Skip to main content
OSISOFT

Detecting Threats Using Broad ICS Datasets

This partnership of OSIsoft and Dragos provides the ICS community with the ability to more effectively and efficiently analyze both network and operational data to detect and respond to threats in ICS environments.

The OSIsoft PI System can collect, analyze, visualize, and share large amounts of high-fidelity, time-series data across all operations from multiple sources, including non-Ethernet based sensors. This level of data was previously unavailable to network security monitoring platforms without adding additional layers of complexity (e.g. media converters). Analyzing data from all sources available is integral to complete threat detection across the control system architecture.

The integration of Dragos Platform with PI System further extends the application of PI System data already available in an environment to also benefit ICS defenders. Dragos Platform utilizes PI System data in addition to its broad collection of industrial network and host data to provide the most complete coverage for ICS threat detection and response in the industry today, leveraging threat analytics running within the platform to correlate malicious activity and operational events to identify the threat behavior and potential impact to operations.

With this partnership, you benefit from: 

  • Enhanced Asset Discovery using data from the PI System provides additional asset detail to help characterize assets including non-ethernet devices.
  • Correlated Threat Discovery with Operation Events using the Dragos Platform’s Threat Behavior Analytics to correlate known threat behavior with associate operational data and Event Frames from the PI System to help analysts understand the full impact of the threat and reduce Mean Time To Recovery (MTTR).
  • Expand Search Capabilities Through Vast Datasets using the Dragos Platform’s Query Focused Datasets (QFD’s) allow for retroactive searches through both network, host, and operational data to assist in threat hunting and incident response activities.
  • Investigation Playbooks Incorporate Guidance using PI System data when relevant showing associated playbooks guide defenders on how to use the Platform’s PI System data to appropriately respond to detected threats on the ICS.

Learn more about OSIsoft

Learn how to better protect your ICS environment with Dragos and OSIsoft.