Threat Intelligence

01:00 PM
Dark Reading
Dark Reading
Products and Releases

Dragos Releases Dragos Platform 1.2

Content packs containing threat behavior analytics and investigation playbooks, in addition to several analyst productivity enhancements, combine to further separate the Dragos Platform from the rest of the industrial cyber threat detection field

Hanover, MD February 13, 2018    Industrial cybersecurity company Dragos, Inc. today announced that Dragos Platform 1.2, the latest version of its industrial cybersecurity platform, is now available to all Dragos Platform customers. The Dragos Platform contains all the necessary capabilities to gain visibility into industrial networks, monitor them for threats, and efficiently perform investigations to counter adversaries. Unlike typical industry solutions, Dragos’ technology goes beyond just analyzing network traffic to also collecting, storing, and correlating logs and data from host systems, logic controllers, and data historians. As a result, the Dragos Platform has the most coverage and capability for correlation in the industrial threat detection market today. The broad and flexible capabilities of the Dragos Platform are designed to enable any-sized security team.  Dragos Platform 1.2 builds upon the strong foundation established in the initial Dragos Platform release, the industry’s first and only to codify and integrate the knowledge of boots on the ground expertise and an intelligence-driven approach with software technology.  With Dragos Platform 1.2, customers will continually gain access to this knowledge through regular releases of content packs containing new threat behavior analytics and investigation playbooks.

“The Dragos Platform software is the most technologically complete solution in the industrial cyber threat detection and response market today. The codification of my team’s knowledge gained by hunting and responding to threats enables our customers to defend their environments as if Dragos team members were there alongside them,” said Robert M. Lee, CEO and Founder of Dragos. 


Key Enhancements in Dragos Platform 1.2

Content Packs Containing Threat Behavior Analytics, and Investigation Playbooks Enable Faster and More Effective Threat Investigation and Mitigation

Threat behavior analytics is a form of detection focused on adversary tradecraft that is massively more scalable and efficient than detections based on specific tools and technical indicators. Typical industry solution anomaly-detection tactics are time-consuming, requiring a baseline profile to be built and maintained for the purpose of identifying abnormalities in an industrial network, leaving the analyst to figure out the context and then what they should do about it.  In contrast, Dragos Platform threat behavior analytics provide immediate value without requirements of a baseline and contain rich context, enabling the analyst to know what is occurring and what to do next. These threat behavior analytics are created by Dragos’ intelligence team specialists who constantly monitor for and analyze new threats in addition to greatly furthering the community’s understanding of major threats and incidents such as the CRASHOVERRIDE and TRISIS malware.

Each threat behavior analytic in the Dragos Platform is paired with an investigation playbook created by the Dragos’ threat operations center. This “what would Dragos do” styled playbook contains step-by-step guides for customers to follow for each specific alert and automatically correlates and delivers appropriate datasets for the analyst. This feature reduces the degree of ICS experience and expertise required of existing security practitioners to become effective in industrial environments as well as the amount of time even experienced analysts require to complete investigations.

Investigation Playbooks Facilitate Threat Hunting and Continual Training

Threat hunting is a key strategy for reducing adversary dwell time and the corresponding safety, financial, regulatory or reputational risks that could accompany a serious incident, but is often a challenge for resource-stretched security teams. Even before the Dragos Platform detects a threat, investigation playbooks can be used as a guide to facilitate efficient, proactive hunting of hidden threats by security teams. These threat hunts use the hypothesis created by the Dragos threat operations team that went into creating the playbook and educates the user as to why they are performing the hunt. Dragos playbooks facilitate the proactive defense that is widely viewed as an industrial cybersecurity best practice and imparts the knowledge of the Dragos team as a form of continual training to ICS defenders.

Indicators of Compromise (IOC) Import from Dragos ICS WorldView Cyber Threat Intelligence

Dragos ICS WorldView is the industrial cybersecurity industry’s only product exclusively focused on cyber threat intelligence.  These weekly reports contain insights into threats, adversaries, and indicators of compromise, as well as context and recommended actions for industrial security professionals. These IOCs, and those from other sources, can now be imported directly into the Dragos Platform and security teams can execute IOC sweeps across the data as a scoping and forensics tool while facilitating community information sharing.

“The Dragos Platform provides us with a level of real-time, situational awareness and monitoring capabilities unparalleled in the industry today, which was never before possible within our Windfarm networks,” said Marc DeNarie, Chief Information Officer at NaturEner USA. “It has become an integral part of our day-to-day cybersecurity, OT network monitoring, and asset management program and has eliminated a number of manual processes while increasing our speed of incident response. A high-value system for any organization whose operations are dependent upon ICS technology, processes, and protocols.”

To learn more about the Dragos Platform or to schedule a demo, contact [email protected] or visit for more information.


About Dragos

Dragos applies expert human intelligence and threat behavior analytics to redefine industrial control system (ICS) cybersecurity.  Its industry-first, ICS cybersecurity ecosystem provides industrial security practitioners with unprecedented situational awareness over their environments, with comprehensive threat intelligence, detection, and response capabilities.  Dragos' solutions include the Dragos Platform, software providing ICS-specific asset discovery, threat detection, and investigation capabilities; Dragos Threat Operations Center, providing ICS threat hunting, incident response services, and ICS cybersecurity training; and Dragos ICS WorldView, providing global, ICS-specific threat intelligence in the form of weekly reports and critical alerts upon discovery.  Headquartered in metropolitan Washington DC, Dragos' team of ICS cybersecurity experts are practitioners who've lived the problems the industry faces hailing from across the U.S. Intelligence Community to private sector industrial companies.   For more information, please visit



Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I'm not sure I like this top down management approach!"
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused.
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy limit is miscalculated.
PUBLISHED: 2018-09-22
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n...
PUBLISHED: 2018-09-22
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.