What is NIS2 and does it apply to organisations in Ireland?

NIS2 (Network and Information Security Directive 2), also known as EU Directive 2022/2555, is an EU-wide cybersecurity regulation that applies to all 27 member states including Ireland. It requires essential and important entities across 18 critical sectors to implement robust cybersecurity measures, report incidents to the NCSC within 24 hours, and maintain continuous audit-ready evidence. Ireland is implementing NIS2 through the National Cyber Security Bill 2024.

What is the personal liability for CEOs and CISOs under NIS2?

NIS2 introduces direct personal accountability for senior management. CEOs, CISOs, and board members can face personal fines up to €10 million and may be held personally liable for compliance failures. This represents a significant shift from previous cybersecurity regulations.

What are the financial penalties for NIS2 non-compliance in Ireland?

Essential entities face fines up to €10 million or 2% of global annual turnover (whichever is higher). Important entities face fines up to €7 million or 1.4% of global turnover. Additionally, management can be held personally liable and face temporary bans from management positions.

How does NIS2Ireland.com help with compliance?

NIS2Ireland.com provides automated NIS2 compliance through the Enginsight platform. This includes Watchdog for asset discovery, Observer for vulnerability detection, Hacktor for automated penetration testing, Verity SIEM for log management, Active Shield IDS/IPS for threat detection, and Network Shield for micro-segmentation. All modules generate audit-ready evidence that directly maps to NIS2 Article 21 requirements.

NIS2Ireland

24×7×365 Active — German Cyber Defence Centre

Managed Detection & ResponsePlatform + People + Process

Technology alone does not stop attacks. NIS2Ireland delivers Enginsight's unified cybersecurity platform backed by a 24×7 human-operated German Cyber Defence Centre — so threats are detected, validated, and contained before they become incidents.

Assess Your Readiness

What is MDR?

Managed Detection & Response = Technology + Detection & Response + Cyber Defence Centre

Technology

The Enginsight unified platform continuously collects telemetry from endpoints, networks, and applications — generating the data the SOC needs to detect threats in real time.

Pulsar Agent
Verity SIEM
Watchdog
Observer
Active Shield

Detection & Response

Automated correlation rules and behavioural analytics identify threats. Human analysts validate alerts, eliminate false positives, and execute active containment within defined SLAs.

Behavioural detection
MITRE ATT&CK mapping
Alert validation
Active containment
Forensic analysis

Cyber Defence Centre

A dedicated team of German security analysts operating 24×7×365. Experts in threat intelligence, incident response, and the Enginsight platform — providing continuous human oversight.

24×7×365 coverage
Threat intelligence feeds
Proactive threat hunting
Quarterly briefings
NIS2 evidence packs

Clear Division of Responsibility

Who Does What

MDR works because responsibilities are clearly defined. No ambiguity about who is monitoring, who responds, and what your team needs to manage.

Responsibility	Enginsight Cyber Defence Centre	Enginsight Platform	Your IT Security Team
24×7 threat monitoring & detection		—	—
Alert validation & false positive filtering		—	—
Threat hunting & proactive investigation		—	—
Active response & containment		—	—
Incident reporting (NIS2 24h/72h)			—
Asset discovery & inventory	—		—
Vulnerability detection & scoring	—		—
SIEM log collection & correlation	—		—
Automated pentesting	—		—
Endpoint & network protection	—		—
Business context & asset classification	—	—
Policy decisions & risk acceptance	—	—
Internal escalation & communication	—	—
Regulatory reporting to NCSC	—	—

MDR Service Priorities

Three Priorities. Every Incident. Every Time.

The German Cyber Defence Centre follows a structured, repeatable process for every confirmed security incident — prioritising containment, then understanding, then prevention.

