Artificial intelligence has finally started showing significant results. However, those results are limited when they don’t have good training data on top of them to provide context. Good analysts, good models, and bad training data create bad outcomes. Good analysts, good models, and good training data create extraordinary and surprising outcomes. Today at Dragos we are creating a step-change for defenders by taking all of our training data and the industry’s most comprehensive OT intelligence dataset and applying it to those AI models.
The gap between information, understanding, and actionality has become one of the defining cybersecurity challenges. What compounds the situation is the inherent and increasing complexity of the extended operational technology (xOT) environments. Adversaries are moving faster, leveraging automation and artificial intelligence to accelerate reconnaissance, improve targeting, and reduce the time required to gain a strategic beachhead into the organization. For defenders, this is a difficult reality, but it does not end there.
The demand for expertise is growing far faster than the supply of experienced practitioners capable of securing xOT environments. Operational technology has always been a specialized discipline. Understanding industrial protocols, control systems, engineering processes, operational dependencies, and the relationship between cyber events and physical consequences requires years of experience. Organizations cannot simply hire enough experts to meet the challenge. Even the most mature security teams face limitations in staffing, resources, and access to specialized knowledge.
Since our founding over a decade ago, we have invested in building what has become one of the most comprehensive collections of operational technology cybersecurity intelligence in the world. We call this the Dragos Intelligence Fabric. It consists of intelligence on assets, vulnerabilities, threats and more. It is created from over a decade of threat research, vulnerability research, incident response cases, telemetry from our threat hunting across customers, and over 5 petabytes of data a day from unique collection sources. No one else can make this claim.
Cybersecurity analysts are not going to be replaced by AI. They are going to be empowered with it. Human judgment remains essential and will remain essential for the foreseeable future. The role of AI in OT is therefore not to remove people from the decision-making process, but rather help people make better decisions faster, with more context and greater confidence than would otherwise be possible. But we need to move quickly if we are to outpace the adversaries. We need to move from a talent shortage to a talent chasm that the adversaries cannot cross.
Today we announce that change for defenders with our new Dragos Platform module – Dragos EmberAI. Accessing the Dragos Intelligence Fabric, Dragos EmberAI directly puts the context and capability in the hands of every defender. OT cybersecurity analysts just became more powerful and IT cybersecurity analysts now can operate as if they have a decade of OT.
Dragos EmberAI allows these analysts to interact directly with the collective knowledge developed through more than a decade of operational technology cybersecurity experience and then make it relevant and actionable to their environment.
An analyst investigating a vulnerability can immediately understand whether it affects critical assets, whether it aligns with known adversary groups’ tactic, technique, and procedure (TTP), and how it should be prioritized based on operational impact specific to that environment. A security team responding to an alert can quickly establish the broader context surrounding an event, identify relevant threat activity, and determine the most appropriate response path. IT practitioners supporting industrial operations can access guidance grounded in OT realities without requiring years of specialized training. Leaders can gain a clear understanding of operational risk and resilience without waiting for information to be manually assembled via a friction-laden and often error-prone process from multiple sources.
Most importantly, organizations gain the ability to operate with a level of consistency that has historically been difficult to achieve. Expertise resides and is embedded within daily workflows, available whenever and wherever it is needed. The future will belong to organizations capable of turning intelligence into defensible and relevant action faster than adversaries can turn opportunity into disruption. Success will be determined by organizations that understand their environment most effectively, prioritize risk most accurately, and make decisions with the greatest speed and confidence.
We hear so much about AI today, that it has become a multi-industry buzzword. But not all AI will be created equal. Industrial environments require systems built upon industrial knowledge. They require intelligence informed by real-world investigations, adversary behavior, and an understanding of the consequences that security decisions can have beyond the network. That is why we believe the future of OT cybersecurity will be defined not by automation alone, but by the right intelligence in the right form and at the right time.
Our vision is for every organization responsible for critical infrastructure to have access to the same depth of expertise that the world’s leading industrial cybersecurity practitioners rely upon every day. As threats continue to evolve and operational environments become increasingly complex, the ability to deliver that expertise at scale will become one of the most important advantages a defender can possess.
Dragos EmberAI is an important step in that journey, but it is only the beginning. The last 30 years have been focused on defending Enterprise Information Technology. The next 30 years will be focused on defending the cyber-physical systems our society depends upon like xOT. We do not have 30 years to play catch up though – defenders deserve technology that evolves with them and empowers them through our collective knowledge and collective defense. Our communities we serve deserve that.
Want to see what’s possible? Watch our announcement event on demand with myself and our Chief Product Officer, Jodi Schatz. And if you want to talk to a Solutions Architect that can show you the full power of Dragos EmberAI, request a demo.
