Dragos enhances OT cybersecurity platform with advanced threat detection, management capabilities


Industrial cybersecurity firm Dragos announced the latest release of the Dragos Platform, an OT (operational technology) network visibility and cybersecurity platform. The updates provide industrial and critical infrastructure organizations with even deeper and enriched visibility into assets in their OT environments, streamlined workflows for threat detection and vulnerability management that allow for efficient and effective response, and integration of Dragos WorldView intelligence and Neighborhood Keeper community intelligence on current and emerging threats.

The Dragos Platform provides comprehensive OT-native cybersecurity as a non-intrusive overlay to operations environments. Updates include new local collector and file ingestion capabilities that expand data collection options for increased flexibility; also included are new filtering capabilities that create ‘powerful’ asset inventory views to answer key visibility questions for IT security and operations alike. 

The evolved integration of the Platform with Dragos’s Neighborhood Keeper and WorldView threat intelligence streamlines vulnerability management, threat detection, and response workflows to meet emerging threats like FrostyGoop and PIPEDREAM malwareUnitronics vulnerabilities; and VOLTZITE, CyberAveng3rs, and CHERNOVITE threat groups targeting OT environments.

“The latest enhancements to the Dragos Platform focus on helping industrial organizations build the most comprehensive asset inventory and implement effective protective measures against today’s intensified OT cyber threats — all without disrupting critical operations,” Jodi Schatz, chief product officer at Dragos, said in a media statement. “Dragos understands the complexity of these environments — and the growing risk — and builds that knowledge into the platform so customers can identify and protect their most critical assets with greater precision and confidence.” 

Schatz added that “customers benefit from powerful intelligence from our integrations with Dragos WorldView and Neighborhood Keeper — the largest anonymized information-sharing network used by the broader OT and intelligence community.” 

The Dragos move comes as industrial organizations worldwide are grappling with the rise of threat groups that scale attacks on widely-used technologies and common security weaknesses in OT environments, as well as a 50 percent year-over-year increase in reported ransomware attacks on these organizations. At the same time, they must balance the need for safety, quality, intellectual property protection, and financial and reputational safeguards with the competing priorities of uptime and availability of complex industrial infrastructure. 

Additionally, IT cybersecurity approaches do not adequately protect these systems; threat and vulnerability methods not tailored to OT environments can disrupt essential processes and overburden security teams with irrelevant alerts. 

Sixty-one percent of industrial organizations struggle to monitor their critical assets, limiting visibility into their risk. 

The latest updates to the Dragos Platform introduce advanced features that streamline and enhance asset inventory management and offer expanded asset enrichment with project files and data import. The new file ingest feature allows for seamless import and enrichment of asset data from existing project files or other devices, simplifying the process of maintaining a comprehensive and up-to-date asset inventory.

It also offers a new lightweight collector for enhanced monitoring that uses a containerized traffic forwarding solution. The collector operates on edge switches and routers to provide data collection for space-constrained locations deep within OT environments. It captures and processes critical data, ensuring that even the most remote assets are monitored effectively with minimal impact on operations. Dragos sensors now support Hyper-V and ESXi environments, allowing for broader deployment across different OT infrastructures.

The latest updates further enhance the Dragos ecosystem, equipping it to tackle critical OT cybersecurity challenges. To gain deeper insights into the newest version of the Dragos Platform, Dragos is offering a public webinar. During this session, Dragos will discuss how new features operationalize asset data for prioritizing and addressing vulnerabilities, as well as how the platform’s threat analytics are developed and deployed to safeguard essential operations.

The Dragos Platform’s latest enhancements also focus on turning asset data into actionable insights, enabling more effective and targeted cybersecurity measures through Dragos’ corrected severity scoring with ‘now next never’ prioritization, alternative mitigation.

The platform now introduces customizable filters that allow users to manage and analyze asset data, facilitating the identification and prioritization of assets and their vulnerabilities. It also includes automated alerts with Neighborhood Keeper trusted insights. Context of newly discovered vulnerabilities or threat activity relevant to users’ environment can be pushed through Neighborhood Keeper to their Platform console from Dragos directly or from Trusted Insight Partners, often before the vulnerabilities or threat activity are disclosed publicly.

The platform also offers added intelligence context with pivots to WorldView OT analysis. In-Platform pivots to WorldView intelligence analysis and reporting on specific vulnerabilities providing deep intelligence analysis to enable risk management.

As threats to OT environments continue to evolve, Dragos remains at the forefront of OT-specific threat detection. Over 1,000 new threat detections, vulnerabilities, and response playbooks added: The latest updates introduce over 1,000 new threat detections, addressing emerging threats such as CyberAveng3rs, FrostyGoop, and other advanced threats. The Dragos Platform’s rapid development and deployment of threat analytics enable organizations to respond swiftly to emerging threats. This capability is vital in maintaining the security and integrity of OT environments, ensuring that critical operations are protected from disruption.

The Dragos Platform’s ability to turn threat intelligence into actionable guidance for customers was most recently demonstrated in response to FrostyGoop, the ninth known ICS malware, which directly interacts with industrial control systems (ICS) using Modbus TCP over port 502, and was discovered by Dragos in April this year. 

Dragos Threat Intelligence experts quickly developed new detection analytics and response playbooks and pushed them to Platform users through a Knowledge Pack update. New to this release, opted-in organizations in Neighborhood Keeper can automatically receive these pushed content updates within their Platform instances for immediate coverage.

Earlier this month, Dragos disclosed that ransomware attacks significantly rose in the second quarter, as hacker groups recalibrated adversarial strategies. These groups demonstrated significant adaptability by rebranding and adopting new tactics, suggesting they will continue refining their operations using sophisticated methods like zero-day vulnerabilities to enhance their attacks. Data also revealed that the quarter saw a significant rise in the frequency and severity of attacks, reflecting the evolving threat landscape and the persistent risk posed by ransomware groups.

Comments