How Dragos is safeguarding our civilization.

An image of , Security & Data, How Dragos is safeguarding our civilization.

In a world of rising cybersecurity threats, Dragos protects the most critical infrastructure – those that provide us with the tenets of modern civilization – from increasingly capable adversaries who wish to do it harm. Devoted to codifying and sharing their in-depth industry knowledge of ICS/OT systems, Dragos arms industrial defenders worldwide with the knowledge and tools to protect their systems as effectively and efficiently as possible.

Safeguarding civilization has been their mission since day one. Dragos is comprised of the industry’s most experienced team of Industrial Control Systems (ICS) security practitioners. Their team has been on the front lines of every significant industrial cybersecurity attack globally, including the 2015 and 2016 Ukraine attacks, CHRASHOVER, RIDE, and TRISIS.

In addition, they provide industrial organizations with the full spectrum of cybersecurity services to deliver visibility and insight into ICS and Operational Technologies (OT) environments, educate practitioners, mitigate risks and uncover and respond to threats. Founded by experts, trusted by the US government and ally nations, they investigate and respond to the most significant ICS cyberattacks in history.

Hence, their experience speaks for themselves. For our society to run smoothly and meet the fundamental needs in today’s modern world, intelligence companies like Dragos have a vital role in ensuring threats are not targeting industrial organizations. Though currently, many of those organizations are being threatened. Monitoring, detecting, and controlling changes are the fundamentals for protecting the infrastructure of most providers.

The key to a successful OT strategy is risk prevention and pre-emptive strategies instead of purely reactive. However, each organization is built differently. This is why companies must have a specific stack designed for them that works to protect their particular network.

By identifying the indicators to the initial access that has occurred Dragos then take action to prevent that from reoccurring. For this to happen, they must understand the environment – which can be done through asset discovery tool. This is a technical way of understanding the assets the organization has.

Experienced cybersecurity professionals will tell you that you cannot secure the systems you do not know about, which is why asset visibility is so crucial no matter what kind of technology infrastructure you are defending.

Asset visibility in industrial control system (ICS) environments provides industrial asset owners and operators and security staff with the knowledge and insight necessary to build a mature operational technology (OT) cybersecurity program. When organizations can get accurate and timely views into the assets running on their industrial networks, the benefits are cascading. Outside of the most critical OT assets, the most significant risks sometimes hide in the spaces between OT systems rather than in the assets themselves. The unknown and unseen connections between devices can expose industrial infrastructure to the most damaging risk potential.

While industrial organizations rarely intentionally allow highly critical OT assets to be internet-accessible, they are sometimes less vigilant about external connectivity to seemingly insignificant hardware or assets. The trouble is that these externally facing ‘lower-risk’ assets may serve as pivot points to higher-value targets.

Sometimes the communication pathways between OT assets allow for indirect connections. It may take an attacker several lateral steps to touch a high-value target from a remote connection; without some visualization, those communication pathways often remain unseen.

Asset visibility provides a map of the communication pathways inherent within an OT system. For example, mature asset visibility capabilities make monitoring an organization’s OEM and third-party management communication channels easier to ensure they’re adhering to their scope of contract and not introducing unnecessary risk to the ICS ecosystem. This includes keeping a lookout for communication paths that touch other systems, and ensuring vendors are only doing work during approved change control windows.

RANSOMWARE ATTACKING INFRASTRUCTURE NETWORKS

In 2021, the industrial community attracted high-profile attention. Major cybersecurity incidents struck industrial organizations in various sectors, with international headlines detailing everything from a compromise of a water treatment facility with intent to poison its community to a ransomware attack against a pipeline operator that disrupted gas supplies to the southeastern United States. These reports underscored the potential for devastating outcomes of a security

breach of critical infrastructure on communities and a country’s economy. 2021 was a ruthless year for ransomware gangs and their affiliates, with attacks reaching epic proportions, making ransomware the number one attack vector in the industrial sector. Dragos researchers observed that ransomware groups targeted the manufacturing industry more than any other ICS/OT sector in 2021– nearly twice as much as the other industrial groups combined. The marked spike in ransomware attacks is largely attributed to the emerging ransomware-as-a-service (RaaS) phenomena. Ransomware gangs like Conti and Lockbit 2.0 have mobilized into an underground marketplace where their developers outsource operations to affiliates who execute the attacks.

