Archive for Dragos

Dragos Names ​Ekta Singh-Bushell as Chief Operating Officer

Posted in Commentary with tags on January 8, 2025 by itnerd

Dragos Inc., the global leader in cybersecurity for operational technology (OT) environments, today announced it has appointed ​Ekta Singh-Bushell as Dragos’s first Chief Operating Officer. Transitioning from her role as chair of the Audit Committee on Dragos’s Board of Directors, Singh-Bushell brings extensive experience in leading business transformation through operational excellence to Dragos’s executive leadership team. As COO, Singh-Bushell will oversee go-to-market, customer experience, and people teams and collaborate across the company to help Dragos fulfill its strategic vision as it progresses in its next phase of growth.

Singh-Bushell brings diverse global management experience from some of the world’s leading companies, combined with expertise in high growth technology sectors including cybersecurity. Notably, she was the COO of the Executive Office at the Federal Reserve Bank of New York. During her more than 17 years at EY, she was in various leadership roles, including as senior managing partner leading transformative initiatives across industries impacted by digital, technology, data, and cyber advancements. Early in her tenure at EY, she served as Global Information Security Officer. Singh-Bushell’s extensive operating experience includes advising and collaborating with CEOs, CFOs, and boards, having served as a board member focused on audit and risk, technology and cyber, for companies including Cisco Systems, Huron Consulting Group, Lesaka Technologies, ChargePoint, Designer Brands, and Datatec.

Singh-Bushell is known for her practical global commercial business practices and insights, having worked with companies in more than 60 countries. Her contributions have been recognized by Cranfield University, which nominated her to the 2017 Female FTSE Board Index: 100 Women to Watch; and by Directors & Boards in their 2017 Year-End list. The Council of Urban Professionals (CUP) honored her with the Catalyst: Change Agent award in 2013. Her credentials include being a Certified Public Accountant (CPA) and certifications in cybersecurity (CISSP, CISA), governance (NACD.DC, CGEIT), and sustainability (FSA). Ekta holds a master’s degree in electrical engineering & computer science from the University of California, Berkeley, and a bachelor’s degree in engineering from the University of Poona, India.

Singh-Bushell’s appointment caps a year of major milestones for Dragos, including ​the acquisition of Network Perception, makers of NP-View, an award-winning network visualization platform for OT networks, and the formation of Dragos Public Sector LLC, a dedicated subsidiary, delivering OT cybersecurity solutions to address the unique needs of government including US federal agencies. This year Dragos also was named to the Deloitte Technology Fast 500 for the fourth consecutive year.

Leave a comment »

Dragos Platform Streamlines OT Threat and Vulnerability Workflows and Expands Asset Visibility

Posted in Commentary with tags on August 28, 2024 by itnerd

Dragos Inc. today announced the latest release of the Dragos Platform, the industry’s most effective OT network visibility and cybersecurity platform. The updates provide industrial and critical infrastructure organizations with even deeper and enriched visibility into all assets in their OT environments, streamlined workflows for threat detection and vulnerability management that allow for efficient and effective response, and powerful integration of Dragos WorldView intelligence and Neighborhood Keeper community intelligence on current and emerging threats. 

Industrial organizations worldwide are grappling with the rise of threat groups that scale attacks on widely-used technologies and common security weaknesses in OT environments, as well as a 50% year-over-year increase in reported ransomware attacks on these organizations. At the same time, they must balance the need for safety, quality, intellectual property protection, and financial and reputational safeguards with the competing priorities of uptime and availability of complex industrial infrastructure. IT cybersecurity approaches do not adequately protect these systems; threat and vulnerability methods not tailored to OT environments can disrupt essential processes and overburden security teams with irrelevant alerts.

The Dragos Platform provides comprehensive OT-native cybersecurity as a non-intrusive overlay to operations environments. Updates include new local collector and file ingestion capabilities that expand data collection options for increased flexibility; also included are new filtering capabilities that create powerful asset inventory views to answer key visibility questions for IT security and operations alike. The evolved integration of the Platform with Dragos’s Neighborhood Keeper and WorldView threat intelligence streamlines vulnerability management, threat detection, and response workflows to meet emerging threats like FrostyGoop and PIPEDREAM malware; Unitronics vulnerabilities; and VOLTZITE, CyberAveng3rs, and CHERNOVITE threat groups targeting OT environments.  

Enhancing Asset Inventory Capabilities

Sixty-one percent of industrial organizations struggle to effectively monitor their critical assets, limiting visibility into their risk. The latest updates to the Dragos Platform introduce advanced features that streamline and enhance asset inventory management:

  • Expanded asset enrichment with project file and data import: The new file ingest feature allows for seamless import and enrichment of asset data from existing project files or other devices, simplifying the process of maintaining a comprehensive and up-to-date asset inventory.
  • New lightweight collector for enhanced monitoring: A containerized traffic forwarding solution, this collector operates on edge switches and routers to provide data collection for space-constrained locations deep within OT environments. It captures and processes critical data, ensuring that even the most remote assets are monitored effectively with minimal impact on operations.
  • Expanded environment support: Dragos sensors now support Hyper-V and ESXi environments, allowing for broader deployment across different OT infrastructures.

