Threat Intelligence

01:00 PM
Dark Reading
Dark Reading
Products and Releases

Dragos Releases Dragos Platform 1.2

Content packs containing threat behavior analytics and investigation playbooks, in addition to several analyst productivity enhancements, combine to further separate the Dragos Platform from the rest of the industrial cyber threat detection field

Hanover, MD February 13, 2018    Industrial cybersecurity company Dragos, Inc. today announced that Dragos Platform 1.2, the latest version of its industrial cybersecurity platform, is now available to all Dragos Platform customers. The Dragos Platform contains all the necessary capabilities to gain visibility into industrial networks, monitor them for threats, and efficiently perform investigations to counter adversaries. Unlike typical industry solutions, Dragos’ technology goes beyond just analyzing network traffic to also collecting, storing, and correlating logs and data from host systems, logic controllers, and data historians. As a result, the Dragos Platform has the most coverage and capability for correlation in the industrial threat detection market today. The broad and flexible capabilities of the Dragos Platform are designed to enable any-sized security team.  Dragos Platform 1.2 builds upon the strong foundation established in the initial Dragos Platform release, the industry’s first and only to codify and integrate the knowledge of boots on the ground expertise and an intelligence-driven approach with software technology.  With Dragos Platform 1.2, customers will continually gain access to this knowledge through regular releases of content packs containing new threat behavior analytics and investigation playbooks.

“The Dragos Platform software is the most technologically complete solution in the industrial cyber threat detection and response market today. The codification of my team’s knowledge gained by hunting and responding to threats enables our customers to defend their environments as if Dragos team members were there alongside them,” said Robert M. Lee, CEO and Founder of Dragos. 


Key Enhancements in Dragos Platform 1.2

Content Packs Containing Threat Behavior Analytics, and Investigation Playbooks Enable Faster and More Effective Threat Investigation and Mitigation

Threat behavior analytics is a form of detection focused on adversary tradecraft that is massively more scalable and efficient than detections based on specific tools and technical indicators. Typical industry solution anomaly-detection tactics are time-consuming, requiring a baseline profile to be built and maintained for the purpose of identifying abnormalities in an industrial network, leaving the analyst to figure out the context and then what they should do about it.  In contrast, Dragos Platform threat behavior analytics provide immediate value without requirements of a baseline and contain rich context, enabling the analyst to know what is occurring and what to do next. These threat behavior analytics are created by Dragos’ intelligence team specialists who constantly monitor for and analyze new threats in addition to greatly furthering the community’s understanding of major threats and incidents such as the CRASHOVERRIDE and TRISIS malware.

Each threat behavior analytic in the Dragos Platform is paired with an investigation playbook created by the Dragos’ threat operations center. This “what would Dragos do” styled playbook contains step-by-step guides for customers to follow for each specific alert and automatically correlates and delivers appropriate datasets for the analyst. This feature reduces the degree of ICS experience and expertise required of existing security practitioners to become effective in industrial environments as well as the amount of time even experienced analysts require to complete investigations.

Investigation Playbooks Facilitate Threat Hunting and Continual Training

Threat hunting is a key strategy for reducing adversary dwell time and the corresponding safety, financial, regulatory or reputational risks that could accompany a serious incident, but is often a challenge for resource-stretched security teams. Even before the Dragos Platform detects a threat, investigation playbooks can be used as a guide to facilitate efficient, proactive hunting of hidden threats by security teams. These threat hunts use the hypothesis created by the Dragos threat operations team that went into creating the playbook and educates the user as to why they are performing the hunt. Dragos playbooks facilitate the proactive defense that is widely viewed as an industrial cybersecurity best practice and imparts the knowledge of the Dragos team as a form of continual training to ICS defenders.

Indicators of Compromise (IOC) Import from Dragos ICS WorldView Cyber Threat Intelligence

Dragos ICS WorldView is the industrial cybersecurity industry’s only product exclusively focused on cyber threat intelligence.  These weekly reports contain insights into threats, adversaries, and indicators of compromise, as well as context and recommended actions for industrial security professionals. These IOCs, and those from other sources, can now be imported directly into the Dragos Platform and security teams can execute IOC sweeps across the data as a scoping and forensics tool while facilitating community information sharing.

“The Dragos Platform provides us with a level of real-time, situational awareness and monitoring capabilities unparalleled in the industry today, which was never before possible within our Windfarm networks,” said Marc DeNarie, Chief Information Officer at NaturEner USA. “It has become an integral part of our day-to-day cybersecurity, OT network monitoring, and asset management program and has eliminated a number of manual processes while increasing our speed of incident response. A high-value system for any organization whose operations are dependent upon ICS technology, processes, and protocols.”

To learn more about the Dragos Platform or to schedule a demo, contact [email protected] or visit for more information.


About Dragos

Dragos applies expert human intelligence and threat behavior analytics to redefine industrial control system (ICS) cybersecurity.  Its industry-first, ICS cybersecurity ecosystem provides industrial security practitioners with unprecedented situational awareness over their environments, with comprehensive threat intelligence, detection, and response capabilities.  Dragos' solutions include the Dragos Platform, software providing ICS-specific asset discovery, threat detection, and investigation capabilities; Dragos Threat Operations Center, providing ICS threat hunting, incident response services, and ICS cybersecurity training; and Dragos ICS WorldView, providing global, ICS-specific threat intelligence in the form of weekly reports and critical alerts upon discovery.  Headquartered in metropolitan Washington DC, Dragos' team of ICS cybersecurity experts are practitioners who've lived the problems the industry faces hailing from across the U.S. Intelligence Community to private sector industrial companies.   For more information, please visit



Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.