24/7 OT Incident Response When Every Minute Counts
Immediately access OT cybersecurity experts with a Rapid Response Retainer. Pre-established agreements mean faster containment when crisis strikes.
Our Rapid Response Retainer ensures you have priority access to elite OT incident responders, faster response times, and flexible hours for proactive security services.




-
When ransomware hit our OT network at 2 AM, Dragos responded within the hour. Their team immediately understood our industrial processes and helped contain the threat without shutting down production. The retainer paid for itself ten times over by preventing millions in downtime. Having them document our environment beforehand made all the difference.
CISO, Global Food & Beverage Manufacturer -
We use our retainer hours proactively for quarterly tabletop exercises and annual penetration testing. This approach has dramatically improved our incident response capabilities. When we did have a security event, the Dragos team already knew our environment intimately. Response was immediate and surgical - exactly what we needed.
OT Security Director, Energy Company -
The onboarding workshop alone justified the retainer investment. Dragos identified gaps in our incident response plan we never knew existed. When suspicious activity appeared six months later, their OT Watch service spotted it immediately through our Platform deployment. The combination of technology and on-demand expertise gives us confidence we can handle any threat.
VP of Operations, Pharmaceutical Manufacturer
Our incident response team combines unmatched OT expertise with proven crisis management experience and platform-enhanced visibility to minimize incident impact on your operations.



Every retainer includes 24/7 access to expert responders, an onboarding workshop to document your environment, forensic analysis during incidents, containment and recovery guidance, and executive reporting support. You also get flexible hours (80-240 depending on tier) that can be used for incident response or proactive services like pen testing, architecture reviews, and tabletop exercises.
All retainer customers receive first contact within 1 hour. For sites with the Dragos Platform deployed, we guarantee: analysis starts within 4 hours, OT Watch analysis within 2 hours, and on-site arrival within 48 hours if needed. Sites without the Platform receive best-effort response times. The Platform significantly accelerates our ability to investigate and contain threats using historical data and continuous visibility.
We offer three tiers: Essential (80 hours), Standard (160 hours), and Enhanced (240 hours). Your choice depends on your risk profile, regulatory requirements, and desired proactive services. Most mid-size organizations choose Standard, while those with critical infrastructure or wanting quarterly exercises choose Enhanced. All unused hours can be applied to professional services, so you maximize your investment either way.
Yes! Unused retainer hours can be applied to any Dragos professional service including penetration testing, vulnerability assessments, architecture reviews, tabletop exercises, purple team exercises, and security assessments. Many customers use hours proactively throughout the year for quarterly tabletops or annual pen tests. This flexibility ensures you get maximum value from your retainer investment.
The Platform isn’t required but is strongly recommended. Sites with the Platform receive guaranteed SLA response times and benefit from continuous visibility, historical forensic data, and accelerated threat hunting. The Platform acts as a flight recorder for your OT network, dramatically improving our ability to quickly identify root cause and contain threats. Sites without the Platform receive best-effort response.
The included onboarding workshop assesses your current incident response preparedness, documents your OT environment, establishes communication protocols, and explains the activation process. We create a profile of your critical assets, network architecture, and key contacts. This preparation ensures that when an incident occurs, our responders can act immediately with full context rather than spending precious time learning your environment.