Dragos Platform

Continuous passive monitoring software that identifies and visualizes assets, detects threats through intelligence-driven analytics, and provides a workbench with playbooks to respond to attacks with speed and confidence.

Built for ICS Defenders by ICS Cybersecurity Practitioners

Platform Datasheet Request Demo

Threat Behavior Analytics pinpoint malicious behavior on your ICS networks.
Investigation playbooks guide analysts during the incident response process.
Data from multiple sources is ingested to provide the most comprehensive breadth of coverage in the industry.

Lower Total Cost of Ownership

The Dragos Platform leverages analytics and does not need to be 'baked in' to your environment

TCO Datasheet

Deploying Dragos

Dragos is built on open standards with easy-to-use APIs. It seamlessly fits with your existing security infrastructure investments while allowing data to seamlessly flow in and out of the platform.

Deployment Diagram

Deploying Dragos

Dragos is built on open standards with easy-to-use APIs. It seamlessly fits with your existing security infrastructure investments while allowing data to seamlessly flow in and out of the platform.

Deployment Diagram

“The Dragos Platform provides us with a level of real-time, situational awareness, and monitoring capabilities unparalleled in the industry today… It has become an integral part of our day-to-day cybersecurity…and has eliminated a number of manual processes, while increasing the speed of incident response times. A high-value system for any organization whose operations are dependent upon ICS technology, processes, and protocols.”

Marc DeNaire CIO, NaturEner

Easily Integrate With Existing Infrastructure

The Dragos Platform contains all the tools to identify assets, detect threats, and respond appropriately. The architecture of the technology allows data to be brought into it from other collection sources such as controller logs and Data Historian outputs while also allowing alerts and investigations to be sent to case management systems, SIEMs, and other tools through our robust APIs.

Read More

Data Collection Pipeline

The Dragos Data Collection Pipeline feeds critical information into the Dragos Platform. These insights give you the visibility, context, and actionable information you need to detect and remediate threats quickly and efficiently.

  • Passively identify up to hundreds of thousands of assets
  • Use secure telemetry for anonymous data share with IT or external teams
  • Integrates with existing IT SIEM solutions
  • Collect numerous data types
Core Models

The Dragos Platform gives you everything you need to identify and respond to threats in your ICS networks in a single platform. Three modules work together to discover and manage your ICS assets, detect threats through behavioral analytics, and streamline operations so you can focus on more strategic projects. The platform constantly evolves as it is enriched by insights from the Dragos Threat Operations team, from Dragos Intelligence and from customers that choose to connect to the Dragos Threat Operations Center.

01 | Asset Discovery

Dragos Asset Discovery automatically and passively maps out and visualizes all network-connected devices, ports, and protocols on a single pane of glass.

  • Gain visibility into your assets
  • Dissect ICS protocols and communications
  • Proactively identify routes in and out of the ICS
  • Detect deviations from the norm
02 | Threat Detection

Dragos Threat Detection Engine provides a real-time automated detection against highly-adaptive and highly-targeted threats. The engine leverages behavior analytics that are the codification of adversary tradecraft with the appropriate context in place. These behavior analytics are produced by Dragos cybersecurity experts and data scientists who hunt for threats through industrial networks around the world.

  • Identify, score and rank risk threats
  • Weed out forensic noise and reduce alert fatigue
  • Enable staff to focus on threat hunting
  • Receive updates from the Dragos Threat Operations Center
Workflow Automation

Dragos Workflow Automation provides purpose-built playbooks for automating and orchestrating security and compliance procedures. These include threat hunt, threat investigations, and incident response processes as well as daily workflows such as compliance, auditing, and reporting.

  • Increase the efficiency of analysts
  • Standardize security policies
  • Codify Dragos' threat hunters best practices
  • Evolve processes to meet dynamic needs

Dragos Workbench consolidates all security activity on a single pane of glass and serves as a case management system for investigations. This intuitive, context-rich interface gives analysts and incident responders a unified view they can use to collaborate across extended teams when collecting data, detecting threats, and responding to incidents.

  • Provide complete context for security events
  • Track progress and improve productivity
  • Improve the accuracy of incident validation
  • Speed up incident response
Interested in Learning More?

We don't require you to submit your information but if you would like to stay up to date with the latest news and events from Dragos, Inc then let us know who you are.


Upon submission of your request form, you will be sent an email regarding your submission of interest for the Dragos Platform. A Dragos Team member will review your request within 24 - 48 hours and follow up to schedule a demo.