Dragos, Inc., a leader in industrial threat detection and response, and Schweitzer Engineering Laboratories (SEL), a lead supplier of digital systems that protect power grids around the world, have formed a partnership to arm the electric power community with the tools to better detect and respond to threats within their industrial control system (ICS) networks.
Greater Visibility, Threat Detection, and Response in the ICS
The Dragos Platform integration with SEL devices provides insight into power system networks and their communications, helping asset owners and operators to gain deep packet inspection into SEL communications to monitor for security events. In addition, the Dragos Platform collects, aggregates, and analyzes unique SEL events and logs not available to other security technologies to provide wider coverage for threat detection and response efforts. The partnership also opens new opportunities for unique detection and response practices.
- The Dragos Platform provides a comprehensive data source coverage for the industrial security market. It passively identifies assets across multiple data sources, including: network traffic, host-based logs, data historian events, and logs from SEL assets, including SEL ICON and SEL Real-Time Automation Controllers (RTACs).
- Threat behavior analytics provide analysts context into adversary actions, such as why alerts are generated, instead of simply alerting on anomalies and changes in environments. The Dragos Platform is an intelligence-driven threat detection product for industrial networks. The integration with SEL allows for the creation of new threat analytics focused on adversary behaviors against SEL equipment and communications.
- The Dragos and SEL partnership enables new SEL equipment-specific investigation playbooks. The playbooks, created by senior industrial cybersecurity analysts in the Dragos Threat Operations Center, are paired with each threat behavior analytic and provide step-by-step guides to responding to threats, allowing analysts to respond effectively and efficiently against cyber incidents in power system networks.
Innovative, Joint Solution for Proactive Defense
The SEL-2470S is the industry's first hardened, software-defined networking (SDN)-enabled switch designed to improve Ethernet performance in mission-critical applications. When integrated into the SEL2470S and the SEL-5056 Software-Defined Network Flow Controller, the Dragos Platform retrieves all information and authorized flows on the network for complete and fully accurate network visibility. In addition, unauthorized network flows are sent to the Dragos Platform for analysis to provide context and proactive actions ahead of a cyber incident. This combination helps maintain the highest levels of reliability and safety in power system networks.
Sid Snitkin, ARC Advisory Group, commented, “While Dragos is already a well-respected cybersecurity supplier in the electrical sector, the SEL relationship will clearly broaden Drago’s market opportunities. Integration of the Dragos Platform into SEL’s networking products provides utilities with the deep visibility and control they need to rapid detect and thwart malicious cyber-attacks.”