Enhanced Industrial Threat Detection: Get Early Warnings of Adversaries in Your Enterprise Networks

In our interconnected world, the growth of threats to industrial control systems (ICS) and operational technology (OT) continues to rise, putting organizations and critical infrastructure at risk of attack. To combat this, the security teams at CrowdStrike and Dragos work tirelessly to protect the world’s most critical infrastructure, including industries such as electric utilities, oil and gas, water and manufacturing. However, IT and ICS security teams in these industries are met with constant challenges regarding minimal visibility into the OT environment, poor security perimeters, and a lack of separation between IT and OT user management. With limited tools, visibility, and appropriate endpoint, network and device data to detect ICS and OT threats in your environments, adversaries are more likely to gain a foothold and remain hidden in your enterprise.

 

To stop industrial adversaries in their tracks, security teams must also go beyond the OT network to detect threats early and implement the right response actions, as OT adversaries are known to gain a foothold in enterprises through the IT network, as they pivot to OT networks. For your teams to achieve this, CrowdStrike and Dragos have partnered to deliver a customer-driven enhancement to the existing Dragos ICS/OT Threat Detection app — it gives you visibility and early warnings of ICS threats within your IT network and on your intermediary systems such as human machine interfaces (HMIs) and engineering workstations (EW), improving your team’s detection and response efficiency and efficacy. By bridging the gap between the IT and OT systems, CrowdStrike and Dragos provide a more complete view of ICS threat activity within your networks. Customers get extensive coverage by combining CrowdStrike’s MITRE ATT&CK® framework adoption across IT and intermediary systems, and Dragos’ ICS adversaries’ unique MITRE ATT&CK tactics and procedures. The Dragos ICS/OT Threat Detection app in the CrowdStrike Store leverages rich endpoint data from the CrowdStrike Falcon®️ platform combined with Dragos' extensive collection of OT threat signatures to give you early signs of attacks so you can quickly respond to and defuse threats using the Falcon platform before the damage is done.

 

Protecting Converged IT and OT Networks

Today's ICS adversaries often leverage enterprise networks to gain a foothold into OT networks to accomplish their goals, whether it be reconnaissance/pre-positioning, IP theft, or harming operations and safety. In fact, Dragos’ ICS Year in Review Report noted that ransomware and commodity malware, including Ryuk and Emotet, are consistent threats to industrial environments as they can potentially bridge the IT/OT gap to disrupt an organization’s operations. To gain comprehensive visibility of ICS threats in your IT networks, Dragos combines the CrowdStrike Falcon® platform’s endpoint data and intelligence on known eCrime and ransomware activity with Dragos’ extensive WorldView Industrial IOCs repository to give you an early warning when ICS threats are detected.

 

Given that many ICS adversaries initiate their attacks via IT networks, Dragos leverages CrowdStrike Falcon® threat detections to determine ICS/OT-focused indicators of compromise (IOCs) and OT focused adversaries before they breach your OT networks. With this early warning, your security team can more effectively protect your organization from harmful adversaries before they accomplish their goals. Your security team will gain actionable insights surrounding ICS adversary events and impacted devices, so they can respond swiftly through the Falcon platform, including executing response actions such as a network-contain on the impacted endpoint, regardless of the location. With Dragos’ highly experienced ICS-focused intelligence team paired with CrowdStrike’s rich endpoint and workload telemetry, you have the latest ICS threat detection capabilities to ensure your critical data remains protected from modern threat actors.

 

Enhancing Detection Context of ICS and OT Threats With CrowdStrike and Dragos

 

To get ahead of industrial adversaries, it’s critical to prioritize visibility and improve detection and response times across your organization’s networks, but that is easier said than done. With the Dragos ICS/OT Threat Detection app available in the CrowdStrike Store, you can easily integrate all Dragos WorldView Industrial IOCs across your entire CrowdStrike Falcon® deployment, so your team can quickly identify known industrial cyber threats. The indicators include file hashes, IP addresses and domain names of known OT-targeting threats, and are now included natively in the Falcon detection engine when the app is initiated. These enhancements allow your analysts to be automatically notified when a new ICS threat has been detected so that they can immediately respond through the Falcon platform’s Real Time Response capabilities. Your team can also gain the necessary threat context to triage, including the responsible user, the executing process, the surrounding events and the triggering indicator provided by Dragos. By combining the unique capabilities of CrowdStrike and Dragos, your organization can be more proactive and effective in protecting its industrial operations from compromise.

Take a Proactive Stance Against Industrial Adversaries

As adversaries become more intelligent and our systems increase in complexity, enterprises must optimize their existing security stack, unify their tools and be proactive in their approach to truly safeguard from modern-day threats. With the combined power of CrowdStrike and Dragos, enterprises are empowered to reduce blind spots in converged IT/OT networks, catch ICS threat activity in IT environments and critical intermediary systems such as HMI’s before they reach the OT networks, and deploy seamlessly with no additional agents via the CrowdStrike Store. Visit the CrowdStrike Store to try the Dragos ICS/OT Threat Detection app today.

About the CrowdStrike Store

The CrowdStrike Store, which launched in February 2019, is a cloud-based ecosystem of trusted applications, providing a strategic choice of vendors and security technologies to our customers. All CrowdStrike Store applications leverage the power of our Security Cloud — which processes over 5 trillion events per week — and our powerful lightweight agent that provides enriched telemetry to the Falcon cloud-scale platform. The CrowdStrike Store is focused on delivering a frictionless consumption of first- and third-party applications by leveraging the power of our extensible platform architecture and rich threat intelligence data for our customers.

Additional Resources

Breaches Stop Here