Dragos launches enhanced platform for OT threat detection
Dragos has unveiled its latest Dragos Platform, enhancing its support for critical infrastructure organisations by providing improved visibility into operational technology (OT) environments and streamlined workflows for threat detection and vulnerability management. These updates aim to offer comprehensive insights and efficient response mechanisms for emerging threats within industrial sectors.
The Dragos Platform now features enriched asset visibility, effective threat detection workflows, and integration with Dragos WorldView and Neighborhood Keeper intelligence systems. The updates come at a crucial time for industrial organisations, which face increasing ransomware attacks alongside the need for maintaining safety, intellectual property protection, and financial stability.
Jodi Schatz, Chief Product Officer at Dragos, highlighted the firm's objectives, stating, "The latest enhancements to the Dragos Platform focus on helping industrial organisations build the most comprehensive asset inventory and implement effective protective measures against today's intensified OT cyber threats—all without disrupting critical operations."
Among the new features is the expansion of asset enrichment capabilities through project file and data import, which simplifies the maintenance of an up-to-date asset inventory. Additionally, a new lightweight collector has been introduced to operate on edge switches and routers, allowing comprehensive data collection even in space-constrained locations. The updates also extend environment support for Dragos sensors, accommodating Hyper-V and ESXi environments to foster broader deployment across different OT infrastructures.
Advanced asset filtering capabilities have been introduced to aid in the management and analysis of asset data. These filters allow for the identification and prioritisation of vulnerabilities, coupled with automated alerts delivered through Neighborhood Keeper. The Platform also includes pivots to WorldView intelligence analysis, which provides deeper insights into specific vulnerabilities and supports risk management for organisations.
Over 1,000 new threat detections and vulnerabilities have been added to the Dragos Platform, addressing emergent threats such as CyberAveng3rs, FrostyGoop, and other advanced malware. The Platform's capability to swiftly turn threat intelligence into actionable guidance was demonstrated with FrostyGoop, a malware directly interacting with industrial control systems using Modbus TCP over port 502. After its discovery in April 2024, Dragos promptly developed new detection analytics and response playbooks, ensuring customers could effectively tackle this new threat.
Schatz elaborated on the importance of the latest updates, explaining, "Dragos understands the complexity of these environments and the growing risk and builds that knowledge into the platform so customers can identify and protect their most critical assets with greater precision and confidence. Customers benefit from powerful intelligence from our integrations with Dragos WorldView and Neighborhood Keeper—the largest anonymised information-sharing network used by the broader OT and intelligence community."