Advancing Vulnerability Management and Asset Operationalization

The Dragos Platform’s latest enhancements also focus on turning asset data into actionable insights, enabling more effective and targeted cybersecurity measures through Dragos’s corrected severity scoring with “now next never” prioritization, alternative mitigation.

  • Advanced asset filtering features: The introduction of customizable filters allows users to efficiently manage and analyze asset data, facilitating the identification and prioritization of assets and their vulnerabilities. 
  • Automated alerts with Neighborhood Keeper trusted insights – Context of newly discovered vulnerabilities or threat activity relevant to users’ environment can be pushed via Neighborhood Keeper to their Platform console from Dragos directly or from our Trusted Insight Partners, often before the vulnerabilities or threat activity are disclosed publicly. 
  • Added intelligence context with pivots to WorldView OT analysis – In-Platform pivots to WorldView intelligence analysis & reporting on specific vulnerabilities providing deep intelligence analysis to enable risk management (additional license required).

Leading the Market in Threat Detection

As threats to OT environments continue to evolve, Dragos remains at the forefront of OT-specific threat detection:

  • Over 1,000 new threat detections, vulnerabilities and response playbooks added: The latest updates introduce over 1,000 new threat detections, addressing emerging threats such as CyberAveng3rs, FrostyGoop and other advanced threats. The Dragos Platform’s rapid development and deployment of threat analytics enable organizations to respond swiftly to emerging threats. This capability is vital in maintaining the security and integrity of OT environments, ensuring that critical operations are protected from disruption.

The Dragos Platform’s ability to quickly turn threat intelligence into actionable guidance for customers was most recently demonstrated in response to FrostyGoop, the ninth known ICS malware, which directly interacts with industrial control systems (ICS) using Modbus TCP over port 502, and was discovered by Dragos in April 2024. Dragos Threat Intelligence experts quickly developed new detection analytics and response playbooks and pushed them to Platform users through a Knowledge Pack update. New to this release, opted-in organizations in Neighborhood Keeper can automatically receive these pushed content updates within their Platform instances for immediate coverage. 

The Dragos Platform was awarded Best Industrial Security Solution by SC Awards (2023), won gold in two categories – Critical Infrastructure Security and ICS/SCADA Security – in the Cybersecurity Excellence Awards (2024); recognized as Market Leader in OT Security and Most Comprehensive Industrial Cybersecurity solution by Cyber Defense Magazine’s Global InfoSec Awards (2023); and was a Platinum award winner in ASTOR’s American Security Today Homeland Security Awards for Best ICS/SCADA Cybersecurity (2023).The latest updates further enhance the Dragos ecosystem, equipping it to more effectively tackle critical OT cybersecurity challenges. To gain deeper insights into the newest version of the Dragos Platform, Dragos is offering a public webinar. During this session, Dragos will discuss how new features operationalize asset data for prioritizing and addressing vulnerabilities, as well as how the platform’s threat analytics are developed and deployed to safeguard essential operations.

Leave a comment »

Dragos Report Shows How Much Ransomware Attacks Has Surged In The Last Year

Posted in Commentary with tags on February 15, 2023 by itnerd

According to cybersecurity firm Dragos, ransomware attacks on industrial infrastructure more than doubled last year. Of the 600 industrial sector ransomware attacks tracked by Dragos in 2022, three-quarters of them (437) targeted manufacturing in 104 subsectors. That was a 92% increase over the 315 attacks the firm detected in 2021.

The Dragos report also highlighted the emergence of a new, highly dangerous threat group, Chernovite, which developed a modular ICS toolset designed to cause destruction against critical infrastructure companies in the US and Europe.

International conflicts and wars have exacerbated the use of cyber attacks as compliments to political pressure. During 2022, Ukraine saw increased threat group activity targeting its energy and critical industrial infrastructure sectors. Russia’s 2022 invasion of Ukraine provide opportunities for Russia-aligned actors to use their cyber offensive capabilities preemptively and in parallel to its kinetic attacks.

Top 10 Ransomware Group attributions from study:

  1. LOCKBIT: 169
  2. CONTI: 58
  3. BLACK BASTA: 54
  4. ALPHA V: 43
  5. HIVE: 33
  6. KARAKURT: 30
  7. ROYAL: 22
  8. SNATCH: 17
  9. AVOS LOCKER: 14
  10. BIANLIAN: 14

Morten Gammelgard EVP, EMEA at BullWall has this perspective:

“Anyone who’s looking at Ransomware as strictly a financial play by criminal enterprises is missing the bigger picture. We are, in most senses, in a war. North Korea, China and Russia are the biggest players in the Ransomware game and as tensions and armed conflicts with these nations continue to escalate the threat actors are shifting their focus to industries that will harm the US and its allies the most: Infrastructure, communications, supply chain, manufacturing and even the government itself. 

