Dragos’s Lesley Carhart at ARC Forum 2019
At ARC Forum 2019, Lesley Carhart, Dragos Principal Threat Analyst discusses the growing need for effective industrial cybersecurity and how Dragos’ threat detection and response platform helps codify the knowledge of the industry’s top ICS practitioners to provide defenders with an in-depth understanding of the threat landscape and the necessary tools to respond to threats in their environments.
joining us today to discuss cybersecurity is Lesley Carhart a principal threat analyst with dragos welcome Lesley thank you for having me you know Industrial cybersecurity includes a broad range of products and services and that’s oh why don’t we just start by if you could just explain where dragos fits into that mold of all the products and services that are there today so what I really enjoy about our line of products is that we bring our expertise and the the knowledge over many many years of ICS and IT security to our customers and we do that through a wide range of product offerings from managed security services like Incident Response and threat intelligence and threat hunting playbooks and even things like tabletop exercises you know our research you know suggested industrial companies is finally starting to recognize that they need cyber security you know that the threats are there and and I’m just curious if you’re seeing this uptake and interest or your perspective the unfortunate thing is I think that they’ve always been aware that those threats exist but the money has come in recently especially due to non targeted threats things like ransomware that are very impactful and they have a quantifiable impact so that’s something that security people who are well aware of the risks can bring to their executive leadership and say this is a real thing that could happen to us we need to address this and even if their primary concern is a targeted threat they can bring these real case studies of people being impacted by things like ransomware to their executives you know another thing we see is that companies that do invest in cyber security you know they struggle to sustain their cybersecurity not just their posture so I’m just gonna be posture I’ll use that term rather than the hygiene because it’s more than that I think you know how can dragos help them with this kind of issue something that I really treasure as a investigator and that’s what I do professionally is investigate incidents is going into a new environment and doing something like a threat hunt and doing something so simple as plugging in our platform and seeing a map develop of their network and an asset inventory and seeing those hosts populate and being able to tell the customer this is what’s out there in your network that’s really exciting for me because they might have network maps that they’ve built over time but those are so hard to maintain especially in a complex industrial environment so just being able to tell a customer this is what’s really out there this is what protocols it’s speaking these are the device types and manufacturers it’s it’s really a enjoyable experience for me you know when our workshops yesterday a big issue and I’m happy to see it but it is IT ot convergence you can call it convergence some people call it integration but how can dragos help companies with this so within our platform we have a segment of that platform that’s called play books and play books are tied to individual threat analytics so if you have a specific threat analytic fire in our platform it will be associated with a playbook and the PlayBook gives an IP or an ot security analyst a basic understanding of what that means what impact it could have in their environment and how they should respond so initial triage the first two steps they should take to gather the right information and approach the right people about what’s occurred so that helps people both from the IT side who don’t have a lot of knowledge about OT systems and the people on the OT side who might not have a lot of knowledge about IT security and along with that you know we see companies are saying that’s wonderful that’s wonderful capability but we we need help to manage it so from a services perspective you know how can again how can drag us help and what is really we offer a wide range of pretty exciting for me services for customers we do everything from threat hunts where we go out into an environment and see what’s going on out there look at assets look at potential risks threats etc we do Incident Response services we do threat intelligence services and we also do some we provide some managed security services for our customers as well so we also have been working on some tabletop exercise services for customers which is really really fun for me we’re out there simulating incidents in a tabletop environment for customers so they can see how their teams would respond both their security teams and their management teams their Public Relation teams and it’s that drilling things over and over that makes people really good at responding to that worst day in their lives so if we can prepare people for that god forbid that ever happens but we’ve we’ve made them ready we’ve made them comfortable with ok this is what we do we know we know this we’ve done this and so I really enjoy providing those tabletop services yeah I can I can tell that so it’s just wonderful it’s a wonderful service you know what about helping companies justify you know cybersecurity getting when you do understand it and I agree with you a lot of companies do but it’s now getting justification is still challenged so what does you do to help them with that or can you yeah it’s it’s tough threat intelligence is a big help there and we do have a wide range of threat intelligence services we have a great intelligence team who do a lot of research into industrial threats and you know IP threats that could impact industrial systems and kind of knowing what’s out there and who else in industry is being impacted by these threats can help people bring those those concerns to their leadership and talk about real things that are happening in the real world and that can really help them have a little bit of leverage in terms of preparing for them in the future well thank you very much it’s been a real enjoyable discussion thank you it’s a pleasure we’ve been speaking with a Lesley Carhart principal threat analyst with dragos thank you for watching
Ready to put your insights into action?
Take the next steps and contact our team today.