Interrupt the Attack

Immediate containment

Detect active threat via SIEM correlation and behavioural analysis
Validate alert — eliminate false positives before escalation
Isolate affected assets and block attacker communication
Notify customer within defined SLA window

Understand & Remove the Attacker

Full forensic analysis

Conduct forensic analysis of attack vector and timeline
Map attacker techniques to MITRE ATT&CK framework
Identify all affected systems and potential data exposure
Execute complete attacker eviction and credential reset

Continuous Improvement

Hardening & evidence

Document full incident timeline for NIS2 regulatory reporting
Identify and remediate root cause vulnerabilities
Update detection rules and threat intelligence feeds
Deliver executive incident report and evidence pack

Service Level Agreements

Defined Response Times. Contractually Guaranteed.

Every MDR engagement includes defined SLAs for reaction, validation, and active response — tiered by incident severity. This directly supports NIS2 Article 21(b) incident handling obligations.

Severity	Reaction Time	Validation Time	Response Time	Example Scenario
Critical	30 min	30 min	1 hour	Active breach, ransomware, data exfiltration in progress
High	30 min	1 hour	4 hours	Confirmed malicious activity, lateral movement detected
Medium	2 hours	4 hours	8 hours	Suspicious activity requiring investigation and validation
Low	8 hours	24 hours	48 hours	Anomalous behaviour, policy violations, informational alerts

SLAs are measured from alert generation to first human analyst acknowledgement, validation decision, and active containment action respectively.

Platform Architecture

Enginsight Components Powering MDR

Each component in the Enginsight platform serves a specific role in the MDR detection and response chain. Together they provide complete visibility from endpoint to network to cloud.

Pulsar Agent

Endpoint telemetry collection, process monitoring, and active response execution on managed endpoints

Verity SIEM

End-to-end log collection, correlation engine, and alert generation. Asset-based pricing — not log volume

Watchdog

Automated asset discovery across network, cloud, and shadow IT. Continuous inventory with no agent required

Hacktor

Automated penetration testing and attack simulation. Continuous vulnerability validation across all assets

Observer

Passive network monitoring and protocol analysis. Detects lateral movement, unusual traffic, and policy violations

Active Shield

IDS/IPS with behavioural detection. Blocks known threats and alerts the SOC for anomalous activity

Network Shield

Micro-segmentation enforcement and supplier access control. Contains lateral movement and isolates critical assets

Onboarding

From Contract to 24×7 Coverage

A structured onboarding process ensures the platform is correctly deployed and the SOC has full context before live monitoring begins.

Scoping & Asset Baseline

Enginsight Watchdog performs full asset discovery across your environment. We establish a verified baseline of all devices, services, and software.

Sensor & Agent Deployment

Pulsar Agents deployed on endpoints. Network sensors positioned for traffic analysis. SIEM ingestion configured for all log sources.

SOC Onboarding & Context

German Cyber Defence Centre analysts receive your environment profile, critical asset classifications, and escalation contacts.

Tuning & Baseline Learning

Behavioural baselines established over 2 weeks. Detection rules tuned to your environment. False positive rate reduced before go-live.

24×7 Monitoring Live

Full MDR service activated. SLAs enforced. Monthly reports, quarterly threat briefings, and NIS2 evidence packs on demand.

NIS2 Alignment

How MDR Satisfies NIS2 Article 21 Obligations

Article 21 Requirement	MDR Contribution
21(2)(a) Risk analysis	Continuous asset discovery and vulnerability scoring provides always-current risk picture
21(2)(b) Incident handling	24×7 SOC with defined SLAs directly satisfies 24h initial notification requirement
21(2)(c) Business continuity	Rapid containment limits downtime; recovery evidence documented automatically
21(2)(d) Supply chain security	Network segmentation and supplier access monitoring via Network Shield
21(2)(f) Vulnerability management	Hacktor and Observer provide continuous CVE and misconfiguration detection
21(2)(i) Access control	Pulsar Agent and Verity SIEM log all access events with immutable audit trail

View full Article 21 controls mapping →

Ready to Move from Detection to Active Response?

NIS2Ireland is Ireland's trusted Enginsight delivery partner. Book an MDR briefing with our Dublin team to understand what 24×7 managed detection and response looks like for your organisation.

Get NIS2 Readiness Score

Ireland's trusted Enginsight GmbH delivery partner. Learn about our partnership →