Learn How Network Observability Can Help Your Organization to Be DORA Compliant

We recently worked on an RFP for a customer whose primary driver was compliance with the new Digital Operational Resilience Act (DORA) regulations. The project aimed to make financial services more reliable and secure, protecting both consumers and the technology provider.

Helping with this RFP was a rewarding learning experience due to this effort’s high priority and the key challenges faced by this organization. This article will give you an overview of how DX NetOps can enable your business to address the core requirements of operational resilience for critical information and communication technology (ICT) systems in the network area.

But first, the basics:

What is DORA?

This EU regulation, which went into effect in January 2025, ensures that financial institutions (banks, insurers, and investment firms) can operate smoothly, even during disruptions like cyberattacks and technology failures.

Does DORA apply to me?

DORA applies to any company (including non-EU companies) that has contractual arrangements with EU financial entities. This includes US ICT third-party service providers, such as cloud providers and cybersecurity firms, that serve EU-based financial organizations.

What is the difference between DORA and GDPR?

Both are EU regulations, but they have different scopes and objectives. While DORA focuses on the resilience of digital systems in financial services, GDPR is centered on safeguarding personal data and privacy across all sectors. Although they overlap in incident reporting and third-party risk, their core objectives and scopes are distinct.

Learn more about DORA and the cost of non-compliance with this standard.

How Network Observability by Broadcom aligns with DORA

Figure 1: DORA coverage areas

1. ICT risk management

DX NetOps capabilities, such as predictive analysis, anomaly detection, and dependency mapping between network devices, can help teams identify, classify, and manage risks across the network. For instance, proactive insights can enable your organization to predict and mitigate risks to ICT systems, ensuring continuous availability and performance.

2. ICT third-party risk management

AppNeta has advanced capabilities for monitoring the performance and availability of third-party service providers integrated into your network, validating that they meet SLAs and your organization’s resilience and security standards.

3. Digital operational and resilience testing

DX NetOps features performance baselines and stress testing capabilities that are key in helping teams meet these objectives:

• Establish normal operating baselines and detect anomalies if the network does not meet operational and resilience thresholds.
• Test and monitor the network's resilience under various scenarios, such as high-traffic or failure conditions.

4. ICT-related incidents

DX NetOps offers advanced and proactive alerting mechanisms to detect incidents in real-time and to reduce mean time to repair (MTTR). It can also generate incident reports with information about the root cause and nature of the issue, its impact, and suggested remediation actions. These reports and dashboards facilitate compliance as they can be aligned with DORA requirements.

5. Information sharing

DX NetOps represents a single platform that consolidates all relevant network data, centralizing data collection and insights. Then, to foster collaborative resilience and compliance, it offers data-sharing capabilities by integrating with security ecosystems and automation platforms through APIs or Kafka. This capability enables users to export performance data, incidents, and insights into security information and event management (SIEM) solutions.

6. Oversight of critical third-party providers

DX NetOps, together with AppNeta, helps organizations establish a unified NOC for managing service levels across various network environments, including third-party domains out of their control, such as public networks, modern network architectures like SD-WAN, secure access service edge (SASE), and ISP networks. This end-to-end network operations coverage is critical for every organization that relies extensively on digital services and communications.

Conclusion

This mapping, laid out during the RFP work, demonstrates how Network Observability by Broadcom can support compliance with DORA’s key areas, helping organizations enhance their operational resilience and meet regulatory requirements. I hope it has been helpful reading and that your organization is now better equipped to improve its operational resilience and navigate the DORA guidelines.