Skip links

Threat Intelligence and Automated Penetration Testing for Achieving DORA Compliance: event organized by Safetech Innovations, Picus Security and KELA

Author
Published on:
Published in: Company News

Threat Intelligence and Automated Penetration Testing for Achieving DORA Compliance: event organized by Safetech Innovations, Picus Security and KELA

Safetech recently organized, in cooperation with its partners Picus Security and KELA, an event dedicated to organizations in the financial sector, with the theme “Threat Intelligence and Automated Penetration Testing for achieving DORA compliance”. The event provided not only context on the regulation, but also technical demonstrations on how the solutions of the two suppliers can be concretely applied in the process of aligning with the requirements of the EU DORA Regulation.

Picus Security: Continuous validation, not just occasional audit

Represented by İshak Çelikkanat, Lead Solution Architect, Picus Security presented a Security Validation platform built around the five pillars of DORA:

  1. ICT (Information and Communication Technologies) Risk Management – The platform continuously evaluates the effectiveness of security controls against real threats, with measurable and dynamic results.
  2. Incident Reporting – Through attack simulations, organizations can clearly understand where incidents may occur and preemptively document these risks.
  3. Operational Resilience Testing – The platform performs automated tests based on real threats, including TLPT (Threat-Led Penetration Testing).
  4. Third-Party Risk Management – The Picus platform analyzes the risks that vulnerable integrations can introduce.
  5. Information Sharing – The platform generates threat intelligence that is easy to share between teams and entities, in the spirit of transparency required by DORA.

The presentation was followed by a live demonstration of the Picus solution, which highlighted the following capabilities for continuous testing and performing attack simulations tailored to each customer’s environment:

  • Simulations of real attacks (phishing, infected attachments) without agents installed throughout the infrastructure,
  • Assessment of cyber hygiene and resilience, based on evidence,
  • Incident reporting and risk prioritization in a unified dashboard,
  • Integration with systems such as Splunk, QRadar, Microsoft Defender,
  • Detailed reports including criticality scores and recommendations for fixing vulnerabilities for rapid action.

“The Picus platform allows a contextual approach and the development of realistic simulations, adapted to each client’s environment. Also, through the criticality score that underpins each action proposed by the platform, customers can focus on solving problems according to their severity and real impact,”, said İshak Çelikkanat.

KELA: Real-time Threat Intelligence and Underground Visibility

The presentation by Dave Gill, EMEA Partner Director at KELA, highlighted the massive problem of compromised credentials – critical vectors in attacks on the financial sector.

The KELA representative said that globally there are over 60+ billion credentials collected, and in Romania, according to KELA data, over 60,000 machines (servers and PCs) are infected with infostealers, with 4.5 million credentials being stolen.

“We are seeing a 71% annual increase in attacks based on credential theft or compromise, and security breaches caused by third-party integrations have increased threefold in the last three years. Equally worrying is the fact that such attacks have become easy to exploit by cybercrime actors without technical training”, said Dave Gill.

The presentation nuanced that the KELA threat intelligence platform has capabilities that go beyond data visualization and are oriented towards concrete action:

  • Real-time monitoring of the dark web, Telegram, forums and underground marketplaces,
  • Identification of compromised credentials – including information on recurrence and severity,
  • Evaluation of the partner ecosystem (supply chain),
  • Customer identity protection and brand control,
  • “Identity Guard” functionalities for the protection of exposed accounts,
  • Proactive investigations: Organizations can check if their data has been exposed or offered for sale online.

A real case was also presented: an attack on a bank in the United Kingdom, generated by a vulnerability of a partner in the United States. In such a context, KELA solutions allow for supply chain investigations and associated risk assessments.

During the event, a live demonstration of a real-time threat hunting exercise was carried out. Dave Gill demonstrated how, with the help of KELA, organizations can run proactive investigations:

  • Investigating the dark web to identify if sensitive data has been exfiltrated from the organization: passwords, card data, PINs, etc.
  • Identifying specific attack patterns and exposures per employee or service,
  • Initiating an investigation based on keywords.

The conclusion of the presentation was that the KELA platform provides a risk map as well as the necessary tools to prevent, investigate and react quickly to data breaches and cybersecurity breaches.

Picus and KELA through Safetech Innovations

In closing the event, Daniel Pisaru, Sales Director, Safetech Innovations, highlighted that Safetech has intensively tested these platforms before integrating them into the portfolio and using them in its own SOC. Safetech offers both platforms both individually and integrated within Safetech’s SOC outsourcing services.
Reasons for Safetech’s choice of Picus and KELA:

  • Continuous validation of controls (Picus),
  • Actionable Threat Intelligence and Ecosystem Visibility (KELA),
  • Availability as an annual/multi-year subscription (for organizations with limited resources),
  • Integration with Safetech’s private SOC, with 10+ years of experience.

”Compliance with DORA requires understanding and managing real risks, with concrete tools, and the combination of the security validation offered by Picus and the applied intelligence brought by KELA provides exactly these tools. In an increasingly stringent regulatory climate, but also of increasingly sophisticated cyber threats, Safetech offers tested, integrated solutions available for immediate action,” concluded Daniel Pisaru.

For additional information about the Picus Security and KELA solutions and services in our portfolio, we invite you to contact us at sales @ safetech.ro or by phone +40 21 316 0565.

Powered by  GDPR Cookie Compliance
Overview of Privacy

This website uses cookies to provide you with the best user experience. Cookie information is stored in your browser and serves the purpose of recognizing you when you return to our site, as well as assisting our team in understanding which sections of the site you find more interesting and useful. For more information, you can refer to the General Information Note Regarding the processing of personal data.