Deep ICS/OT Asset Identification and Threat Detection Reinforced by MITRE ATT&CK for ICS
Today, we are excited to announce that Dragos Platform v1.6 is now available!
Watch the 3-minute overview video here:
With the release of Dragos Platform v1.6, we are making significant enhancements to the type, quantity, and breadth of ICS/OT environmental visibility we provide our customers, and we’re reinforcing our threat detection capabilities as the first ICS/OT cybersecurity vendor to incorporate MITRE ATT&CK for ICS into our technology. These enhancements ensure our customers not only have comprehensive visibility of their environments, but also, visibility of the threats to their organization that pose the greatest risk.
As our team has observed across our customers and the ICS community, the concept of asset visibility has begun to shift. Adversaries continue to adapt their methodologies and grow more sophisticated in their methods, driving the need for better visibility of how they can alter or compromise critical assets. Gone are the days of simply generating asset inventories; as organizations grow and mature on their ICS/OT cybersecurity journeys, there must be a deep understanding of assets beyond protocol analysis and a visualization of how those assets are behaving on the operational network–which is the prerequisite to effectively pinpointing threats and responding to them efficiently.
With the insights from our team’s unique experience on the front lines of the industrial threat landscape, Dragos Platform v1.6 delivers the most comprehensive asset inventory, discovery, and identification capabilities to date to help customers go beyond simply identifying what is abnormal vs. normal in their environments to helping them understand what’s needed to build a truly defensible, intelligence-driven ICS/OT cybersecurity strategy.
With the reinforced environmental visibility and asset information Dragos Platform v1.6 provides, we’ve enriched our threat detection capabilities by incorporating the MITRE ATT&CK for ICS Framework into our notifications–enabling more robust context of adversary tactics and techniques and providing custom-authored investigation playbooks to respond to threats with the expert guidance of our team of practitioners.
DRAGOS PLATFORM v1.6 KEY ENHANCEMENTS
Reinforced Asset Visibility
- Context-rich ICS/OT asset data, including detailed visibility of vendor, hardware, firmware, model types, OS version, and more
- Expanded support for 2500+ ICS/OT asset characterizations
- Extended protocol support for 130+ IT and ICS/OT protocols
- Increased vendor hardware coverage for Rockwell, Schweitzer Engineering Labs, Emerson, Yokogawa, Honeywell, Siemens, GE, and more
- New and improved asset map auto-zoning, tagging, and categorization capabilities
- Improved workflow efficiency and user experience
Dragos customers will have the most detailed and robust visualization of their unique ICS/OT environments and individual assets; a deeper understanding of “normal” network behavior to identify and investigate abnormal behavior faster; and the automated tools to visualize ICS/OT network traffic and communications from any plant or geographic location–with one single-pane view.
Threat Detection Backed by MITRE ATT&CK for ICS
As a key contributor to the MITRE ATT&CK Framework for ICS, Dragos helped categorize and validate threat behaviors targeting critical ICS/OT infrastructure globally. As a groundbreaking feature to Dragos Platform v1.6, threat detections are now mapped to the tactics and techniques in the MITRE ATT&CK Framework for ICS to give you the greatest advantage against industrial adversaries.
Coupled with the deep context and threat insights provided by the Dragos Platform’s threat analytics, detections mapped to MITRE ATT&CK for ICS ensure customers have the most in-depth understanding of adversary tactics and techniques, more efficient investigations and workflows, and the most effective threat detection capabilities with end-to-end coverage.
Faster Release of Critical Industrial Threat and Device Data
One of the most important goals at Dragos is ensuring our customers are continuously learning from our expert team and constantly armed with the most up-to-date information to proactively investigate and respond to potential threats–and now, we’re providing that information to customers even faster. Dragos Knowledge Packs are available to customers monthly and include the latest ICS adversarial information, ICS/OT device data, and investigation guidance–direct from our experts on the front lines of industrial cybersecurity.
- Automatic, monthly delivery of the latest IOCs, threat analytics, device characterizations, network asset data, and more
- The newest investigation playbooks authored by our threat hunting and incident response teams
- The newest protocol dissections and vendor device information
- Proactive insights of the latest ICS threat activity and a competitive advantage over adversaries