What is NIS2 and does it apply to organisations in Ireland?

NIS2 (Network and Information Security Directive 2), also known as EU Directive 2022/2555, is an EU-wide cybersecurity regulation that applies to all 27 member states including Ireland. It requires essential and important entities across 18 critical sectors to implement robust cybersecurity measures, report incidents to the NCSC within 24 hours, and maintain continuous audit-ready evidence. Ireland is implementing NIS2 through the National Cyber Security Bill 2024.

What is the personal liability for CEOs and CISOs under NIS2?

NIS2 introduces direct personal accountability for senior management. CEOs, CISOs, and board members can face personal fines up to €10 million and may be held personally liable for compliance failures. This represents a significant shift from previous cybersecurity regulations.

What are the financial penalties for NIS2 non-compliance in Ireland?

Essential entities face fines up to €10 million or 2% of global annual turnover (whichever is higher). Important entities face fines up to €7 million or 1.4% of global turnover. Additionally, management can be held personally liable and face temporary bans from management positions.

How does NIS2Ireland.com help with compliance?

NIS2Ireland.com provides automated NIS2 compliance through the Enginsight platform. This includes Watchdog for asset discovery, Observer for vulnerability detection, Hacktor for automated penetration testing, Verity SIEM for log management, Active Shield IDS/IPS for threat detection, and Network Shield for micro-segmentation. All modules generate audit-ready evidence that directly maps to NIS2 Article 21 requirements.

NIS2Ireland

24×7×365 Active — German Cyber Defence Centre

Managed Detection & ResponseTechnology. People. Process.

Technology alone does not stop attacks. NIS2Ireland delivers the Enginsight unified platform backed by a 24×7 human-operated German Cyber Defence Centre — so threats are detected, validated, and contained before they become incidents.

Delivered locally across Ireland with Dublin-based account management, executive briefings, and governance support.

Assess Your Readiness

What is MDR?

Managed Detection & Response = Technology + Detection & Response + Cyber Defence Centre

MDR is not a product. It is a managed service that combines a technology platform, continuous detection capability, and a human response team — operating together under defined service levels.

Technology

The Enginsight unified platform continuously collects telemetry from endpoints, networks, and applications — generating the data the SOC needs to detect threats in real time.

Pulsar Agent
Verity SIEM
Watchdog
Observer
Active Shield
Network Shield

Detection & Response

Automated correlation and behavioural analytics identify threats. Human analysts validate, eliminate false positives, and execute active containment within defined SLAs.

Behavioural detection
MITRE ATT&CK mapping
Alert validation
Active containment
Forensic analysis

Cyber Defence Centre

A dedicated team of German security analysts operating 24×7×365. Deep expertise in threat intelligence, incident response, and the Enginsight platform.

24×7×365 coverage
Threat intelligence feeds
Proactive threat hunting
Quarterly briefings
NIS2 evidence packs

Clear Division of Responsibility

Who Does What

MDR works because responsibilities are clearly defined. No ambiguity about who is monitoring, who responds, and what your team needs to manage internally.

Responsibility	Cyber Defence Centre SOC analysts	Enginsight Platform Automated	Your Team Internal
24×7 threat monitoring & detection		—	—
Alert validation & false positive filtering		—	—
Threat hunting & proactive investigation		—	—
Active response & containment		—	—
Incident reporting support (NIS2 24h/72h)			—
Asset discovery & continuous inventory	—		—
Vulnerability detection & scoring	—		—
SIEM log collection & correlation	—		—
Automated penetration testing	—		—
Endpoint & network protection	—		—
File integrity monitoring	—		—
Business context & asset classification	—	—
Policy decisions & risk acceptance	—	—
Internal escalation & communication	—	—
Regulatory reporting to NCSC	—	—

MDR Service Priorities

Three Priorities. Every Incident. Every Time.

The German Cyber Defence Centre follows a structured, repeatable process for every confirmed security incident — prioritising containment first, then understanding, then long-term resilience.

