Dragos, Inc

In 2018, a large North American oil refinery suspected that its industrial control systems (ICS) environment had XENOTIME-related activity (the threat activity group behind the 2017 TRISIS attack on a Middle Eastern oil and gas facility) and engaged Dragos to investigate. This case study examines the organization’s challenges in securing its ICS environment prior to engaging Dragos, reveals the vulnerabilities facing this organization through a TRISIS threat scenario, and demonstrates how the Dragos Platform can help oil and gas organizations rapidly identify malicious behavior on their networks and respond before a significant compromise.