“Countless government agencies have been under attack and some, particularly tax assessor offices, have been inoperable for months due to successful ransomware events. We will continue to see maximum focus on these parts of our economy as China, Russia and North Korea attempt to exacerbate our already record inflation to do maximum damage on our economy. The Ransom is only part of a longer game.

“With Russia, China and North Korea so focused on hurting our supply chain and production capability these organizations have to realize they won’t be able to stop those ransomware events from a determined nation-state actor. They MUST also have a solid response and containment strategy, including automated ransomware containment.

What’s clear from this report is ransomware is not going away anytime soon. Thus organizations need to ensure that they are fully protected from the threat that ransomware poses, or be prepared to suffer the consequences if they aren’t.

Leave a comment »

New CISA Cybersecurity Performance Goals For critical Infrastructure Announced By DHS

Posted in Commentary with tags , on October 27, 2022 by itnerd

This morning, the Department of Homeland Security released the new Cross-Sector Cybersecurity Performance Goals (CPGs) to provide baseline cybersecurity goals that are consistent across all critical infrastructure sectors. The CPGs identify and prioritize the most important cybersecurity practices for critical infrastructure operators and provide an approachable common set of IT and OT cybersecurity protections to improve cybersecurity across our nation’s critical infrastructure. 

The security directives were developed by CISA, in coordination with NIST, following the mandates set out in the Biden administration’s July 2021 national security memorandum to improve cybersecurity for critical infrastructure control systems.

Robert M. Lee, CEO and Co-Founder of Dragos had this commentary on these security directives:

“CISA has shown their commitment to working alongside the industrial cybersecurity community with the release of the common baseline Cross-Sector Cybersecurity Performance Goals (CPGs). CISA took extensive input and feedback from industry stakeholders and this updated guidance reflects that they were listening closely, providing actionable but not overly prescriptive guidance – exactly the type of support the community has been requesting. It allows asset owners and operators to work towards shared goals while giving them the flexibility and expertise to implement them in ways best suited to their organizations and risks. Most of the CPGs map closely to the critical controls needed for strong OT cybersecurity—namely, having an incident response plan, a defensible architecture, visibility and monitoring, secure remote access, and key vulnerability management. This guidance can help lift industrial cybersecurity standards across the board to better protect our nation’s critical infrastructure. CISA’s continued focus on OT cybersecurity as foundational to national security, and distinct from IT cybersecurity, is an important contribution to the community’s advancement.”

This is the sort of thing that will help to make us all safer and I hope that this is adopted widely so that things like ransomware and other sorts of attacks become less prevalent.

UPDATE: I have a second comment from Yotam Perkal, director of vulnerability research for software security firm, Rezilion:

General impression from the document:

I think the direction CISA chose to take with the CPG is very good. I hope that having the document written in an approachable language, easy to digest, and focused on the fundamentals, will help with adoption. The main underbelly in terms of cybersecurity risk are not the mature, modern enterprises with huge security budgets and an abundance of security controls. Rather, it is the long tail of organizations, without mature cyber programs or procedures in place. For these organizations, a resource such as the NIST Cybersecurity Framework might be overwhelming. If these organizations adopt and implement the bare-minimum recommendations in the GPG, it could go a long way in terms of improving the overall security posture across the US. I also like the fact that CISA is promoting discussion around the guidelines and soliciting for feedback using the discussion page on GitHub

Specifically regarding the Vulnerability Management section:

I think the recommendations are valid and are reasonably straightforward to implement. That said, in order to implement some of them (such as “mitigating known vulnerabilities” and “no exploitable services on the internet”) there is a preliminary stage that isn’t mentioned in the guidelines which is having visibility into your organization’s exploitable attack surface. Assuming that the long tail of less mature organizations have that visibility is a stretch.We have seen evidence to that when we did our Vintage Vulnerabilities research which found over 4.5 million internet-facing devices that are vulnerable to vulnerabilities discovered between 2010 to 2020 that are known to be actively exploited in-the-wild (on the CISA known exploited vulnerabilities catalog). Specifically in the critical infrastructure domain, Security professionals have to be also aware of the capabilities and limitations of their vulnerability scanning tools. As we have shown in our latest research both open-source and commercial scanners and SCA tools are prone to a significant amount of false-positive and false-negative results. For example, when scanning OT assets, a vulnerability scanner without the ability to identify vulnerable components within compiled code will have significant blindspots when it comes to the known vulnerabilities it will be able to identify.

UPDATE #2: Tyler Reguly, senior manager, security R&D at HelpSystems, says:

“The most important take away there is that these goals were selected to address risks to the nation as well as individual entities. This is a big shift from other well-known baseline documents, such as the CIS Benchmarks or the NIST Security Guidance. At the same time, this is not a complete guide, it is a starting point to ensure organizations are all starting on the same footing.”

Leave a comment »