Skip to main content
Community Tools

Tools for the ICS Cybersecurity Community

Protect your network with free asset identification and assessment tools.

Our community tools represent the countless hours and dedication towards improving the ICS cybersecurity landscape and the resources provided to aid the defense against attacks. Each tool has humble beginnings, many starting out as “after work” projects, but now offer a base-level capability that we’re proud to offer to the community. We hope these tools provide a significant step forward for those who are just beginning their ICS cybersecurity journeys, paving the way for more robust technology adoption with the Dragos Platform.

Community Tools

CyberLens

A free community tool that provides asset visibility into ICS networks.

In 2013, the Department of Defense gave permission to three employees to develop a tool in their off-hours — the CyberLens tool. These employees, Dragos founders Justin Cavinee, Jon Lavender, and Robert Lee, created CyberLens as an assessment tool to help the community quickly process packet captures and visualize ICS environments.

The analysts were later joined by Matt Luallen and formed an LLC called Dragos Security. The purpose of the LLC was a protective legal entity for the housing of CyberLens, so development could continue in the off-time with the intent of getting it out to the community for training and assessment purposes.

CyberLens is intended for packet captures under 10Gb that include a few hundred assets or less. CyberLens provides basic protocol inspection for major protocols, such as ModbusTCP and DNP3, and customizable fingerprints based on ports.

  • Captures under 10Gb
  • Inspect Provides basic protocol inspection for major protocols
  • Fingerprint Customizable fingerprints based on ports
Enter your information to receive a free download link once our team has determined this tool is the right fit for you.

Sophia

A free community tool for safe, continuous, passive discovery of ICS networks and assets.

Originally developed in 2012 at Idaho National Laboratory as “Sophia,” the exclusive rights to commercialize the tool were awarded to NexDefense in 2013. At NexDefense, the tool was rebranded as “Integrity” and underwent massive improvements before being acquired by Dragos in 2019 and returned to “Sophia.”

During development, it was apparent that Sophia had a role to help the community as a private sector offering. NexDefense enlisted the help of numerous colleagues and developers to extend Sophia beyond the initial vision and turn it into an even more highly-capable and scalable tool. The tool garnered positive recognition as an RSAC Innovation Sandbox finalist, Gartner Cool Vendor, and best network security solution by Cyber Defense Magazine.

Sophia is intended for packet captures of any size with asset counts of up to 100,000. Sophia provides ongoing industrial asset identification, ICS network, and data flow visualization with basic deep packet inspection of ICS protocols–such as ModbusTCP, DNP3, EthernetIP, BacNet, and OPC UA–and customizable fingerprints based on ports.

  • Capture Data Counts of up to 100,000
  • Inspect Ongoing industrial asset identification & ICS network and data flow visualization
  • Fingerprint Customizable fingerprints based on ports
Enter your information to receive a free download link once our team has determined this tool is the right fit for you.

Dragos Industrial Cybersecurity Product Comparison

Our community tools offer baseline protection for your ICS networks. Dragos does not offer support for these tools, however, you can get more robust support and capabilities with our paid products. See how each tool stacks up below.

CYBERLENS Free Community Tool SOPHIA Free Community Tool DRAGOS PLATFORM NEIGHBORHOOD WATCH
Passive Asset Identification
Ongoing Asset ID
Shared Threat Detection Optional Optional
Threat Analytics
Investigation Playbooks
Support Available
ICS Threat Intelligence
Professional Services Optional Threat Hunting Included
Scale 500 Assets Assessment Only Single Site Only Small to Global Small to Global
Cost FREE FREE Paid Paid
REGISTER REGISTER REQUEST A DEMO LEARN MORE
Passive Asset Identification
Ongoing Asset ID
Shared Threat Detection
Threat Analytics
Investigation Playbooks
Support Available
ICS Threat Intelligence
Professional Services
Scale
Cost
CYBERLENS Free Community Tool
500 Assets Assessment Only
FREE
SOPHIA Free Community Tool
Single Site Only
FREE
DRAGOS PLATFORM
Optional
Optional
Small to Global
Paid
NEIGHBORHOOD WATCH
Optional
Threat Hunting Included
Small to Global
Paid

Events

Join us on the frontlines with the latest webinars and events.

MORE EVENTS
Dragos Industrial Security Conference (DISC)
Thu. Nov 5
Virtual
Register Now

Get more robust ICS cybersecurity support and capabilities.

While Dragos does not provide support for these two free community tools, you can get comprehensive asset ID, threat detection, and response capabilities with the Dragos Platform.