Interrupt the Attack

Immediate containment

1.Detect active threat via SIEM correlation and behavioural analysis
2.Validate alert — eliminate false positives before escalation
3.Isolate affected assets and block attacker communications
4.Notify your team within defined SLA window

Understand & Remove the Attacker

Full forensic analysis

1.Conduct forensic analysis of attack vector and full timeline
2.Map attacker techniques to MITRE ATT&CK framework
3.Identify all affected systems and potential data exposure
4.Execute complete attacker eviction and credential reset

Improve Resilience

Hardening & evidence

1.Document full incident timeline for NIS2 regulatory reporting
2.Identify and remediate root cause vulnerabilities
3.Update detection rules and threat intelligence feeds
4.Deliver executive incident report and audit-ready evidence pack

Service Level Agreements

Defined Response Times. No Ambiguity.

Every incident category has documented SLAs governing reaction, validation, and active response — giving boards the assurance that threats are addressed within known timeframes.

Severity	Reaction	Validation	Response	Description
Critical	15 min	30 min	1 hour	Active breach, ransomware, data exfiltration in progress
High	30 min	1 hour	4 hours	Confirmed malicious activity, lateral movement detected
Medium	2 hours	4 hours	8 hours	Suspicious activity requiring investigation and validation
Low	8 hours	24 hours	48 hours	Anomalous behaviour, policy violations, informational alerts

SLAs are contractually defined. Reaction time = time from alert to analyst engagement. Response time = time from engagement to active containment action.

Platform Architecture

The Enginsight Components Behind MDR

Each component has a specific role in the MDR service chain — from data collection through to active response and evidence generation.

Pulsar Agent

Deployed on endpoints and servers. Collects process telemetry, network data, file integrity events, and vulnerability data. Executes active response actions on instruction from the SOC.

Verity SIEM

End-to-end log collection and correlation. Generates prioritised alerts for SOC analysts. Priced per asset — not per log volume — removing cost unpredictability.

Watchdog

Agentless, continuous asset discovery across your entire network — including cloud, shadow IT, and unmanaged devices. Establishes and maintains the verified asset baseline.

Hacktor

Automated penetration testing and attack simulation across all discovered assets. Continuously validates what is genuinely exploitable, not just theoretically vulnerable.

Observer

Passive network traffic analysis and protocol monitoring. Detects lateral movement, unusual data flows, and policy violations without impacting system performance.

Active Shield

IDS/IPS with behavioural detection capability. Blocks known threats automatically and surfaces anomalous activity for SOC analyst review and validation.

Network Shield

Micro-segmentation and supplier access control. Limits lateral movement, isolates critical assets, and enforces least-privilege access at the network level.

Getting Started

The Onboarding Journey

From first conversation to full 24×7 monitoring — a structured five-step process with clear milestones and no disruption to existing operations.

Scoping & Asset Baseline

Enginsight Watchdog performs full asset discovery. We establish a verified baseline of all devices, services, and software across your environment.

Sensor & Agent Deployment

Pulsar Agents deployed on endpoints and servers. Network sensors positioned for traffic visibility. SIEM configured to ingest all log sources.

SOC Onboarding & Context

German Cyber Defence Centre analysts receive your environment profile, critical asset classifications, escalation contacts, and business context.

Tuning & Baseline Learning

Behavioural baselines established over two weeks. Detection rules tuned to your environment. False positive rate significantly reduced before full activation.

24×7 Monitoring Live

Full MDR service activated. SLAs enforced. Monthly reports, quarterly executive threat briefings, and NIS2 evidence packs available on demand.

Board-Level Assurance

What MDR Means for Senior Leadership

NIS2 places direct governance obligations on boards and management teams. MDR provides the operational infrastructure to meet those obligations with documented, auditable evidence.

Evidence of Reasonable Steps

MDR generates a continuous, timestamped record of detection and response activity. This is the operational evidence NIS2 expects boards to be able to produce.

Defined Response Times

SLAs for Critical, High, Medium and Low incidents give boards documented assurance that threats will be addressed within known timeframes — not left to chance.

Human Expertise, Always On

A dedicated team of German security analysts works continuously across your environment. Boards get the expertise of a mature SOC without building one internally.

NIS2 Incident Reporting Support

The MDR service generates the forensic timeline and evidence pack required for NIS2 24-hour initial notifications and 72-hour assessments to the NCSC.

Ready to discuss MDR for your organisation?

Book an executive briefing with the NIS2Ireland team. We will walk you through the platform, the Cyber Defence Centre model, and what a deployment looks like for your environment.

Get Your Readiness Score First