Exclusive Webinar:

Join us Oct. 6 as Rockwell Automation & Dragos CEOs reshape the way you approach cybersecurity in manufacturing.

Skip to main content
The Dragos Blog

09.21.22 | 3 min read

Securing Industrial Control Systems (ICS) Against Cyber Threats with Dragos & Palo Alto Networks Integration

As industrial organizations face modernization and regulatory requirements for digital transformation efforts, cyberthreats have become a serious challenge. Cybersecurity teams across critical infrastructure industries – including energy, utilities, chemical, and manufacturing – are tasked with assessing these risks to their environments and adhering to audit and compliance programs. Implementing these practices comes with various challenges through increased industrial control systems (ICS) connectivity, including unique protocols, legacy systems, unfamiliar technology, and an expanding attack surface as companies embrace digital transformation.

Having complete asset visibility is an essential step in any cybersecurity program, as defenders first need to understand the environment they are protecting before they can take measures to do so. Maintaining an accurate asset inventory can be challenging within these unique environments, as OT systems are heavily engineered and inextricably tied to specialized machinery, operating with industrial specific protocols and vastly longer lifecycles than IT equipment. All too often, OT system details are collected manually on clipboards and spreadsheets, leading teams to look for automated solutions that are safe for OT environments which reduce manual labor and provide real time visibility.

Improved OT Asset Visibility and Threat Detection for Palo Alto Networks NGFW Optimization

To address these challenges, Dragos has partnered with Palo Alto Networks to integrate the Dragos Platform with the world’s first ML-Powered Next-Generation Firewall (NGFW), enabling joint customers to proactively prevent unknown cybersecurity threats that impact both information technology (IT) and operational technology (OT) environments.

This technology integration gives defenders the asset visibility across IT and OT networks needed to see risks, reduce attack paths, and secure a wider range of environments. The Dragos Platform builds a continuously updated asset list by analyzing network traffic and capturing detailed asset information and communications. These assets can be grouped by properties, attributes, and parameters, and are used to generate and populate asset profiles. These profiles are then synchronized to address groups in the Palo Alto Networks NGFW for easier management by an administrator who can then apply more informed firewall policies.

Combined, these technologies help protect OT assets from potential threats, support industrial network segmentation, and build compliance with various industrial standards, regulations, and guidelines, such as NERC CIP, ISA-99/IEC-62443, CFATS, and ANSI/AWWA G430. The solution increases situational awareness to enable timely incident response. This allows teams to capture the benefits of industrial digitization efforts across both IT and OT environments while being able to see risks, reduce attack paths, and secure a wider range of environments.

Figure 1. Asset inventory through the Dragos Platform

This solution offers the necessary capability to quickly prioritize, investigate, and respond to threats and provide network segmentation to reduce threats from moving unchallenged laterally through the network. Providing complete asset visibility, the Dragos Platform can generate and populate asset sync profiles sent to Palo Alto Network NGFWs for inclusion in address groups where administrators can apply appropriate policies for traffic management. Likewise, for threat detections, notifications in the Dragos Platform can generate response actions based on configurable rules that populate address groups in Palo Alto Networks—all designed to ensure the uptime, resilience, and safety of industrial assets and personnel.

Figure 2. Asset objects in the Palo Alto Networks dashboard

Additionally, the Dragos Platform works to reduce alert fatigue by rapidly pinpointing malicious behavior on your ICS/OT network, providing in-depth context of alerts, and reducing false positives for unparalleled threat detection, giving customers the information needed to focus on the highest priority issues to mitigate risk, minimize downtime, and allocate cybersecurity resources where they are most needed.

Unit 42 Partnership to Bolster Organizations’ Ability to Mitigate Risk and Respond to Threats Confidently

In addition to the technology integration, Dragos has also partnered with Palo Alto Networks Unit 42TM— industry-leading threat intelligence, incident response, and cyber risk expertise, to deliver deeper threat intelligence and incident response services for joint customers. Unit 42 partners with the Dragos team of ICS experts who have been on the front lines of significant industrial cybersecurity attacks globally and are ready to assist no matter where you are on your journey.

Unit 42 provides a threat-informed approach to incident response that enables security teams to understand adversary intent and attribution while enhancing protections offered by the Dragos Platform and services to stop advanced attacks.

By leveraging technology from Palo Alto Network and Dragos, defenders can ensure they have maximum visibility across both IT and OT networks, improving overall threat detection, response, and mitigation time when an adverse event does occur, and speed and efficacy are necessary to ensure effectiveness is sustained.

Learn more about the Dragos partnership with Palo Alto Networks today.

Ready to put your insights into action?

Take the next steps and contact our team today.