- February 14, 2018
February 14, 2018—Industrial cybersecurity company Dragos announced that Dragos Platform 1.2, the latest version of its industrial cybersecurity platform, is now available to all Dragos Platform customers. The Dragos Platform contains capabilities to gain visibility into industrial networks, monitor them for threats, and perform investigations to counter adversaries. Dragos’ technology goes beyond analyzing network traffic to also collecting, storing, and correlating logs and data from host systems, logic controllers, and data historians. Dragos Platform 1.2 builds upon the foundation established in the initial Dragos Platform release, to codify and integrate the knowledge of boots on the ground expertise and an intelligence-driven approach with software technology. With Dragos Platform 1.2, customers will continually gain access to this knowledge through regular releases of content packs containing new threat behavior analytics and investigation playbooks.
Threat behavior analytics is a form of detection focused on adversary tradecraft that is massively more scalable and efficient than detections based on specific tools and technical indicators. Dragos Platform threat behavior analytics work to enable the analyst to know what is occurring and what to do next. These threat behavior analytics are created by Dragos’ intelligence team specialists who constantly monitor for and analyze new threats in addition to greatly furthering the community’s understanding of major threats and incidents such as the CRASHOVERRIDE and TRISIS malware.
Each threat behavior analytic in the Dragos Platform is paired with an investigation playbook created by the Dragos’ threat operations center. This “what would Dragos do” styled playbook contains step-by-step guides for customers to follow for each specific alert and automatically correlates and delivers appropriate datasets for the analyst.
Threat hunting is a key strategy for reducing adversary dwell time and the corresponding safety, financial, regulatory or reputational risks that could accompany a serious incident, but is often a challenge for resource-stretched security teams. Even before the Dragos Platform detects a threat, investigation playbooks can be used as a guide to facilitate efficient, proactive hunting of hidden threats by security teams. These threat hunts use the hypothesis created by the Dragos threat operations team that went into creating the playbook and educates the user as to why they are performing the hunt.
Dragos ICS WorldView is an industrial cybersecurity product exclusively focused on cyber threat intelligence. These weekly reports contain insights into threats, adversaries, and indicators of compromise, as well as context and recommended actions for industrial security professionals. These IOCs, and those from other sources, can now be imported directly into the Dragos Platform and security teams can execute IOC sweeps across the data as a scoping and forensics tool while facilitating community information sharing.