® 
TIBER-EU
Definition
TIBER-EU (Threat Intelligence-Based Ethical Red Teaming) is a European framework for conducting advanced cyberattack simulations on financial institutions. DORA mandates TIBER-EU tests for large financial institutions.
TIBER-EU (Threat Intelligence-Based Ethical Red Teaming) is a European framework for conducting advanced cyberattack simulations on financial institutions based on current threat intelligence. The framework was developed by the European Central Bank (ECB) and is mandated under DORA for large EU financial institutions.
How does TIBER-EU work?
A TIBER-EU test simulates a realistic cyberattack on a financial institution's production environment, executed by certified red teams based on current threat intelligence. The process involves three phases: The Threat Intelligence phase where a certified provider gathers information about the organisation's attack surface and relevant threat actors. The Red Team phase where certified red teamers execute a realistic attack on the production environment aiming to reach critical functions. The Blue Team detects and responds without advance knowledge. The Purple Team phase evaluates results and identifies improvements.
Difference from regular pentests
TIBER-EU goes beyond regular pentests: it tests the production environment with realistic threat scenarios based on current intelligence rather than a bounded scope with predefined limitations.
Impact on organisations
DORA mandates TIBER-EU tests for large financial institutions in the EU. Results are shared with the supervisor.
Protection
TIBER-EU tests identify actual exposures and detection gaps. Findings are translated into concrete improvement measures.
How DEFION helps
DEFION conducts TIBER-EU-compliant Red Teaming engagements for financial institutions, delivering both the Threat Intelligence and Red Team phases.