OT VISIBILITY & MONITORING

OT cybersecurity depends upon the isolation of systems, network segmentation, and network monitoring to manage risk effectively. According to a recent Dragos Year in Review report, some 88% of our professional services engagements involved significant issues and weaknesses in network segmentation. This often stems from a lack of visibility into the relationships that assets have with one another. Recent figures from the Ponemon Institute show many organizations are misaligned on their OT cybersecurity priorities. When looking at the most commonly cited security practices in industrial environments, four out of the top 10 involved asset segmentation or network monitoring.

BUILD AN ICS CYBERSECURITY STRATEGY THAT’S RIGHT FOR YOUR ORGANIZATION

Proactive and responsive offerings to comprehensively understand your ICS environment, mitigate risks and respond to threats confidently. Dragos professional services benefit:

• Getting a clear picture of your ICS environment.

• Knowing if your critical assets are at risk.

• Boosting your teams confidence.

• Getting actionable recommendations based on in-depth intel.

The Dragos Platform. The industry’s most advanced ICS/OT cybersecurity software to help you visualize, protect, and respond to cyber threats.

Neighborhood Keeper.

A global threat intelligence and analytics sharing program designed to support smaller providers and better understand the ICT/OT threat landscape.

OT Watch. The industry’s most powerful combination of technology and team to amplify your resources and reinforce your ICS/OT defenses.

Professional services. Proactive and responsive services to enable your team to better prepare for, combat, and respond to ICS/OT threats.

Threat Intelligence. Actionable threat intelligence and defensive recommendations focused on global ICS/OT threats.

IN CONCLUSION

When establishing and testing a brand-new cybersecurity program, it can be difficult to know exactly what reasonable steps to take and when to take them. Dragos offers various operational technology (OT) cybersecurity posture assessments to help your industrial organization improve its cybersecurity defenses, reduce risk, and mitigate cybersecurity incidents. Their ICS/OT Penetration Testing is one of our offerings that enables customers to assess their cyber defenses to understand risk.

Building a cybersecurity program is a marathon, not a race. It can be exciting finally getting to the point of ordering a penetration test, but testing should be considered a late-stage maturity activity. In other words, system owners should ensure that they have a cybersecurity program’s basic building blocks before considering a penetration test.

Dragos Professional Services clients have typically gone through a process of architecture review and site a that the conceptual framework for network architecture is sound. When conducting an architecture review, Dragos may ask for certain documents, including network topology, incident response plan, recovery plan, and firewall configurations. Dragos then conducts interviews with client staff to better understand the makeup of the existing security program.

Nevertheless, Dragos is always looking at the evolution of tactics used by their adversaries. They are currently focused on observing the OT environment’s network traffic, constantly expanding their capabilities, and looking at the inputs. They aim to expand their ability to ingest information directly from the endpoint and beyond. This includes both the active and passive interactions with the assets to verify the cybersecurity of those devices. Dragos intends to use data that can be made available to asset owners and help them manage risks. This opens up the opportunity of bringing together the best-protected environments.

Moreover, Dragos is enhancing asset visibility. Likewise, they understand the assets seen on most networks by identifying the vendor and how those devices are configured. This allows Dragos to know how they are connected to the risk of the site’s posture. Hence, supporting them in prioritizing decisions around those assets. With all this being said, we at TBtech look forward to following their journey to safeguarding our civilization.

Unlocking productivity and efficiency gains with data management

Russ Kennedy • 04th July 2023

Enterprise data has been closely linked with hardware for numerous years, but an exciting transformation is underway as the era of the hardware businesses is gone. With advanced data services available through the cloud, organisations can forego investing in hardware and abandon infrastructure management in favour of data management.