Traditionally, information technology (IT) and operational technology (OT) environments have been separate, with their networking and security requirements managed by two different teams within the organization. However, the lines between IT and OT have become increasingly blurred as systems become more interconnected — a reality that enhances business processes but can increase security risks.
To address this issue, CrowdStrike®, through our partnership with Dragos, is proud to announce the launch of the Dragos ICS/OT Threat Detection app on the CrowdStrike Store. This new application bridges the IT and OT security divide for customers by providing early visibility and detection of ICS (industrial control systems) / OT threats found on IT endpoints, using data leveraged from the CrowdStrike Falcon® platform.
Table of Contents
Why the Dragos ICS/OT Threat Detection App was Created
There have been growing security concerns as a result of the convergence of IT and OT environments. Historically, IT is concerned with data movement across endpoints and humans, while OT involves data movement between control systems and OT devices supporting industrial and manufacturing processes.
Over the last few years, the separate nature of these environments has been undergoing change due to business drivers such IIoT (the industrial internet of things) and industry 4.0. Unlike the more well-defined dividing lines of the past, organizations now want to gather telemetry data from the OT side and drive analytics and business processes on the IT side. This has significant security implications for both environments, because the resulting expansive, converged networks are not matched by having converged security measures in place. This is especially true in today’s threat environment where attacks targeting ICS are on the rise.
Protecting ICS Is Critical
One of the biggest challenges industrial customers are facing is securing disparate networks using traditional IT tools that cannot extend to OT environments. Both IT and OT systems have very different protocols and operating systems. Advanced persistent threats focused on ICS can take advantage of the interconnected networks by entering into an enterprise IT network and then pivoting into the organization’s OT environment to achieve their objective of stealing data or causing disruption.
How Dragos and CrowdStrike Bridge the IT-OT Divide
The Dragos ICS/OT Threat Detection app bridges the IT and OT security divide by providing CrowdStrike customers with early visibility and detection capabilities for ICS / OT threats found in their existing IT endpoint data generated by the CrowdStrike Falcon platform.
Dragos and CrowdStrike have been partners since October 2017, offering comprehensive security services — including assessment and preparedness solutions — as well as incident response capabilities. Our mutual streamlined and efficient delivery of solutions has benefitted current and future customers in the ICS industry, as well as those in the supervisory control and data acquisition (SCADA) space.
By extending this partnership to include the Dragos app offering, CrowdStrike customers can now enhance security for both their IT and OT environments. The combination of the Falcon platform and the Dragos app gives customers an actionable understanding of the ICS adversaries in their IT networks, and enables investigation to prevent further activity.
The Dragos ICS/OT Threat Detection app offers CrowdStrike customers the following benefits:
- Achieve early and expanded visibility into industrial (OT) threats by leveraging endpoint data from the Falcon platform across IT networks
- Employ the detection capabilities of the integrated Dragos Threat Detection app and the Falcon UI to determine ICS/OT-focused indicators of compromise (IOCs) that are impacting endpoint assets
- Gain actionable insights into OT threat activity by adversary group, event type and impacted devices
- Experience ease of implementation via the Falcon single lightweight agent with no additional deployments on IT endpoints or additional telemetry gathering required
About The CrowdStrike Store
The CrowdStrike Store, which launched in February 2019, is the first cloud-native security solution that opens the CrowdStrike Falcon platform to third-party applications, enabling a single-agent, single-cloud ecosystem experience. The partner applications are certified by CrowdStrike and can be deployed on top of the Falcon platform to start working immediately.
Building on the cloud-native Falcon platform, apps no longer have to extract the same telemetry multiple times (and trample on each other in the process), nor do they have to collect the data centrally, multiple times, creating islands of disconnected datasets. The Falcon platform enables an “extract-and-collect once, use everywhere” model, which each partner can extend by performing additional analytics. Most importantly, we are ensuring that security analysts and administrators get a streamlined support and troubleshooting experience.
A Win-Win for Customers with IT and OT Environments
When the Dragos ICS/OT Threat Detection App was previewed at Black Hat 2019 it was met with an overwhelmingly positive response from the customers that have both IT and OT environments. This is because organizations have been searching for a solution that could provide seamless extended visibility and IT and OT threat detection in their IT environments — with the Dragos app and the CrowdStrike Falcon platform, they can achieve it.
If you are a CrowdStrike customer, please visit the CrowdStrike Store via your Falcon UI and see how you can take the Dragos app for a test drive.
If you are innovating in the endpoint security space, please visit our CrowdStrike Store Partner page and learn about building your app on the Falcon platform.
Leave a Reply