In our mission to safeguard civilization, Dragos makes every effort to ensure our customers understand their unique ICS/OT environments and stay ahead of increasingly sophisticated and evolving ICS threats. One of the ways we achieve this is through regular delivery of Dragos Knowledge Packs (previously known as Content Packs). Now, we are making Knowledge Packs available to our customers even faster, delivering them on a monthly basis.
Knowledge Packs, delivered by our expert team of frontline-practitioners, provide our customers the most up-to-date industrial adversarial information and device data, plus the latest prescriptive guidance to investigate and respond to potential threats efficiently–ensuring that the vital, proactive information needed to combat the latest threats and adversaries is readily available to our customers at any given time.
What Information is in a Knowledge Pack?
Knowledge Packs are not software upgrades of the Dragos Platform; upgrades are a separate part of our continued release cycle, providing new features and depth to the Dragos Platform technology. Rather, Knowledge Packs provide continual, on-the-job knowledge sharing and contain the latest information and tools for practitioners to identify and respond to threats in industrial environments, including:
- The latest threat analytics distilled from adversary tactics, techniques, and procedures (TTPs) mapped to MITRE’s ICS ATT&CK Framework
- Expanded support for thousands of device and communications characterizations for industrial operations
- Indicators of Compromise (IOCs)/Indicators of Attack (IOAs) that identify malicious behavior early in the attack sequence
- Query-Focused Datasets (QFDs) that aid in the investigation process, including tailored logs
- New information from the Dragos threat intelligence, hunting, and response teams
- New custom ICS& IT protocol support
- Investigation playbooks authored by Dragos practitioners with best practices and prescriptive investigation guidance
These Insights, protocol dissectors, threat analytics, and playbooks provide our customers with comprehensive asset identification, threat detection, and response enhancements, enabling them to:
- Proactively defend against increasingly capable ICS-focused threats
- Have improved visibility, understanding, and analysis of ICS assets and environments
- Gain more in-depth context of ICS-specific threats and activity groups tracked by the Dragos Threat Intelligence team
- Respond to threats faster with step-by-step threat investigation guidance provided by the Dragos Professional Services team
How are Knowledge Packs Used?
1. VISIBILITY: Dragos Knowledge Packs provide newly-dissected protocols for deeper visibility of ICS/OT assets and their communications
2. DETECTION: With enhanced visibility and detections created by our threat intelligence team, the Dragos Platform can identify malicious threat behaviors and generate context-rich alerts
3. RESPONSE: Dragos Knowledge Packs provide investigation playbooks to enable efficient response
At Dragos, transferring our team’s knowledge directly to our customers is critical to our mission of safeguarding civilization, and Knowledge Packs are key to making our mission scalable to the entire ICS community.
To learn more about Knowledge Packs and how they help arm practitioners with proactive insights and defensive tools to stay ahead of industrial adversaries, contact firstname.lastname@example.org.