TIBER-EU Penetration Testing Providers
Threat Intelligence-Based Ethical Red Teaming (EU) · Europe
TIBER-EU is the European framework for intelligence-led red teaming of financial entities, developed by the European Central Bank. It provides a standardised approach to threat-led penetration testing (TLPT) that simulates the tactics, techniques, and procedures of real threat actors targeting specific financial institutions.
TIBER-EU tests are conducted by specialist red team providers using bespoke threat intelligence to simulate realistic attack scenarios against live production systems. The framework requires a Threat Intelligence provider to produce a targeted threat report, which informs the Red Team's attack plan. Tests cover people, processes, and technology across the full kill chain.
TIBER-EU has been adopted across EU member states and forms the basis of DORA's TLPT requirements. Financial institutions designated as significant by their national competent authority are required to undergo TIBER-EU-based testing. The framework's rigour makes it one of the most demanding pen testing engagements available.
Thales Cyber Solutions
Cybersecurity division of the Thales Group, with ANSSI, CREST, FedRAMP 3PAO, and NATO-cleared personnel. Defence, government, and critical infrastructure penetration testing worldwide.
WithSecure
Helsinki-headquartered Finnish cybersecurity firm with roots dating to 1988, offering CREST-accredited penetration testing and deep expertise in EU regulatory compliance including GDPR, NIS 2, and TIBER-EU.
Kroll
Global risk advisory firm with a 400+ person cyber practice. IR-led penetration testing that feeds active breach intelligence straight into test scoping.
Airbus Protect
Airbus group cybersecurity consultancy with ANSSI PASSI qualification. Aerospace, defence, and critical infrastructure penetration testing across Europe.
TIBER-EU FAQs
What is the difference between TIBER-EU and DORA TLPT?+
DORA's TLPT requirements are based on the TIBER-EU framework. TIBER-EU provides the methodology, while DORA makes threat-led penetration testing a legal requirement for significant financial entities in the EU.
Who performs TIBER-EU tests?+
TIBER-EU requires specialist red team providers with advanced adversary simulation capabilities. In many jurisdictions, providers must be pre-approved or meet specific qualification criteria set by the national competent authority.
How long does a TIBER-EU engagement take?+
A full TIBER-EU engagement typically takes 6-12 months from initiation to closure, including threat intelligence gathering, red team execution, and remediation validation.