How Dragos protects our civilization.
In a world of mounting cybersecurity threats, Dragos protects the most critical infrastructure — providing us with the foundations of modern civilization — from increasingly capable adversaries bent on doing evil. Dedicated to coding and sharing their deep knowledge of the ICS/OT systems industry, Dragos arms industrial defenders worldwide with the knowledge and tools to protect their systems as effectively and efficiently as possible.
Protecting civilization has been their mission since day one. Dragos consists of the most experienced team of security personnel from Industrial Control Systems (ICS). Their team has been on the front lines of every major industrial cybersecurity attack worldwide, including the 2015 and 2016 attacks in Ukraine, CHRASHOVER, RIDE and TRISIS.
In addition, they provide industrial organizations with the full spectrum of cybersecurity services to provide visibility and insight into ICS and operational technologies (OT) environments, train practitioners, mitigate risk, and discover and respond to threats. Founded by experts, trusted by the US government and allies, they investigate and respond to the most significant ICS cyberattacks in history.
So their experience speaks for itself. In order to keep our society running smoothly and meeting the basic needs in today’s modern world, intelligence firms like Dragos play a vital role in ensuring that threats are not directed at industrial organizations. Although many of those organizations are currently under threat. Monitoring, detecting, and controlling changes are the foundations for protecting the infrastructure of most providers.
The key to a successful OT strategy is risk prevention and preventive strategies rather than purely reactive. However, every organization is built differently. This is why companies need to have a specific stack for them that works to protect their specific network.
By identifying the indicators for the first access that occurred, Dragos takes action to prevent it from happening again. For this to happen, they need to understand the environment – which can be done through the asset discovery tool. This is a technical way to gain insight into the assets of the organization.
Experienced cybersecurity professionals will tell you that you can’t secure the systems you don’t know. That’s why asset visibility is so critical, regardless of the kind of technology infrastructure you’re defending.
Asset visibility in industrial control systems (ICS) environments provides industrial asset owners and operators and security personnel with the knowledge and insight needed to build a mature operational technology (OT) cybersecurity program. When organizations can gain accurate and timely insights into the assets running on their industrial networks, the benefits continue to grow. Outside of the most critical OT assets, the most important risks sometimes hide in the spaces between OT systems rather than in the assets themselves. The unknown and invisible connections between devices can expose industrial infrastructure to the most damaging risk potential.
While industrial organizations rarely intentionally allow highly critical OT resources to be accessed over the Internet, they are sometimes less vigilant about remote connectivity to seemingly insignificant hardware or assets. The problem is that these “lower-risk” externally focused assets can serve as pivots for higher-value targets.
Sometimes the communication paths between OT resources allow indirect connections. It may take an attacker multiple lateral steps to touch a valuable target from a remote connection; without any visualization, those communication paths often go unseen.
Asset Visibility provides a map of the communication paths inherent in an OT system. For example, mature asset visibility capabilities make it easier to monitor an organization’s OEM and third-party management communication channels to ensure they adhere to their contract scope and do not introduce undue risk to the ICS ecosystem. This includes looking out for communication paths that touch other systems, and ensuring that suppliers only do work during approved change control windows.
RANSOMWARE ATTACKING INFRASTRUCTURE NETWORKS
In 2021, the industrial community attracted high-profile attention. Major cybersecurity incidents hit industrial organizations in a variety of sectors, with international headlines describing everything from a water treatment plant compromise with intent to poison the community to a ransomware attack on a pipeline operator that disrupted gas supplies to the southeastern United States. . These reports underlined the potential for devastating effects of a security
violation of critical infrastructure on communities and a country’s economy. 2021 was a brutal year for ransomware gangs and their affiliates, with attacks reaching epic proportions, making ransomware the leading attack vector in the industrial sector. Dragos researchers noted that by 2021, ransomware groups focused more on the manufacturing industry than any other ICS/OT sector — nearly twice as much as the other industry groups combined. The apparent spike in ransomware attacks is largely attributed to the emerging ransomware-as-a-service (RaaS) phenomenon. Ransomware gangs such as Conti and Lockbit 2.0 have been mobilized into an underground marketplace where their developers outsource activities to partners carrying out the attacks.
OT VISIBILITY & MONITORING
OT cybersecurity relies on system isolation, network segmentation, and network monitoring to effectively manage risk. According to a recent Dragos Year in Review report, approximately 88% of our professional services engagements involved significant issues and weaknesses in network segmentation. This often stems from a lack of understanding of the relationships assets have with each other. Recent figures from the Ponemon Institute show that many organizations are not well aligned with their OT cybersecurity priorities. Looking at the most frequently cited security practices in industrial environments, four of the top 10 were related to asset segmentation or network monitoring.
BUILD AN ICS CYBERSECURITY STRATEGY THAT FITS YOUR ORGANIZATION
Proactive and responsive offering to fully understand your ICS environment, mitigate risks and respond confidently to threats. Dragos professional services benefit:
• Get a clear picture of your ICS environment.
• Know if your critical assets are at risk.
• Increase the confidence of your teams.
• Get actionable recommendations based on in-depth information.
The Dragos platform. The industry’s most advanced ICS/OT cybersecurity software to help you visualize, protect and respond to cyber threats.
A global threat intelligence and analytics sharing program designed to support smaller providers and better understand the ICT/OT threat landscape.
OT Look. The industry’s most powerful combination of technology and team to bolster your resources and bolster your ICS/OT defenses.
Professional services. Proactive and responsive services to empower your team to better prepare, combat, and respond to ICS/OT threats.
Threat Intelligence. Actionable threat intelligence and defensive recommendations targeting global ICS/OT threats.
When setting up and testing a brand new cybersecurity program, it can be difficult to know exactly what reasonable steps to take and when to take them. Dragos provides various cybersecurity posture analytics from Operations Technology (OT) to help your industrial organization improve cybersecurity defenses, mitigate risk, and mitigate cybersecurity incidents. Their ICS/OT penetration testing is one of our offerings that allows customers to assess their cybersecurity to understand risks.
Setting up a cybersecurity program is a marathon, not a race. It can be exciting to finally order a penetration test, but testing should be considered a late-stage adult activity. In other words, system owners should ensure they have the basic building blocks of a cybersecurity program before considering penetration testing.
Dragos Professional Services customers have typically gone through an architecture review process and determined that the network architecture conceptual framework is sound. When performing an architecture review, Dragos may request certain documents, including network topology, incident response plan, recovery plan, and firewall configurations. Dragos then conducts interviews with customer personnel to better understand the makeup of the existing security program.
Nevertheless, Dragos always looks at the evolution of the tactics used by their opponents. They are currently focused on observing the network traffic of the OT environment, continuously expanding their capabilities and looking at the inputs. They want to expand their ability to ingest information directly from the endpoint and beyond. This includes both the active and passive interactions with the assets to verify the cybersecurity of those devices. Dragos plans to use data that can be made available to asset owners and help them manage risk. This opens up the possibility of bringing together the best protected environments.
In addition, Dragos improves asset visibility. Likewise, they understand the assets seen on most networks by identifying the vendor and how those devices are configured. Because of this, Dragos knows how they are connected to the risk of the site’s attitude. Therefore, support them in prioritizing decisions around those assets. That said, we at TBtech look forward to following their journey to protect our civilization.