Dragos is excited to announce updates to the Dragos Platform with the release of version 1.3.
Our platform provides comprehensive visibility of industrial networks and assets, passively monitors and detects threats through intelligence-driven analytics, and provides step-by-step playbooks for rapid threat hunting and incident response.
What We’ve Improved
We’ve streamlined the user experience—allowing for improved analyst productivity, scalability, deployment support, administration, and third-party integration—with enhancements including:
- A Detections dashboard that provides a summary of the highest-priority alerts and notifications
- Improved interactive playbooks with pre-configured steps to follow during incident response and threat hunting
- A midpoint management system that provides a simple and centralized way to deploy, configure, and manage midpoint sensors
We also made performance improvements to our Interactive Map, a unique feature in the Dragos Platform that allows security teams to visualize network zones, monitor baseline changes, and hone in on specific attack paths.
Below are details of some of the new features available to our customers immediately. If you’d like to schedule a demonstration of the Dragos Platform and find out how our technology can provide unprecedented insight and security tools for ICS environments, please contact firstname.lastname@example.org.
Key Features of Dragos Platform 1.3
New Detections Dashboard
The Detections dashboard offers analysts a consolidated view of the four types of detections
- Modeling (anomalies)
- Threat Behavior
The Detections dashboard provides analysts a summary of the highest priority items that require their attention and can be filtered by date range and severity. Once the Detection is opened, a summary triage view shows the alert details, which analytic triggered the alert, recommended playbooks to use, a list of assets involved, and a list of related notifications. This makes it easier for analysts to understand what happened and what to do next.
For more information about the four types of threat detection and applications in ICS, read our latest whitepaper by Dragos’ Director of Threat Intelligence Sergio Caltagirone and Dragos’ CEO Robert M. Lee here.
Enhanced Interactive Playbooks
Compiled by our Threat Operations Center, our investigation playbooks provide step-by-step instructions for effective hunting and response and data on adversary behaviors from the Dragos Threat Intelligence team.
1.3 offers new, interactive steps for analysts to follow, so it’s easier to understand and complete tasks and subtasks that should be performed each step of the incident response process or threat hunt. This significantly improves the ease and efficiency of workflow for analysts. Specifically selected QFDs and analytics are also included with these interactive steps that link to relevant data and analytic results. (To learn more about QFDs, check out our blog.)
New Midpoint Management System
Our new midpoint management system makes it easier than ever to configure, deploy, and maintain midpoint sensors (hardware-deployed appliances that collect network data). Users can push new content packs from the centralized Dragos Sitestore, enabling remote tasking, configuration, and deployment.
The midpoint management system is especially significant, as it improves analyst accessibility and allows for greater scalability of sensors.
Content Pack Update for 1.3
In addition to new platform capabilities, we substantially updated the Content Packs in 1.3 –content releases that customers can download and incorporate into their own platforms – adding 47 new threat behavior analytics and characterizations and 22 new and updated playbooks. A summary of the Content Pack includes:
- Expanded QFDs and playbook
- Improved make, model, and OS identification
- Additional threat behavior detections focused on commercial and open-source malware threats
- TRISIS and CRASHOVERRIDE Detections
We are very excited about the release of version 1.3. If you have any questions about these new updates or would like to find out how the Dragos Platform can benefit you, please contact email@example.com
To learn more about how the Dragos Platform arms industrial organizations with the tools to establish scalable, efficient, and effective defenses, read our latest case study with NaturEner here.