ICS Media Center

Discover industrial security tips and learn about the latest news and developments in the industrial cybersecurity world

Investigation Playbooks in the Dragos Platform

In the most stressful situations, effective training and well-documented processes and procedures are absolutely essential to reliable and uniform response.

Lesley Carhart - March 29, 2018

Threat Hunting With Python Part 4

This week, we will look at a protocol commonly overlooked by many but crucial to control system operation: The Tabular Data Stream (TDS) protocol.

Dan Gunter - March 06, 2018

Threat Analytics and Activity Groups

In developing an analytic, the resulting detection methodology should not focus on a specific implementation of a behavior, but rather seek to cover multiple implementations of the behavior type.

Joe Slowik - February 26, 2018

Transferring Knowledge to Customers Through Software Technology

At Dragos, Inc., what we pride ourselves on, use as our technology differentiation, and offer as our most valued asset to our customers is knowledge transfer.

Robert M. Lee and Daniel Michaud-Soucy - February 14, 2018

Threat Hunting With Python Part 3

This week we will focus on the Server Message Block (SMB) protocol that enabled Wannacry, Petya, and Bad Rabbit attacks to be lethal at the global level and what defenders can do to hunt within this protocol.

Dan Gunter - January 30, 2018

Threat Hunting With Python Part 2

This week we will move away from hard-coded indicators and begin to look at behavioral indicators. Behavioral indicators allow identification of scanning in an environment beyond just that of Nmap.

Dan Gunter - Nov 28, 2017

Threat Hunting With Python Part 1

Over the next few weeks, we will look at basic analytic approaches that can be taken to examine some of the most common protocols found on typical networks. This week we will get started with basic HTTP analysis using Python and Jupyter notebooks.

Dan Gunter - Nov 20, 2017

Threat Hunting Part 2: Hunting on ICS Networks

In this edition of the Dragos Threat Hunting on ICS network series, we will compare threat hunting on industrial networks with concepts from the wider threat hunting community. We will also look at how the unique characteristics of industrial networks can be used to an advantage as network defense professionals

Dan Gunter - October 3, 2017

Threat Hunting Part 1: Improving Through Hunting

This post is a first in series that will describe hunting, discuss best practices and explain our approach and lessons. Because hunting in industrial infrastructure is important to all of us and with focus and effort we can accomplish it.

Ben Miller - August 31, 2017

Stop Breaches, Safeguard Civilization

Today Crowdstrike and Dragos issued a joint press release to finally announce the partnership we’ve developed over the course of the last year.

Ben Miller - July 19, 2017


This webcast explores what is known and not known about the CRASHOVERRIDE framework and how it affects our understanding of how grid operations can be impacted.

Dan Gunter, Ben Miller, Joe Slowik - June 19, 2017

Project MIMICS - Stage One

What can the community learn in terms of realistic metrics and data points around malware in modern industrial control systems (MIMICS) from completely public datasets? That’s what project MIMICS sets out to do.

Robert M. Lee - April 2, 2017

Contact Us

Industrial. Control. Systems.