A cyber attack can be devastating, resulting in major losses to a company’s finances and reputation. But a cyber attack against critical infrastructure can also be deadly. Think about what could happen if hackers took control of a chemical plant, grabbed a hold of a nuclear power station, shut down the electrical grid or contaminated an area’s water supply. That’s where Maryland-based cybersecurity startup Dragos finds its niche.
Founded by former employees of the National Security Agency (NSA), Dragos focuses on protecting industrial control systems (ICS), which form the beating heart of infrastructure that millions of people depend on. Matt Cowell, director of product marketing at Dragos, spoke to RewardExpert about how the company can help keep businesses and the public safe.
What’s at Stake
Cowell points out that while financial losses due to a breach can be catastrophic, they are nothing compared to what could happen if bad actors were to take control of critical infrastructure. “With emerging threats such as TRISIS which target control system safeguards that are designed to ensure human safety, this is the bigger concern that warrants heightened focus,” he said. In fact, Dragos discovered the TRISIS malware last year, which was used to target a company in the Middle East.
What Dragos Does
Dragos started when the founders realized that many companies were not actively protecting their industrial control systems—systems that were left exposed as the TRISIS case demonstrates. “At the core, industrial systems have inherent design vulnerabilities that can be leveraged for malicious intent should an adversary gain access through physical access or enterprise network connections,” said Cowell. The Dragos products, including the Dragos Platform and the Dragos Worldview, help to shore up those vulnerabilities, cut out the hype and detect real threats.
How it Works
The Dragos Platform can detect threats and also offer the tools to stop an attack. The company uses threat behavior analytics as its primary threat detection method. “Threat Behavior Analytics are derived from an understanding of known adversary behaviors (threat intelligence) and provide our customers with greater context and confidence in alerts,” said Cowell. “Threat Behavior Analytics help the analyst discern the threat amongst the noise more quickly so they can focus their response where it’s needed most.”
The company has a wide breadth of monitoring options and analyzes network traffic, host logs and more to get a realistic picture of everything going on in an ICS.
Springing into Action
If a threat is detected, the Dragos technology springs into action, providing a frontline defense against malicious actors. The company provides playbooks to help less experienced professionals stop the threat dead in its tracks. “The playbooks we provide assist the analyst with appropriate steps so that can be more structured in their response,” said Cowell.
Besides mitigating the damage from a cyber attack, Dragos can help save companies time and money in other ways, too. By outsourcing with Dragos, companies can streamline the threat detection process. The technology is also easy to use. It’s built on open standards and integrates seamlessly into most existing infrastructures.
Collecting Intelligence on the Bad Guys
The Dragos policy is to keep coy about the actors behind the attacks, unless they are discussed publicly other places first. This is to minimize any blowback to the industrial community. The company’s policy is not to attribute attacks to nation states, but it does identify seven activity groups who are targeting industrial control systems. Those groups are Allanite, Chrysene, Xenotime, Covellite, Dymalloy, Electrum and Magnallium.
Who’s Using Dragos
Right now, Dragos has customers from across the industrial spectrum, as most industries are facing vulnerabilities one way or another. “Our focus is on the Energy sector, Oil and Gas and Advanced Manufacturing,” said Cowell. To find out if Dragos is right for your business, check out dragos.com.