Threat Intelligence

2/13/2018
01:00 PM
Dark Reading
Dark Reading
Products and Releases
100%
0%

Dragos Releases Dragos Platform 1.2

Content packs containing threat behavior analytics and investigation playbooks, in addition to several analyst productivity enhancements, combine to further separate the Dragos Platform from the rest of the industrial cyber threat detection field

Hanover, MD February 13, 2018    Industrial cybersecurity company Dragos, Inc. today announced that Dragos Platform 1.2, the latest version of its industrial cybersecurity platform, is now available to all Dragos Platform customers. The Dragos Platform contains all the necessary capabilities to gain visibility into industrial networks, monitor them for threats, and efficiently perform investigations to counter adversaries. Unlike typical industry solutions, Dragos’ technology goes beyond just analyzing network traffic to also collecting, storing, and correlating logs and data from host systems, logic controllers, and data historians. As a result, the Dragos Platform has the most coverage and capability for correlation in the industrial threat detection market today. The broad and flexible capabilities of the Dragos Platform are designed to enable any-sized security team.  Dragos Platform 1.2 builds upon the strong foundation established in the initial Dragos Platform release, the industry’s first and only to codify and integrate the knowledge of boots on the ground expertise and an intelligence-driven approach with software technology.  With Dragos Platform 1.2, customers will continually gain access to this knowledge through regular releases of content packs containing new threat behavior analytics and investigation playbooks.

“The Dragos Platform software is the most technologically complete solution in the industrial cyber threat detection and response market today. The codification of my team’s knowledge gained by hunting and responding to threats enables our customers to defend their environments as if Dragos team members were there alongside them,” said Robert M. Lee, CEO and Founder of Dragos. 

 

Key Enhancements in Dragos Platform 1.2

Content Packs Containing Threat Behavior Analytics, and Investigation Playbooks Enable Faster and More Effective Threat Investigation and Mitigation

Threat behavior analytics is a form of detection focused on adversary tradecraft that is massively more scalable and efficient than detections based on specific tools and technical indicators. Typical industry solution anomaly-detection tactics are time-consuming, requiring a baseline profile to be built and maintained for the purpose of identifying abnormalities in an industrial network, leaving the analyst to figure out the context and then what they should do about it.  In contrast, Dragos Platform threat behavior analytics provide immediate value without requirements of a baseline and contain rich context, enabling the analyst to know what is occurring and what to do next. These threat behavior analytics are created by Dragos’ intelligence team specialists who constantly monitor for and analyze new threats in addition to greatly furthering the community’s understanding of major threats and incidents such as the CRASHOVERRIDE and TRISIS malware.

Each threat behavior analytic in the Dragos Platform is paired with an investigation playbook created by the Dragos’ threat operations center. This “what would Dragos do” styled playbook contains step-by-step guides for customers to follow for each specific alert and automatically correlates and delivers appropriate datasets for the analyst. This feature reduces the degree of ICS experience and expertise required of existing security practitioners to become effective in industrial environments as well as the amount of time even experienced analysts require to complete investigations.

Investigation Playbooks Facilitate Threat Hunting and Continual Training

Threat hunting is a key strategy for reducing adversary dwell time and the corresponding safety, financial, regulatory or reputational risks that could accompany a serious incident, but is often a challenge for resource-stretched security teams. Even before the Dragos Platform detects a threat, investigation playbooks can be used as a guide to facilitate efficient, proactive hunting of hidden threats by security teams. These threat hunts use the hypothesis created by the Dragos threat operations team that went into creating the playbook and educates the user as to why they are performing the hunt. Dragos playbooks facilitate the proactive defense that is widely viewed as an industrial cybersecurity best practice and imparts the knowledge of the Dragos team as a form of continual training to ICS defenders.

Indicators of Compromise (IOC) Import from Dragos ICS WorldView Cyber Threat Intelligence

Dragos ICS WorldView is the industrial cybersecurity industry’s only product exclusively focused on cyber threat intelligence.  These weekly reports contain insights into threats, adversaries, and indicators of compromise, as well as context and recommended actions for industrial security professionals. These IOCs, and those from other sources, can now be imported directly into the Dragos Platform and security teams can execute IOC sweeps across the data as a scoping and forensics tool while facilitating community information sharing.

“The Dragos Platform provides us with a level of real-time, situational awareness and monitoring capabilities unparalleled in the industry today, which was never before possible within our Windfarm networks,” said Marc DeNarie, Chief Information Officer at NaturEner USA. “It has become an integral part of our day-to-day cybersecurity, OT network monitoring, and asset management program and has eliminated a number of manual processes while increasing our speed of incident response. A high-value system for any organization whose operations are dependent upon ICS technology, processes, and protocols.”

To learn more about the Dragos Platform or to schedule a demo, contact [email protected] or visit dragos.com for more information.

 

About Dragos

Dragos applies expert human intelligence and threat behavior analytics to redefine industrial control system (ICS) cybersecurity.  Its industry-first, ICS cybersecurity ecosystem provides industrial security practitioners with unprecedented situational awareness over their environments, with comprehensive threat intelligence, detection, and response capabilities.  Dragos' solutions include the Dragos Platform, software providing ICS-specific asset discovery, threat detection, and investigation capabilities; Dragos Threat Operations Center, providing ICS threat hunting, incident response services, and ICS cybersecurity training; and Dragos ICS WorldView, providing global, ICS-specific threat intelligence in the form of weekly reports and critical alerts upon discovery.  Headquartered in metropolitan Washington DC, Dragos' team of ICS cybersecurity experts are practitioners who've lived the problems the industry faces hailing from across the U.S. Intelligence Community to private sector industrial companies.   For more information, please visit dragos.com.

 

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.