Industrial cybersecurity company Dragos, Inc. today announced that Dragos Platform 1.2, the latest version of its industrial cybersecurity platform, is now available to all Dragos Platform customers. The Dragos Platform contains all the necessary capabilities to gain visibility into industrial networks, monitor them for threats, and efficiently perform investigations to counter adversaries. Unlike typical industry solutions, Dragos’ technology goes beyond just analyzing network traffic to also collecting, storing, and correlating logs and data from host systems, logic controllers, and data historians. As a result, the Dragos Platform has the most coverage and capability for correlation in the industrial threat detection market today. The broad and flexible capabilities of the Dragos Platform are designed to enable any-sized security team. Dragos Platform 1.2 builds upon the strong foundation established in the initial Dragos Platform release, the industry’s first and only to codify and integrate the knowledge of boots on the ground expertise and an intelligence-driven approach with software technology. With Dragos Platform 1.2, customers will continually gain access to this knowledge through regular releases of content packs containing new threat behavior analytics and investigation playbooks.
“The Dragos Platform software is the most technologically complete solution in the industrial cyber threat detection and response market today. The codification of my team’s knowledge gained by hunting and responding to threats enables our customers to defend their environments as if Dragos team members were there alongside them,” said Robert M. Lee, CEO and Founder of Dragos.
Key Enhancements in Dragos Platform 1.2
Content Packs Containing Threat Behavior Analytics, and Investigation Playbooks Enable Faster and More Effective Threat Investigation and Mitigation
Threat behavior analytics is a form of detection focused on adversary tradecraft that is massively more scalable and efficient than detections based on specific tools and technical indicators. Typical industry solution anomaly-detection tactics are time-consuming, requiring a baseline profile to be built and maintained for the purpose of identifying abnormalities in an industrial network, leaving the analyst to figure out the context and then what they should do about it. In contrast, Dragos Platform threat behavior analytics provide immediate value without requirements of a baseline and contain rich context, enabling the analyst to know what is occurring and what to do next. These threat behavior analytics are created by Dragos’ intelligence team specialists who constantly monitor for and analyze new threats in addition to greatly furthering the community’s understanding of major threats and incidents such as the CRASHOVERRIDE and TRISIS malware.
Each threat behavior analytic in the Dragos Platform is paired with an investigation playbook created by the Dragos’ threat operations center. This “what would Dragos do” styled playbook contains step-by-step guides for customers to follow for each specific alert and automatically correlates and delivers appropriate datasets for the analyst. This feature reduces the degree of ICS experience and expertise required of existing security practitioners to become effective in industrial environments as well as the amount of time even experienced analysts require to complete investigations.
Investigation Playbooks Facilitate Threat Hunting and Continual Training
Threat hunting is a key strategy for reducing adversary dwell time and the corresponding safety, financial, regulatory or reputational risks that could accompany a serious incident, but is often a challenge for resource-stretched security teams. Even before the Dragos Platform detects a threat, investigation playbooks can be used as a guide to facilitate efficient, proactive hunting of hidden threats by security teams. These threat hunts use the hypothesis created by the Dragos threat operations team that went into creating the playbook and educates the user as to why they are performing the hunt. Dragos playbooks facilitate the proactive defense that is widely viewed as an industrial cybersecurity best practice and imparts the knowledge of the Dragos team as a form of continual training to ICS defenders.
Indicators of Compromise (IOC) Import from Dragos ICS WorldView Cyber Threat Intelligence
Dragos ICS WorldView is the industrial cybersecurity industry’s only product exclusively focused on cyber threat intelligence. These weekly reports contain insights into threats, adversaries, and indicators of compromise, as well as context and recommended actions for industrial security professionals. These IOCs, and those from other sources, can now be imported directly into the Dragos Platform and security teams can execute IOC sweeps across the data as a scoping and forensics tool while facilitating community information sharing.
“The Dragos Platform provides us with a level of real-time, situational awareness and monitoring capabilities unparalleled in the industry today, which was never before possible within our Windfarm networks,” said Marc DeNarie, Chief Information Officer at NaturEner USA. “It has become an integral part of our day-to-day cybersecurity, OT network monitoring, and asset management program and has eliminated a number of manual processes while increasing our speed of incident response. A high-value system for any organization whose operations are dependent upon ICS technology, processes, and protocols.”
For more information, click here