Managing operational technology (OT) cyber risk can be extremely difficult, especially for industrial organizations that may lack effective asset visibility and vulnerability management strategies and capabilities.
Why is this? One of the main reasons is that these organizations are facing an increase in cyber threats targeting industrial control systems and operational technology. In our most recent 2022 ICS/OT Cybersecurity Year in Review Report, Dragos analyzed 465 advisories containing a total of 2,170 CVEs, for an average of five CVEs per advisory. The number of CVEs that Dragos has investigated over the last three years has grown from 703 in 2020 to 2,170 in 2022, showing an annual growth rate of 46 percent over four years. The ongoing convergence of IT and OT has led to an ever-expanding host of OT vulnerabilities that will continue to threaten industrial organizations for years to come.
With the number and sophistication of threats continuing to climb, OT cybersecurity teams face a number of hard questions as they look ahead in managing cyber risk to their organizations.
1 | What is running in my environment?
In too many cases, companies only have a limited view of the total number of devices, profiles, and traffic in their OT environment. This makes threat detection and response extremely difficult since industrial companies can’t protect OT assets that they don’t even know about. Unfortunately, this scenario is too common in the industrial sector. According to the Ponemon Institute, only 45 percent of organizations believe that they are effective at discovering and maintaining an inventory of devices attached to their OT networks.
2 | How can I tell if (and when) I’m really compromised?
The total number of security-generated alerts is also on the rise: today, 56% of companies receive more than 1,000 alerts each day. We’ve reached the point where security teams simply can’t respond to each and every alert. Worse, overly simplistic anomaly detection systems contribute to even more ongoing “noise,” and may lead overwhelmed cybersecurity teams to miss subtle threat behaviors.
3 | What action should I take?
In addition, incomplete vulnerability information or vague mitigation recommendations may only confuse busy security teams who need clear guidance. Team members may not know how to prioritize a common notification or what specific steps they should follow to manage cyber risk.
4 | How can I act in time?
As they face real threats, response teams may struggle to navigate and understand forensic details, analyze root cause events, and restore operations. In situations where every second counts, many OT security teams can’t respond as quickly as they would like or worse, waste more time pursuing the wrong steps.
With these challenges in mind, Dragos has developed the technology and services industrial organizations require to build a comprehensive cybersecurity program that addresses their most pressing needs.
The Right Combination to Minimize OT Cyber Risk
At Dragos, we realize the need for a comprehensive ICS/OT cybersecurity program that consists of proven cybersecurity technology with the visibility and vulnerability management capabilities that security teams require. Additionally, we know that access to the latest cyber threat intelligence and expert strategies to mitigate threats is integral to ensuring greater efficiencies in prioritizing and managing issues as they arise.
The Dragos Platform delivers on all of these requirements by providing comprehensive visibility into an organization’s ICS/OT assets as well as the threats they may face.
The Dragos Platform provides a highly accurate, up-to-date inventory of all the devices in the entire OT environment. It ingests network data sources to create an asset inventory for actively communicating devices and also processes host log files and other sources to address inventory gaps.
The Dragos Platform also delivers effective vulnerability management capabilities that give response teams the information they need to focus on the highest priority issues to mitigate cyber risk, minimize down time, and allocate cybersecurity resources where they are most needed. These capabilities allow OT cybersecurity teams to manage the full lifecycle of specific vulnerabilities in their environment.
The Dragos Platform is further supported by proactive threat intelligence information that helps industrial organizations stay a step ahead of the most sophisticated cybersecurity threats. Dragos Worldview threat intelligence gives internal teams a detailed view of all the threats targeting industrial environments globally. This information is delivered as key takeaways, indicators of compromise (IOC), malware analysis, detailed breakdown of adversary behavior, and best practices and strategies to defeat them.
Finally, our Professional Services team has the experience and expertise to help cybersecurity teams improve their cyber resilience against adversaries who look to exploit the unique systems, network traffic, and vulnerabilities that exist in OT environments. Our team has been on the frontlines of significant industrial cyber attacks around the world and are among the most respected in the industry. We help our customers in the areas of incident response, threat hunting, vulnerability analysis, architecture assessments, and other services to help make sure they win the fight.
See Our Platform in Action
Ready to put your insights into action?
Take the next steps and contact our team today.