Skip to main content
The Dragos Blog

12.07.22 | 2 min read

Unify IT & OT Cybersecurity for A More Secure, Resilient Industrial Network with Dragos and Cisco

Cybersecurity is a key component of modernization and regulatory requirements for digital transformation efforts, as cyber threats have become a major concern. Security teams at industrial organizations across the electric utility, oil & gas, and manufacturing industries are tasked with assessing risks to their environments and adhering to audit and compliance programs. Implementing these practices comes with increasing industrial control system (ICS) connectivity and an expanding attack surface as companies embrace digital transformation.

Because of these challenges, there is an increasing demand for security teams to have a broader view of the entire network, including information technology (IT) and operational technology (OT), where they often have limited visibility into their OT networks—not just from an asset identification aspect but also from the ability to detect ICS-focused threats. The risk to these organizations is magnified as threats to ICS increase in frequency and sophistication, with potentially significant consequences. Now the need to provide analysts with improved, complete situational awareness and decision-making support as efficiently as possible is critical.

Optimize Cisco Firewalls with Improved OT Asset Visibility and Threat Detection

To address these challenges, Dragos has partnered with Cisco to integrate the Dragos Platform with Cisco Adaptive Security Appliance (ASA) firewalls, enabling joint customers to proactively prevent unknown cybersecurity threats that impact both IT and OT environments.

This technology integration allows defenders asset visibility across IT and OT networks, to see risks, reduce attack paths, and secure a wider range of environments.

As a foundational complement to firewalls, the Dragos Platform, an industrial control system (ICS) cybersecurity technology, delivers unmatched visibility of ICS/OT assets and communications. It allows teams to rapidly pinpoint threats through intelligence-driven analytics to identify and prioritize vulnerabilities and provide best-practice playbooks to guide teams as they investigate and respond to threats before they cause significant impacts on an organization’s operations, processes, or people.

Cisco’s ASA Firewalls work in conjunction with the Dragos Platform, to provide defenders with the necessary capability to quickly prioritize, investigate, and respond to threats as well as provide network segmentation to reduce threats from moving unchallenged through the network.

Figure 1. Asset Inventory through the Dragos Platform

Together, this solution protects OT assets from potential threats, segments industrial networks, and builds compliance towards a variety of industrial standards, regulations, and guidelines such as NERC-CIP, ISA/IEC 62443, CFATS, and ANSI/AWWA G430, allowing you to capture the benefits of your industrial digitization efforts across both IT and OT environments.

Unlike anomaly-based threat detection methods, the Dragos Platform also leverages threat behavior analytics as the primary method of threat detection as they provide more context-rich insight into the threats, which reduces false positives and lowers “mean time to detection.” Threat behavior analytics are characterizations of known adversary tactics, techniques, and procedures (TTPs) that rapidly pinpoint malicious behavior with a higher degree of confidence. Providing defenders with context-rich alerts and notifications, which are accompanied by investigation playbooks to help guide ICS cybersecurity practitioners with the steps to respond to threats efficiently.

Figure 2. Assets in the Cisco dashboard

The Dragos Platform rapidly pinpoints malicious behavior on your ICS/OT network, providing in-depth alert context, and reducing false positives for unparalleled threat detection. In addition, users are presented with prioritized “Now, Next, Never” vulnerability guidance, giving defenders the information needed to focus on the highest priority issues requiring further investigation. These notifications trigger based on certain configurable conditions created in the Dragos rules engine. Once triggered, response actions can be executed by the Cisco firewall administrator and the policy applied to any address groups as updated by the Dragos Platform.

By leveraging integrated technology from Cisco and Dragos, defenders can ensure they have maximum visibility across both IT and OT networks, improving overall threat detection, response, and mitigation time when an adverse event does occur, and speed and efficacy are necessary to ensure effectiveness is sustained.

Learn more about the Dragos partnership with Cisco today at: dragos.com/partner/cisco/.

Ready to put your insights into action?

Take the next steps and contact our team today.