How does Dragos help its customers to protect their digital infrastructure?
We have a dedicated team of threat intelligence analysts looking at threats in the operational technology space, in particular, in critical infrastructure. We gather information about how threat actors are targeting critical sectors like electricity, oil and gas, manufacturing, and give organisations the information they need to defend themselves against against those threats.
We then codify that intelligence into detection mechanisms, building out a software platform that is used to monitor those for those detections, to give people practical mitigation advice.
There’s a vast amount of potential threats out there, so we help to prioritise actions and give really practical advice based on our our experience of how to how to deal with those threats. We also have a professional services team to provide incident response to help organisations recover and get their operations back up and running as quickly as possible.
The CrowdStrike outage demonstrated that operational disruption can be as damaging as threat actors in some instances. Do you have a customer proposition to account for this?
Yes, we help people to put in place a ‘defensible’ architecture by monitoring external threats, but we also are very focused on what’s happening inside of that architecture. We’re looking at the traffic that’s moving around it, and we can see potentially hazardous or dangerous behaviours within that environment, something that might manifest as adversarial behaviour from an external threat actor could also be an internal threat actor, or it could be somebody just bypassing a process, and all of those things can affect the resilience of a digital system.
For example, maybe an engineer is just trying to do their job, but they might plug in a device they’re not supposed to and accidentally introduce a threat or bypass a procedure. We’re just as likely to see that kind of behaviour as a threat behaviour and give people a proportionate response to that as well. Prioritisation is very important. If we alerted an organisation on every time a computer was plugged in, they’d be overwhelmed in that environment. It’s important that it’s usable and scalable for organisations
As field CTO you have good view of cross-border operations. Are there any geographies you think are approaching cybersecurity better than others?
It’s really interesting to look at the different approaches and we’re seeing a raft of legislation and mechanisms being used in many countries. For the last 20 years, the US has had some very stringent regulations around the US electricity market and how cyber security is managed there, for example, and it’s driven a high level of cyber hygiene in those environments. And they’re constantly updating those regulations, and it’s very prescriptive. But what we’ve seen across Europe, the Middle East and the Asia Pacific regions is more risk-based legislation.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataSo different starting points, slightly different approaches. But many, countries are beginning to understand the societal impact of a potential attack on critical infrastructure. With an adversary attacking a private business there’s a fiscal impact. But the knock on effect is you can’t get oil or gas to a customer, they can’t run their cars if you can’t get electricity to them, there’s a societal impact, and that is often is much greater. And so it’s really good to see governments and other institutions working in collaboration with private businesses to try and improve that position.
Data centres are becoming widely classified as critical infrastructure. Are there any particular challenges in this area?
Data centres a quite unique case, because they cross the IT side in terms of the criticality of the systems that they’re hosting, but they also have operational technology that support their operating their facilities. So vast amount of air conditioning. They have a huge reliance on power. So all of that technology that supports the safe running and operation of data centers is very similar to other critical sectors. But then the impact and knock-on effect of the loss of one of those facilities is very high.
Data centre operators recognise this risk and the big hyperscalers, in particular, are incredibly proactive even without legislation, because they’re protecting their business. In an ideal world, that’s how it would always be, that organisations aren’t told exactly what they should do and when to do it.
But sometimes that’s a necessary thing to really create a cultural change, like getting drivers to wear seat belts when they were first introduced. Bringing data centres under the under the protection of critical national infrastructure allows governments to provide greater support and assistance to them in helping them on that journey.
So you work across the private and public sector?
We’re recognised internationally as being the leaders in threat intelligence in this space. Governments want to speak to us about the prevalence of risk, and we then we advise them of what the right kinds of controls may be. But we advise agnostically on what we think are the right controls.
What about controls in the form of regulation?
Legislation can often be prescriptive. It drives people to do 20 different things all at once. And, actually, there are some key things that you can do to really drive the risk down within your environment. The first one is to be prepared and have Incident Response Plans. It’s to create a defensible architecture around your assets. It’s critical to make sure that only trusted people can get through that defensible architecture by having a secure remote access solution.
Then, because you’ve created a bubble, essentially a perimeter around your assets, we advise people should monitor what’s going on inside, and then finally, to have a risk-based vulnerability management process. And with those things in place, we believe a majority of both criminal and state actors can, actually, be prevented from using their current tactics and techniques.
The challenge with prescriptive legislation, is sometimes it asks for capabilities that are common in the IT space and not necessarily that impactful in operational technology. Operational technology facilities can be five to fifty years old, so it’s incredibly challenging and actually distracting from the basics, which are what can really mitigate threats.
And ultimately, businesses have been managing resilience for themselves for a long time. You know, these companies are built on resilience, keeping the lights on, keeping the gas flowing. We live in a world of incredibly reliable energy networks. But they’re now dealing now with an adversary with intent. The weather doesn’t have intent, mechanical failure doesn’t have intent, but threat actors do, and that’s a new thing they have to deal with, and they’re adapting to it, but it is at their core to be resilient, and I’d rather see organisations supported rather than forced into implementing controls.