In 2018, Dragos announced its partnership with OSIsoft–a partnership that provides Dragos and OSIsoft customers greater visibility of their industrial control systems (ICS) networks and enables more robust asset identification, threat detection, and response for their organizations.
Read the press release.
With OSIsoft’s annual PI System conference (PI World) upcoming April 8-12, the Dragos team will have two speakers to educate the ICS community further about how the Dragos-OSIsoft integration provides improved ICS threat detection, as well as to provide an overview of Dragos’ ICS Year in Review reports. Speakers will include:
- Mark Johnson (Salt River Project) and Dan Gunter: Utilizing Operations Data for Enhanced Cyber Threat Detection and Response in ICS (Hilton Union Square, Wed, Apr 10 at 2:15 pm)
- Justin Dumas: 2018 Industrial Cyber Security – A Year in Review (Park 55, PI System Security Workshop, Thurs, Apr 11 at 2:30 pm)
To learn more about these sessions, go here.
Dragos-OSIsoft Partnership Overview
The Dragos Platform’s integration with OSIsoft’s PI System (a system that provides the ability to track network processes and events to ensure they’re running efficiently and safely) extends the visibility of data available in a given environment. PI data is normally utilized by operations teams and engineers, but through the Dragos-OSIsoft integration, Security Operations Center (SOC) analysts are provided with a broader analysis of network and operational data that has, until recently, been effectively unavailable to them.
Dragos-OSIsoft Integration Benefits
- Faster and more effective threat detection
- Context-rich impact analysis for improved response
- More robust analysis of network and operational data
- Comprehensive protection via visibility of both OT and IT events
- Step-by-step guidance to investigate potential threats
Dragos Platform and PI System Integration Details
The Dragos Platform consists of network appliances (midpoint sensors) and a centralized server known as the SiteStore. The PI Server can connect to either Dragos Platform’s midpoint sensors or SiteStore, depending on the ICS environment. Once integrated, event frames (features that capture, track, compare, and analyze processes or events for a repeatable time period) can then be exchanged between the PI System and the Dragos Platform.
Using threat behavior analytics, the Dragos Platform correlates OSIsoft’s PI System data with its existing network and host activity to alert analysts of known malicious activity. Threat behavior analytics, defined by our threat intelligence team or custom-authored by platform users, provide analysts context of adversary actions, such as why alerts are generated and what specific adversary behavior is detected, instead of simply alerting on anomalies or changes in environments.
The Dragos Platform’s investigation playbooks, authored by our threat operations center’s team of practitioners, provide defenders step-by-step guidance to using OSIsoft’s PI System data and efficiently responding to threats detected in ICS environments.
To learn more about the Dragos-OSIsoft partnership read our solution brief or our joint whitepaper, A Brew Mystery: Digital Forensics With the Dragos Platform.
Attending Pi World? Contact firstname.lastname@example.org to set up an appointment to speak with a Dragos team member.