Nearly three years after publishing its first Wave report on the topic, Forrester Research has published The Forrester Wave™: Operational Technology Security Solutions, Q2 2024. Forrester continues to track the maturity and growth of the market by providing a broad perspective across a number of vendors to help the community understand the range of offerings with their specific capability sets.
Dragos Rated a Strong Performer
Dragos applauds Forrester’s continued focus on providing the community with third-party research on OT cybersecurity. Given our expertise and history in the industrial cybersecurity community, Dragos is often tapped for our perspective on OT cybersecurity information and we would like to share that perspective here to answer those questions and foster dialog while organizations are looking to understand how the report applies to their environments.
Forrester included input for the report from a range of vendors, so on face value the report is broad. The good news is that Forrester also provides scoring and weighting to help organizations take the information in the report and map the criteria that matters to them and their needs.
For transparency, Dragos was among the vendors who participated. We were positioned as a Strong Performer, and the only vendor with top scores (5) in threat and anomaly detection, vulnerability management, and product security.
This year’s report took a significant shift toward IT-centric and prevention-centric views, rating Cisco and Palo Alto Networks as leaders. Dragos firmly believes in the value of firewalls at the perimeter for access control and network segmentation, and SIEMs to consolidate events and provide key information for investigations. Our strategy is to integrate our OT offerings into these key IT security tools to streamline IT security operations. Without Dragos’s OT context, however, these IT tools do too little to provide effective protection for critical industrial environments. That is why we were happy by the report’s call out that we are best for “robust threat and vulnerability intelligence specifically tailored to OT environments.”
Why We Caution Against an IT-Centric View of OT Cybersecurity
Operations environments and the OT systems that run them are vastly different than IT. Vulnerability management is one example: where IT security teams say “patch,” operations teams say “no, we need to keep production moving – give us another option to mitigate risk.” Thus a rift can develop between the groups.
Beyond that, OT systems are different, the communications are different, network traffic is different, and specialized adversaries and tools are different. The adversaries target PLCs, HMIs, management stations, and critical process communications. Successful cyber breaches impact employee and public safety, environment, and revenue production processes. OT is just different. Yet many security initiatives drive IT tooling into an environment where they don’t fit. This creates significant tension between IT security groups and operations groups.
IT security has a critical role to play in OT cybersecurity – they bring resources, expertise, infrastructure and processes. But to protect OT, they need to understand Operations. They lack critical experience and insights needed to protect operational environments; they need the tools, processes, and intelligence native to the OT world. That’s Dragos focus.
Dragos’s OT Security Commitment
Dragos is “laser-focused on OT security,” as noted by Forrester. This focus differentiates Dragos from vendors attempting to address a broad range of IT and OT cybersecurity problems. The Dragos Platform, built by OT practitioners for OT practitioners, integrates seamlessly with IT vendors like CrowdStrike, Fortinet, ServiceNow, Splunk, and Cisco – an open integration framework for all key firewalls, SIEMs and IT security tooling.
Dragos does not offer several IT-centric capabilities like privileged remote access, firewalling, SIEMs or SOAR platforms. Instead, we enable IT security infrastructure with our unique expertise, maintaining the focus on protecting critical and industrial infrastructure. For operations environments and operational technology, Dragos provides the most complete solution, following the SANS ICS 5 Critical Controls, including:
- Providing ICS/OT Incident Response Services: Responding to an IT server breach is vastly different from an OT incident impacting manufacturing lines, power generation facilities, electrical substations, refineries or pipelines. Dragos provides the expert responders & tools to investigate industrial cyber incidents to minimize impact.
- Evaluating Prevention-focused Defensible Architecture: Prevention is key. Leveraging existing infrastructure and maturing controls are critical. Dragos and our partners will help evaluate your OT cyber defenses and provide prioritized recommendations to evolve your defenses to improve prevention and defensibility.
- Detecting OT Threats – A Key Component of ICS Network Visibility & Monitoring: Prevention is critical, but so is detecting threats that may evade prevention. Dragos delivers the most effective threat detection in the marketplace with the Dragos Platform, validated by MITRE ATT&CK for ICS. Its approach includes anomaly detection as well as OT-specific IOCs and threat behaviors, which deliver high-fidelity, low-noise detections specific to OT environments. This is crucial in avoiding the overload of alarms that can occur with general IT-based “anomaly” engines used by other vendors. Further, Dragos OT Watch service provides expert threat hunting to find the most advanced and elusive tools and adversaries.
And, we provide the key basics like discovery and inventory of OT systems, IT, & IoT devices in OT environments. Continuous monitoring, detailed forensic logging to help troubleshoot both cybersecurity and operations misconfigurations. - Managing Vulnerabilities in the OT Context: IT-based vulnerability management generates a long list of “patch” recommendations that are unhelpful to operating environments. Dragos optimizes vulnerability prioritization through its threat intelligence, designating remediation actions based on operational impact and clear “now, next, never” guidance. This approach helps organizations focus on critical vulnerabilities that could significantly affect their industrial processes.
- Securing Remote Access through Open Integration, Key Partners, & Continuous Monitoring: Remote access into operations is the top risk to OT cyber. There are numerous vendors that can provide modern secure access technologies that employ zero trust guidelines, and this is a part of the landscape where IT technologies can have a great impact. For specialist OT needs, Dragos has partnered with Cyolo. For all vendors, Dragos’s strategy is to help evaluate implementation, recommend best practices, and continuously monitor the environment for any resultant threat behaviors. We are the watchers, the validators, the protectors of this critical control.
It’s Time to Move OT Cybersecurity Beyond Asset Inventories and Prevention
The Forrester Wave™ report for OT Security Solutions provides valuable insights but we advise industrial organizations to view it within its IT-oriented context. OT environments are different. The threats are different, the systems are different, the adversaries are different. Perimeter firewalls and endpoint security provide key preventative capabilities, but it’s not enough.
To help put things in perspective, take a look at the data and the history of IT security. The data says that firewall & SIEM sales are at an all-time high, yet ransomware events grow faster. History shows us that prevention-focused endpoint and network security tools are exploitable and need to be paired with effective detection and response technologies. We need to be careful not to forget those lessons.
OT cybersecurity is much less mature, with much less invested, and much MORE exposed than IT security. Cyber events impacting electrical grids, production lines, transportation, refineries and pipelines, water & wastewater impact us all. The stakes are too high to trust prevention only, IT-focused solutions. It is Dragos’s mission to Safeguard Civilization, it’s our duty to drive the discussion to find better answers to this vexing problem.
View the Complete Results
Learn more about OT security drivers, emerging trends in the space, and why we believe Dragos’s combination of OT-native technology platform, OT-specific threat intelligence, and managed threat hunting is the most effective approach to OT security.
Related Posts
What Is Asset Visibility and Why Does It Matter?
Latest Dragos Platform Knowledge Pack Release Includes Expanded IoT Asset Categorization, High Severity Playbooks, Plus Critical Threat Detections
Network Perception Acquisition Strengthens Industrial Cyber Defense with Network Segmentation and Access Analysis
Ready to put your insights into action?
Take the next steps and contact our team today.