
  • Incident Classification: Develop procedures to identify, track, log, categorize, and classify incidents based on priority, severity, and service criticality (aligned with Article 18(1)).
  • Roles and Responsibilities: Assign clear roles and responsibilities for different types of incidents and scenarios.

Communication Plans:

  • Define communication procedures for staff, external stakeholders, clients, and the media, in line with Article 14.
  • Include internal escalation protocols and processes for handling customer complaints.
  • Share relevant information with counterparties, as appropriate.
  • Reporting to Management:
  • Ensure senior management is informed about major ICT incidents.
  • Report to the management body on major incidents, detailing impacts, response measures, and additional controls to prevent future occurrences

Response Procedures:

  • Establish procedures to mitigate impacts and restore services securely and promptly.
     


In case of a suspicious event recorded into you IT network, following details will be sent to your Network Administrator/ SOC team

Attack Details:

Detection Time -

Reported Time -

Attack Status -

Agent Action -

Attack Criticality - Low/ Medium/High

Detection Source - Behaviour Engine

Image Path -

Process Name -

SHA256 -

Command -

Endpoint Details:

Endpoint Name -

Domain Name -

Endpoint Status -

Endpoint Version -

Activated Time -

Last Contact Time -
 

 

    

 

Trusted by