Industrial cybersecurity firm Dragos has joined with IronNet Cybersecurity to focus on integrating IronNet IronDome threat intelligence sharing solution with Dragos’ Neighborhood Keeper solution, to help ensure the security of the nation’s critical infrastructure through an integrated IT-OT approach to cybersecurity.
The joint product will help to eliminate barriers and enable organizations to focus on their core businesses and digital transformation efforts. With rising cybersecurity threats to business and operational networks increasing both in terms of frequency and sophistication, this “collective defense” approach can provide organizations across public and private sectors with an effective way to defend against well-organized and funded cyber-attacks.
“As the recent Colonial Pipeline ransomware attack demonstrates, disruptions to OT networks often result from attacks to IT systems,” Robert M. Lee, Dragos’ chief executive officer, and co-founder said in a press statement. “Dragos has seen similar ransomware attacks on OT systems. We have come together to work hand-in-hand with IronNet to ensure we’re solving customer challenges through an integrated IT-OT collective defense approach.”
“With shared visibility, detection, and intelligence sharing we can stand as a community against even sophisticated state actors,” Lee added in a LinkedIn post.
“IronNet shares a common vision with Dragos to bring a holistic cybersecurity approach to organizations in their battle against nation-state adversaries,” said IronNet co-CEO General (Ret.) Keith Alexander. “IT security must secure the network and data on it, whether on-premise or in the cloud, without limiting business productivity, while OT security must secure the processes, people, and environments to ensure the safety, availability, and resilience of operational systems.”
Dragos’ Neighborhood Keeper provides collaborative asset identification, threat detection, and collective defense for more effective industrial cyber protection by sharing anonymized threat intelligence at machine speed across industries and geographic regions. It comes as a free, opt-in, anonymized information-sharing network available to all Dragos Platform customers.
The Dragos Platform is a high-fidelity sensor-based (network layer) continuous network monitoring cybersecurity capability for OT/ICS. The Neighborhood Keeper technology is an opt-in on top of the Dragos Platform capable of detecting supply chain risks and equipment, vulnerabilities, and cyber threats that need to be identified and remediated, acting as a sort of collective defense. It also enables industry and government partners to leverage the system as a cyber national broadcasting service.
Dragos Platform customers deploy passive sensors in the ICS/OT environment, and opt-in to Neighborhood Keeper. When detections fire in the environment, all data stays on-premises with the customer and only anonymized metadata is shared. The Neighborhood Keeper receives the anonymous alert and shares detections and insights across the community to inform them of what is occurring elsewhere, the prevalence of certain adversary methods, vulnerabilities and risks, in order to amplify and inform their own security efforts.
Participants may also anonymously make an encrypted request for assistance from other members. Members who respond can identify themselves temporarily to the requestor. The requestor can then identify themselves to the team of their choice to help them and then coordinate response efforts.
IronNet’s network detection and response (NDR) solution, IronDefense, uses behavioral analytics to detect unknown cyber threats on enterprise networks, while its IronDome solution shares anonymized threat data in real-time within a secure ecosystem, providing other community members with a new level of visibility into potential incoming threats. The platform has been built to stop sophisticated cyber threats, gain unparalleled visibility, and empower the team while making faster and smarter decisions.
Hackers are increasingly driven to disrupt operations by eyeing vulnerabilities in the IT space as a viable entry point to OT infrastructure. Though OT infrastructure was once locked down by hardwired assets and proprietary communication protocols that were difficult to breach, the digitalization of operations has markedly increased connectivity, changing the security posture of these industrial environments and making them more vulnerable.
While adversaries are getting smarter, stealthier, and targeting OT and ICS like never before, there is a need to focus on reducing risks by detecting potential cyber-attacks early, before they impact production, according to a recent insight released by Booz Allen Hamilton. Threat detection will help minimize impact and increase visibility into the OT environment, enable actionable alerting, and facilitate effective and collaborative response.
Dragos had in March joined with the Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE) to bring together various cyber and national security communities of interest to reduce complexity, improve awareness, and accelerate industry effort. These measures will improve cyber resilience against growing threats from nation-states and criminal enterprises.