Industrial cybersecurity vendor Dragos released its QRadar Device Support Module (DSM) that integrates with IBM Security QRadar security information and event management (SIEM) technology, to eliminate potential cybersecurity blind spots in converging IT and operational technology (OT) environments.
Recent trends point towards a rise in both frequency and sophistication of security threats, urging security leaders to develop a strategy to ensure a program covers both traditional IT threats and emerging OT threats, Dragos in Hanover, Maryland said.
Built on the Dragos Platform, the QRadar DSM will allow users to analyze data across an organization’s users, endpoints, clouds, applications and networks in real-time to identify potential security threats, Dragos said in a press statement on Tuesday. Using QRadar’s open application programming interfaces (APIs), the Dragos QRadar DSM is certified for release, and allows both Dragos and IBM users to manage and triage threats detected across enterprise and operational networks.
The module enables defenders to adopt Dragos Platform and IBM Security technologies across IT and OT networks, and simplify the process for security teams looking to expand existing security operations to include OT network visibility.
QRadar DSM increases the value and performance of existing QRadar SIEM deployments by adding OT threat detection. It improves visibility and detection of IT and OT security threats., and delivers faster awareness and response to threats from adversaries by leveraging the increased visibility, according to Dragos. The integration provides data connectors and graphical dashboards for ease of deployment.
“We see this collaboration with IBM technology and the X-Force Team as a valuable step toward dramatically improving visibility and response across the entire IT/OT network,” said Clayton Coleman, Dragos’ senior business development manager.
Dragos Platform is a passive monitoring technology designed to provide OT networks with enhanced visibility of assets and threats observed in industrial and OT environments. The integration with IBM Security QRadar sends information received in critical OT networks to enterprise security operations centers (SOCs), and this information is used by security analysts for incident response and investigation.
Available both on the cloud and on premises, IBM Security QRadar consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout the network. It correlates various information and aggregates related events into single alerts to accelerate incident analysis and remediation, to help cope with rising industrial threats.
The QRadar integration with Dragos Platform receives data coming from the OT network and displays it such that enterprise SOC analysts can use it to make informed decisions when investigating potential OT threats, Dragos said. This further decreases the gap between IT and OT visibility by collecting and visualizing data in a more consistent manner for enterprise SOC analysts.
Unlike anomaly-based threat detection methods, the Dragos Platform uses threat behavior analytics as the primary method of threat detection, since they deliver better insights of the threats, which reduces the meantime to recovery (MTTR). Threat behavior analytics take into account known adversary tactics, techniques and procedures (TTPs) that quickly pinpoint malicious behavior with a higher degree of confidence. This helps in faster elimination of the security threats.
Research carried out by Dragos and IBM Security X-Force in December have also revealed that disruptive ransomware attacks on OT are on the upswing, with the manufacturing and utilities sectors identified as the most targeted. Ransomware attacks on industrial entities increased more than 500 percent since 2018, as attackers are increasingly using data theft and extortion as techniques, which can have far greater repercussions.
Privately-held Dragos also secured US$110 million in Series C funding from investors to take the company’s total funding to $158 million. The latest investment is driven by a coalition of industrial and manufacturing companies, and investors, who aim to reap the benefits of improved OT cybersecurity technology in their daily operations.