Forrester Research published its first Forrester Wave™ for Industrial Control Systems (ICS) Security Solutions, a guide for buyers considering their purchasing options in the ICS Security marketplace.
This first-of-its-kind report for ICS represents a milestone of sorts, marking the maturity and growth of the market. As a third-party research report, it provides a broad perspective across several vendors, and the more research firms that cover ICS/OT specifically the better. It’s good for the community and we applaud its release.
Forrester sought input from many in crafting the survey. The result is a very broad scope covering everything from visibility and threat detection to micro-segmentation, disaster recovery, and secure remote access, and includes all ICS security players in one survey regardless of focus.
We wanted to call attention to the survey as it is good to see this type of analysis entering the discussion and we look forward to more focused surveys in the future as has happened in the Enterprise IT security surveys breaking out various product categories.
We also wanted to take this opportunity to share our point of view on how the survey covers the market, and ways organizations can use Forrester’s scoring and weighting when mapping Forrester’s criteria to your needs.
Understanding the Forrester Wave for ICS Security
Forrester asked each vendor to submit insights about themselves across 27 criteria including protocol support, asset discovery, vulnerability management, threat detection, endpoint security, risk analytics, security analytics, security orchestration automation and response, secure remote access, product security, disaster recovery, and more. Each area was then given a weighted score in terms of the value Forrester placed on it; as an example, asset discovery was a 10% weighting whereas vulnerability risk management was a 7% weighting.
With the submitted information and a product demo provided by each company, Forrester analysts then calculated scores which gave vendors a 0, 1, 3, or 5 out of a total of 5 points in each category. The Forrester analysts then followed up with a few customers of each product to discuss their analysis and findings and gain more insight. This is a great approach overall as it allows the vendors to have a say, but validates it based on actual users of the products.
The Forrester Wave analysis does not include in-depth product testing as we’ve seen with evaluations like the MITRE Engenuity ATT&CK Evaluations for ICS, but this is a transparent and fair process for analyst evaluations.
Because customers may come to different answers based on their own weightings of different categories, Forrester offers a tool that is available for download from their website that allows you to tailor the weightings as you’d like. For example, if vulnerability management is more important to you than disaster recovery, you can change the weighting to those categories and re-calculate the scores.
Dragos applauds the transparent scoring that Forrester provides in their report. This transparency allows asset owners and operators to customize the views based on their needs.
Reviewing Dragos’s Forrester Wave Results
Dragos was listed as a “Strong Performer,” which is the second-highest qualification. While we see ourselves as a leading provider of ICS security solutions, there are decisions we’ve intentionally made around our offerings and the value we provide to our customers.
We hope people look to this survey to know where we scored best-in-class and ensure those are areas you value when engaging with Dragos.
Based on the survey results, Dragos scored highest or tied for highest in the following areas:
- Vulnerability risk management for OT
- Threat detection between the IT/OT boundary and controllers
- APIs and integrations
- Security analytics
- Security orchestration, automation, and response
- Usability
- Product security
Dragos scored the lowest (1/5) in:
- Disaster recovery and resilience
- Secure remote access
Additionally, on ICS protocol support, we scored 3 out of 5 points at the time of the survey and tied for second place, but in between the survey’s initiation and its publication, we had increased protocol coverage to qualify for a 5/5. Asset discovery and visibility is something we have invested incredibly heavily in over the last year and we believe we are as good as anyone now on the topic.
What to Expect from Dragos in the Future
We continue to double down on the areas where we scored well, not simply being satisfied with scoring 5/5 points. Dragos has long told our customers that we are here to partner with them on their journey.
We are the only vendor dedicated to OT cybersecurity that has technology, ICS security services, and ICS-dedicated threat intelligence; and, we will continue to focus on those areas. Our goal is to help customers gain visibility into their environments, their vulnerabilities, and their threats while preparing them to respond in the case of a cyber event.
Customers should know that we intentionally are not making investments in certain areas. If the Forrester Wave surveys remain broad in the future, we will continue to score low in those areas.
For example, we do not plan to add secure remote access to the Dragos Platform. Despite that, if we had a secure remote access offering we would have been listed as a Leader by the Forrester Wave scoring.
The rationale for not offering secure remote access functionality is twofold.
First, there are good secure remote access vendors on the market and Dragos is happy to partner and integrate with them. When we think about investing our resources, the team spends a lot of time determining where we can provide unique value versus what is already available in the market; secure remote access is not an area where our talents and resources are best spent in our opinion, nor would it return the most value to our clients.
Second, remote access is one of the top attack vectors into ICS networks. Everything we do at Dragos is guided by determining what’s right for our customers even if there are sales and analyst survey opportunities that would benefit the company. For us, it does not make sense to have the developer of the platform that provides the crown jewel insights in your networks (visibility, threat detection, vulnerability management, and response with all the insights across your environment) to be paired with the #1 attack vector into that environment.
Simply put, between focus and risk we have decided that we will integrate with best-in-class remote access vendors but not develop the solution ourselves as it could open our customers to additional risk.
How to Use the Forrester Wave ICS Security Solutions Survey
In our opinion, the best way to use the survey is to leverage it in conversation with the vendors you are engaging with. Ask them why they think they scored highly where they did and determine where they scored lowest and have a conversation about it.
Forrester did a great job with the survey, but it’s just that – a survey. Customers need to dig one layer deeper with their vendors, but this is a great starting place.
Additionally, you should determine what problems you are trying to solve for and what you want from your vendor. Because of Forrester’s transparency on the scoring process in the report, you can tailor the fields you care about or don’t care about and see how the vendors line up with each other.
Access the full guide now, complements of Dragos.
In Summary
This first release of the Forrester Wave for ICS Security is validation and evidence of the growth in the market. We appreciate the transparency that Forrester provided in the survey and hope overall the survey drives a conversation in the market between customers and their vendors.
As Forrester says in the report, “Dragos is best for critical infrastructure asset owners globally…” We agree. No matter where you are on your OT cybersecurity journey, we welcome the opportunity to discuss how we can help. Connect with us at dragos.com/contact to learn more.
Ready to put your insights into action?
Take the next steps and contact our team today.