Executive Summary: New integration with the Dragos Platform for OT network monitoring and visibility and Swimlane Turbine enables customers to automate threat detection and enrichment across both IT and OT environments.
The growing cyber threat landscape across industrial sectors emphasizes the need for organizations to understand their networks and enhance visibility across critical systems. While Security Operations Center (SOC) functions are expanding to include more industrial control systems (ICS) and operational technology (OT), significant gaps remain in OT-specific visibility, staffing, and education across enterprise IT. OT security program capabilities are less mature than their IT counterparts, particularly in identifying, containing, and eradicating threats in the OT environments and overall incident response.
Adversaries targeting OT often leverage connectivity from the enterprise networks to pivot into industrial networks. As SOCs expand into OT environments, they must determine how to increase visibility into these networks and what services will be performed by an OT-capable SOC. Cybersecurity analysts not only need to understand what IT and OT threats exist but also implement a program to detect and respond to them as quickly as possible. It is imperative that security teams get the maximum value out of existing cybersecurity technology investments by integrating complementary platforms that help provide more holistic visibility and case management. This strategy will improve cybersecurity operations efficiencies and reduce costs on new technology investments.
Solving the OT-IT Cybersecurity Gap with Centralized Case and Vulnerability Management
Fortunately, today’s industrial organizations can now reduce their mean time to recover (MTTR) to emerging threats by leveraging a highly customizable and approachable, security automation platform that centralizes IT and OT threat detection, remediation, and case management into a centralized system of record.
Together, Swimlane Turbine, an AI-enabled low-code security automation platform, and the Dragos OT Cybersecurity Platform allow users to utilize both IT and OT visibility and enrichment into a single system. This integration is designed to streamline vulnerability management and simplify collaboration with IT through automated asset enrichment, notifications triage, incident escalation/response, and vulnerability triage.
The Dragos Platform provides Turbine users comprehensive asset visibility, vulnerability management, and the industry’s most effective threat detection in ICS and OT environments. By analyzing a broad range of data sources, including protocols, and network traffic, it rapidly pinpoints threats with reduced false positives. The Platform offers in-depth contextual alerts, enriched risk scores, and prioritized guidance that allows customers to manage the full lifecycle of specific vulnerabilities in their environment, showing historical disposition – through continuous, automated collection and analysis. This approach ensures a high level of preparedness and protection against operational threats, safeguarding critical processes and infrastructure.
By leveraging this powerful integration, customers can unlock a wealth of innovations, including:
- Centralized Case Management – Provides a unified view of IT/OT assets, including context-rich ICS/OT asset visibility from the Dragos Platform that analyzes multiple data sources including protocols, network traffic, asset characterizations and anomalies, enabling analysts to focus on strategic decision-making instead of manual data collection.
- Vulnerability Management – Provides corrected, enriched, prioritized guidance that allows for full vulnerability lifecycle management. This offers a clear track to resolution, allowing teams to monitor progress, manage vulnerabilities over their lifecycle, through continuous, automated collection and analysis to maintain a stance of resilience against threats in the real world.
- IOC Enrichment – Supports the sharing of native and historical indicators of compromise (IOC) within IT and OT environments, including Dragos’s curated and exclusive OT IOCs scanned for digital fingerprints left by known threats, alerting you to the presence of intruders based on evidence and facts. Native correlation enables analysts to see how previous cases with the same IOCs were resolved, providing insights to triage threats and to enable recognition of persistent threats over time.
- Threat Detection and Response – Enables analysts to respond to threats in near real-time with notification triage through either an automated response, via a single-click triage action, or by leveraging Dragos’s playbook-guided responses, providing organizations step-by-step OT recommendations. Giving OT security operation teams early detection information to help reduce the risk of sophisticated breaches.
With Turbine’s ability to automatically ingest data from any connected tool, users now have a centralized case management view of the Dragos Platform’s context-rich ICS/OT asset inventory, detections, and vulnerabilities. Turbine also enables automated enrichment, prioritized guidance to triage threats, operational efficiency with dynamic notification ingestion, and enhanced reporting. All these features add value across the organization’s security posture and equate to faster, more accurate response within IT and OT operations.
The new integration between Swimlane Turbine and the Dragos Platform enables industrial organizations to automate threat detection and enrichment across both IT and OT environments, leveraging artificial intelligence (AI) for synchronized response. For additional information, see Swimlane’s press announcement.
Learn more about the Dragos partnership with Swimlane today.
Learn MoreReady to put your insights into action?
Take the next steps and contact our team today.