How Dragos is safeguarding our civilization.

In a world of rising cybersecurity threats, Dragos protects the most critical infrastructure – those that provide us with the tenets of modern civilization – from increasingly capable adversaries who wish to do it harm. Devoted to codifying and sharing their in-depth industry knowledge of ICS/OT systems, Dragos arms industrial defenders worldwide with the knowledge and tools to protect their systems as effectively and efficiently as possible.

Safeguarding civilization has been their mission since day one. Dragos is comprised of the industry’s most experienced team of Industrial Control Systems (ICS) security practitioners. Their team has been on the front lines of every significant industrial cybersecurity attack globally, including the 2015 and 2016 Ukraine attacks, CHRASHOVER, RIDE, and TRISIS.

In addition, they provide industrial organizations with the full spectrum of cybersecurity services to deliver visibility and insight into ICS and Operational Technologies (OT) environments, educate practitioners, mitigate risks and uncover and respond to threats. Founded by experts, trusted by the US government and ally nations, they investigate and respond to the most significant ICS cyberattacks in history.

Hence, their experience speaks for themselves. For our society to run smoothly and meet the fundamental needs in today’s modern world, intelligence companies like Dragos have a vital role in ensuring threats are not targeting industrial organizations. Though currently, many of those organizations are being threatened. Monitoring, detecting, and controlling changes are the fundamentals for protecting the infrastructure of most providers.

The key to a successful OT strategy is risk prevention and pre-emptive strategies instead of purely reactive. However, each organization is built differently. This is why companies must have a specific stack designed for them that works to protect their particular network.

By identifying the indicators to the initial access that has occurred Dragos then take action to prevent that from reoccurring. For this to happen, they must understand the environment – which can be done through asset discovery tool. This is a technical way of understanding the assets the organization has.

Experienced cybersecurity professionals will tell you that you cannot secure the systems you do not know about, which is why asset visibility is so crucial no matter what kind of technology infrastructure you are defending.

Asset visibility in industrial control system (ICS) environments provides industrial asset owners and operators and security staff with the knowledge and insight necessary to build a mature operational technology (OT) cybersecurity program. When organizations can get accurate and timely views into the assets running on their industrial networks, the benefits are cascading. Outside of the most critical OT assets, the most significant risks sometimes hide in the spaces between OT systems rather than in the assets themselves. The unknown and unseen connections between devices can expose industrial infrastructure to the most damaging risk potential.

While industrial organizations rarely intentionally allow highly critical OT assets to be internet-accessible, they are sometimes less vigilant about external connectivity to seemingly insignificant hardware or assets. The trouble is that these externally facing ‘lower-risk’ assets may serve as pivot points to higher-value targets.

Sometimes the communication pathways between OT assets allow for indirect connections. It may take an attacker several lateral steps to touch a high-value target from a remote connection; without some visualization, those communication pathways often remain unseen.

Asset visibility provides a map of the communication pathways inherent within an OT system. For example, mature asset visibility capabilities make monitoring an organization’s OEM and third-party management communication channels easier to ensure they’re adhering to their scope of contract and not introducing unnecessary risk to the ICS ecosystem. This includes keeping a lookout for communication paths that touch other systems, and ensuring vendors are only doing work during approved change control windows.

RANSOMWARE ATTACKING INFRASTRUCTURE NETWORKS

In 2021, the industrial community attracted high-profile attention. Major cybersecurity incidents struck industrial organizations in various sectors, with international headlines detailing everything from a compromise of a water treatment facility with intent to poison its community to a ransomware attack against a pipeline operator that disrupted gas supplies to the southeastern United States. These reports underscored the potential for devastating outcomes of a security

breach of critical infrastructure on communities and a country’s economy. 2021 was a ruthless year for ransomware gangs and their affiliates, with attacks reaching epic proportions, making ransomware the number one attack vector in the industrial sector. Dragos researchers observed that ransomware groups targeted the manufacturing industry more than any other ICS/OT sector in 2021– nearly twice as much as the other industrial groups combined. The marked spike in ransomware attacks is largely attributed to the emerging ransomware-as-a-service (RaaS) phenomena. Ransomware gangs like Conti and Lockbit 2.0 have mobilized into an underground marketplace where their developers outsource operations to affiliates who execute the attacks.

OT VISIBILITY & MONITORING

OT cybersecurity depends upon the isolation of systems, network segmentation, and network monitoring to manage risk effectively. According to a recent Dragos Year in Review report, some 88% of our professional services engagements involved significant issues and weaknesses in network segmentation. This often stems from a lack of visibility into the relationships that assets have with one another. Recent figures from the Ponemon Institute show many organizations are misaligned on their OT cybersecurity priorities. When looking at the most commonly cited security practices in industrial environments, four out of the top 10 involved asset segmentation or network monitoring.

BUILD AN ICS CYBERSECURITY STRATEGY THAT’S RIGHT FOR YOUR ORGANIZATION

Proactive and responsive offerings to comprehensively understand your ICS environment, mitigate risks and respond to threats confidently. Dragos professional services benefit:

• Getting a clear picture of your ICS environment.

• Knowing if your critical assets are at risk.

• Boosting your teams confidence.

• Getting actionable recommendations based on in-depth intel.

The Dragos Platform. The industry’s most advanced ICS/OT cybersecurity software to help you visualize, protect, and respond to cyber threats.

Neighborhood Keeper.

A global threat intelligence and analytics sharing program designed to support smaller providers and better understand the ICT/OT threat landscape.

OT Watch. The industry’s most powerful combination of technology and team to amplify your resources and reinforce your ICS/OT defenses.

Professional services. Proactive and responsive services to enable your team to better prepare for, combat, and respond to ICS/OT threats.

Threat Intelligence. Actionable threat intelligence and defensive recommendations focused on global ICS/OT threats.

IN CONCLUSION

When establishing and testing a brand-new cybersecurity program, it can be difficult to know exactly what reasonable steps to take and when to take them. Dragos offers various operational technology (OT) cybersecurity posture assessments to help your industrial organization improve its cybersecurity defenses, reduce risk, and mitigate cybersecurity incidents. Their ICS/OT Penetration Testing is one of our offerings that enables customers to assess their cyber defenses to understand risk.

Building a cybersecurity program is a marathon, not a race. It can be exciting finally getting to the point of ordering a penetration test, but testing should be considered a late-stage maturity activity. In other words, system owners should ensure that they have a cybersecurity program’s basic building blocks before considering a penetration test.

Dragos Professional Services clients have typically gone through a process of architecture review and site a that the conceptual framework for network architecture is sound. When conducting an architecture review, Dragos may ask for certain documents, including network topology, incident response plan, recovery plan, and firewall configurations. Dragos then conducts interviews with client staff to better understand the makeup of the existing security program.

Nevertheless, Dragos is always looking at the evolution of tactics used by their adversaries. They are currently focused on observing the OT environment’s network traffic, constantly expanding their capabilities, and looking at the inputs. They aim to expand their ability to ingest information directly from the endpoint and beyond. This includes both the active and passive interactions with the assets to verify the cybersecurity of those devices. Dragos intends to use data that can be made available to asset owners and help them manage risks. This opens up the opportunity of bringing together the best-protected environments.

Moreover, Dragos is enhancing asset visibility. Likewise, they understand the assets seen on most networks by identifying the vendor and how those devices are configured. This allows Dragos to know how they are connected to the risk of the site’s posture. Hence, supporting them in prioritizing decisions around those assets. With all this being said, we at TBtech look forward to following their journey to safeguarding our civilization.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...