Dragos S4 Detection Challenge Showcases In-depth Asset Identification and Analyst Workflow
Significant effort across the community drives industrial cybersecurity industry forward
HANOVER, MD. – Jan 23, 2019 – Dragos, Inc., provider of the industry’s most trusted industrial cybersecurity platform and services, today announced the successful completion of the S4 Detection Challenge with findings showcased by company researchers at the ICS Detection Challenge: Analysis and Results session at the S4 ICS cyber security event in Miami Beach last week.
As a testament to the progress the ICS security community has made in the past year, the 2019 detection challenge was designed to simulate a real-world ICS incident, incorporating 400 GB of packet captures from a real-world mining operation with a set of adversaries “injected” by the S4 organizers for participants to find.
“More than 500 hours of effort were put into developing the challenge, transforming it from last year’s challenge based on 3GB of data. This year presented a much more complicated attack sequence to better represent a real-world, multi-component attack, designed to significantly test participating ICS security vendors’ capabilities in asset identification, threat detection, and response. “ said Ron Brash, manager in Risk Advisory at Deloitte Canada and S4 challenge developer.
With only two ICS cybersecurity companies decidingly represented in this year’s challenge, the planned competition format was altered to a dataset of 130 GB. From the data in the revised challenge, Dragos detected 140 network protocols, mapped 4600 unknown assets, and discovered malicious industrial campaigns through intelligence-driven threat behavior analytics. (Threat behavior analytics detect threats through characterizations of specific patterns of behaviors, such as a flow of adversary communications and connections, or failed authentication attempts).
“Dragos is honored to have been one of the two companies showcased during the live S4 detection presentation, and we look forward to future S4 events,” says Dan Gunter, Principal Threat Analyst at Dragos. “Competitions like this are useful to validate technical claims and features to the industrial community while helping to push the space forward. ”
The Dragos industrial cybersecurity platform enables industrial cybersecurity analysts and threat hunters to maximize visibility and efficiency in threat detection and response. It is an automated network-monitoring appliance that performs deep packet inspection to passively identify ICS assets and communications, detect malicious activity, and guide defenders step-by-step if a threat is found.
The Dragos presentation shared during the analysis and results session at the 2019 S4 ICS Security Conference is available here: Dragos S4 Detection Challenge Video.
To learn more more about how the Dragos Platform enables in-depth asset identification, threat detection, and response, please refer to our whitepaper: Key Considerations for an Industrial Cybersecurity Solution.
Dragos’ industrial cybersecurity platform delivers unprecedented visibility and prescriptive procedures to respond to adversaries in the industrial threat landscape. Dragos codifies intelligence and threat behavior analytics for effective ICS threat detection and response. Dragos also offers ICS threat hunting and incident response services, as well as Dragos ICS WorldView for weekly ICS threat intelligence reports. Learn more at www.dragos.com, or follow us on Twitter or LinkedIn.
Kari Walker for Dragos
Discover more resources.
Explore more resources to support you on your ICS cybersecurity journey.
View next press release
Ready to put your insights into action?
Take the next steps and contact our team today.