Dragos Platform Earns Highest Scores for Threat and Anomaly Detection, Vulnerability Management, and Product Security in New Forrester OT Security Wave

The Forrester Wave^TM: Operational Technology Security Solutions, Q2 2024, has published with Dragos named a Strong Performer and the only participant to earn perfect 5 scores across the three criteria of Threat and Anomaly Detection, Vulnerability Management, and Product Security, underscoring the technical advantages of the Dragos Platform. Dragos also secured perfect 5 scores for Adoption, OT Security Services, and Community, signifying customer satisfaction and our ability to meet organizations where they are in their cybersecurity journey.

Protecting OT environments requires technologies, threat detection, vulnerability management, and expertise steeped in OT. If Threat and Anomaly Detection, Vulnerability Management, and Product Security are important to you as you evaluate OT security platforms for your organization – and we think they should be as they represent the most critical functions needed to manage OT business risk – the Dragos Platform stands out as the only offering in the report with the highest score on all three.

It’s important to note that this year’s report had a substantial change in focus from the previous report, with a decided shift to IT security and broader scope. Criteria, scores, and weightings this year heavily emphasize prevention, IT security, and firewalls. In our experience, these capabilities are not ones that customers want from us, thus Dragos integrates with best-of-breed partners who provide them. Organizations looking for solutions like the Dragos Platform that provide visibility, vulnerability management, and fast, accurate threat detection for their OT networks should be aware of this shift in scoring, which, for example, resulted in points off for not including a firewall and segmentation. The report states that “Dragos is laser focused on OT” and says this “strict focus limits growth.” Our customers, which include 9 of the 10 largest electric utilities in the U.S. and 7 of the 10 largest oil and gas companies in the world, see our strict focus on OT as our strength. In our opinion, organizations looking for OT cybersecurity solutions would be better served if the preventative IT capabilities that were added this year were instead broken off into a separate report, so that it’s easier to pinpoint the right solutions for the given needs.

Why OT Cybersecurity Shouldn’t Be Viewed Through an IT Lens

OT environments are unique. Addressing cyber risks specific to ICS and OT environments requires an in depth understanding of the OT technologies and system protocols that underly these massive industrial processes.  Cyber incidents in these environments pose significant risk to safety, business continuity, and the environment. Technology modernization and automation have opened up these previously closed networks, now increasingly targeted by sophisticated threat actors and common ransomware gangs with sophisticated tools. Government concern about the rising threats and lack of protection for OT environments have led to new regulations from NERC CIP, TSA, CISA in the US, NIS2 and CAF in Europe, and SOCI in Australia, among many others. IT vendors, sensing a growth opportunity, have jumped into the space and now “do OT.” With so much at stake, solutions built on traditional IT technologies and principles can’t effectively secure OT environments or enable the resilience that industrial cybersecurity requires.

IT security has a critical role to play in OT cybersecurity. OT security needs to integrate with IT security and SOC processes; and IT security needs specialists who understand the complexities of industrial operating environments. Organizations evaluating OT cybersecurity should ask whether solutions really understand the needs of operational environments and the insight for securing industrial and critical infrastructure, including electrical grids, manufacturing production lines, transportation infrastructure, refineries and pipelines, and water and wastewater. That’s Dragos’s focus.  

Prevention vs. Detection and Response

As mentioned above, the Forrester Wave emphasizes preventative capabilities. Dragos agrees that organizations need network, endpoint, and identity security, as a defensible architecture is one of the SANS ICS 5 Critical Controls. But the IT security community knows that is not enough. Sales of firewalls, endpoint prevention, and SIEMs are at all-time highs, even as ransomware incidents continue to grow. Detection and response in the industrial context is critical.

Detection in the OT context requires expertise in the unique systems and activities of operational technology. It requires researching the threat activity groups, understanding the methods and tools of those adversaries, and compiling the analytics to detect threats. Response in OT can’t be “shut down that system” – as that system is likely a component of a massive industrial process. Response is understanding the environment, investigating the issue, and finding the most effective approach to mitigating whatever risk is discovered. 

