Free Webinar:

When Ransomware Strikes | The Impact of Ransomware in OT Environments

Skip to main content
Blog Post

Enabling a Blended IT/OT SOC with Dragos’s Splunk OT Add-On

As industrial organizations in electric utilities, oil & gas, manufacturing, and other sectors continue towards digital transformation by expanding network connectivity and improving process efficiencies, new cybersecurity threats now target both Information Technology (IT) and Operational Technology (OT) networks.

These organizations modernizing and connecting their critical infrastructure are looking to simplify and manage visibility into both IT and OT assets, cybersecurity risks and mitigations, as well as working to improve their regulatory compliance posture, within their existing SOC (Security operations Center).

Dragos Announces New OT Add-On Integration with Splunk

To address this need, Dragos and Splunk have released a new integration that brings best-in-class OT cybersecurity into Splunk’s Enterprise Security offering. With the Dragos OT add-on and Splunk’s OT Security add-on, SOC teams can seamlessly bridge the IT/OT divide to create a comprehensive view of both your IT/OT cybersecurity posture.

This new integration brings a set of the Dragos Platform capabilities into Splunk, enhancing visibility of OT environments by providing complete asset discovery, threat detection, and vulnerability management as well as enabling effective incident response. This gives users of Splunk’s Enterprise Security in-depth and context rich ICS/OT asset visibility that analyzes multiple data sources including protocols, network traffic, data historians, host logs, asset characterizations, and anomalies to provide unmatched visibility of your ICS/OT environment.

Additionally, the Dragos Platform works to reduce alert fatigue by rapidly pinpointing malicious behavior on your ICS/OT network, providing in-depth context of alerts, and reduces false positives for unparalleled threat detection, giving customers the information needed to focus on the highest priority issues to mitigate risk, minimize downtime, and allocate cybersecurity resources where they are most needed.

Figure. Searching OT Notable Events Using the Dragos OT Add-On

Splunk Enterprise Security collects and aggregates data from multiple sources, including the Dragos Platform, allowing users to easily index, search and correlate events making it an effective tool for empowering security teams. Splunk, an analytics-driven SIEM designed to quickly detect and respond to threats, is found in SOCs as a core component for monitoring enterprise networks around the globe.

By leveraging technology from Splunk and Dragos, defenders can ensure they have maximum visibility across both IT and OT networks, improving overall threat detection, response, and mitigation time when an adverse event does occur, and speed and efficacy are key.

Learn more about the OT Add-On and the Splunk partnership.

Read next blog post

Blog

Dragos OT-CERT Providing Industrial Cybersecurity Resources for the OT Community

06.07.22

View more Blog Posts

Right Arrow

Ready to put your insights into action?

Take the next steps and contact our team today.