Dragos Platform

Additional Info

CompanyDragos
Websitehttps://dragos.com
Company size (employees)50 to 99
Type of solutionHybrid

Overview

The Dragos ICS threat detection and response Platform is the most technologically complete solution in the industrial cyber threat detection and response market today. It provides security teams with unprecedented knowledge of their industrial control system (ICS) assets and activity, the threats and adversaries they face, and the tools and knowledge to defend against them. It is the industry’s first and only solution to codify and integrate the knowledge of the industry’s most trusted ICS security experts and an intelligence-driven approach with software technology. When you deploy the Dragos Platform, you get not only the features and benefits of advanced software, you get the transfer of knowledge from Dragos Threat Intelligence, Threat Hunting, and Incident Response teams that is integrated right into the Platform. This means that OT security teams have the ability to independently respond through the investigation and response guidance provided through the product’s playbooks.

The Dragos Platform provides all of the necessary capabilities to gain visibility into industrial networks across the entire industrial cybersecurity framework. It operates as a security incident and event management (SIEM) solution, purpose built for industrial environments, and can be deployed in a security operations center (SOC) model. It is modularly designed so that it can be deployed in whole or in parts to address both immediate and longer-term needs.

How we are different

1. Content Packs Containing Threat-Behavior Analytics; Investigation Playbooks Enable Faster and More Effective Threat Investigation and Mitigation. Typical industry solution anomaly-detection tactics are time-consuming, requiring a baseline profile be built and maintained to identify abnormalities in industrial networks and leaving analysts to figure out the context and response. In contrast, Dragos Platform threat-behavior analytics provide immediate value without requiring a baseline and contain rich context, enabling the analyst to know what’s occurring and how to respond.
Each threat-behavior analytic is paired with an investigation playbook created by Dragos' threat operations center. This "what would Dragos do" playbook contains step-by-step guides for each alert, reducing the degree of ICS experience and expertise required to become effective in industrial environments as well as the amount of time experienced analysts require to complete investigations.
2. Investigation Playbooks Facilitate Threat Hunting and Continual Training. Threat hunting is a key strategy for reducing adversary dwell time and the corresponding risks that accompany serious incidents, but is often a challenge for resource-stretched security teams. Even before the Dragos Platform detects a threat, investigation playbooks can be used as a guide to facilitate efficient, proactive hunting of hidden threats. Dragos playbooks facilitate the proactive defense that’s widely viewed as an industrial cybersecurity best practice and imparts the Dragos’ team knowledge as a form of continual training to ICS defenders.
3. Indicators of Compromise (IOC) Import from Dragos ICS WorldView Cyber Threat Intelligence. Dragos ICS WorldView is the industrial cybersecurity industry's only product exclusively focused on cyber threat intelligence. These weekly reports contain insights into threats, adversaries, and indicators of compromise, as well as context and recommended actions for industrial security professionals. These IOCs—and those from other sources—can be imported directly into the Dragos Platform. Security teams can execute IOC sweeps across the data while facilitating community information sharing.