The risk in over reliance on these preventative tools is evidenced through the growing number of ransomware attacks. The stakes are too high to trust prevention only or rely on IT-focused solutions to protect OT. It is Dragos’s mission to Safeguard Civilization, we continue to drive awareness about the need for best-of-breed OT cybersecurity for industrial and critical infrastructure.  

The Dragos Advantage in Threat Detection

General anomaly-based threat detection engines employed by IT solutions lack intelligence in the OT context and generate big dashboards of alarms, overwhelming security operations and investigators. The Dragos Platform provides best-in-class threat detection in ICS and OT environments. Our OT cyber threat intelligence is one of the key advantages that enable the platform to detect threat behaviors to rapidly pinpoint threats with reduced false positives. A detailed set of forensic investigation tools make it easy to rapidly investigate events, and response playbooks provide step-by-step guidance from experienced responders. In addition, the optional OT Watch Threat Hunting service provides continuous hunting of advanced adversaries and tools, while the Neighborhood Keeper collective intelligence network provides community leverage and insights to participating Platform users. 

Vulnerability Management for OT

IT-based vulnerability management systems have a difficult time understanding the impact of vulnerabilities in an industrial setting; they usually recommend a “patch” or update to the system software that would bring that device – and all the interdependent industrial processes – down. For operations, plant or process shutdown has massive implications.

The Dragos Platform’s vulnerability management capabilities give customers the information needed to focus on the highest priority issues to mitigate risk, minimize down time, and allocate cybersecurity resources where they’re most needed. Driven by Dragos WorldView OT Cyber Threat Intelligence (CTI) vulnerability research and analysis, Dragos Platform provides the most comprehensive and accurate OT vulnerability knowledgebase available and is the only ICS/OT cybersecurity company to provide corrected, enriched, prioritized guidance that allows customers to manage the full lifecycle of specific vulnerabilities in their environment. Prioritized guidance with “Now, Next, Never” direction helps security teams know where to begin, maintain compliance with regulatory standards and industry frameworks, and allocate cybersecurity resources to address the most urgent threats.

Best-in-Class Product Security

Forrester’s top score for Product Security reflects that the Dragos Platform is in alignment with major regulatory requirements and industry standard frameworks. These include ISO 27001, NIST 800-53, NIST 1800-10, CMMC, TSA, FIPS, and SOC2. The Platform includes security features such as data encryption, multi-factor authentication, audit logs, RBAC, and recovery. We use third-party pen testing and red teams against our own products and have a uniquely robust SDLC that integrates security engineering at every stage, rather than treating it as a separate, isolated function.

More on Threat Intelligence

Forrester states in the report that “reference customers say OT threat intelligence from Dragos is a differentiator” and that “they especially value the Neighborhood Keeper program, which is a peer-driven threat intelligence-sharing program.”

As part of our OT-native technology platform, Dragos also offers the only discrete, OT-specific cyber threat intelligence (CTI) service, Dragos WorldView, the only OT-managed threat hunting service, Dragos OT Watch, and the industry’s only anonymized threat-intelligence sharing solution for OT, Dragos Neighborhood Keeper.

Dragos WorldView provides in-depth analysis and reporting into cyber threats targeting OT environments around the world, paired with defensive recommendations to combat them. Dragos WorldView Threat Intelligence is also codified into the Dragos Platform to strengthen vulnerability analysis and threat detections for identifying and targeting breaches in the OT network.

To learn more about the differences between IT and OT, see Dragos’s new whitepaper: “The Vital Role of OT-Native Network Visibility & Security Monitoring Amid IT Frameworks.”

View the Full Report

Learn more about OT security drivers, emerging trends in the space, and why we believe Dragos’s OT-native approach delivers the most effective OT cybersecurity solution.