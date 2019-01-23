Dragos, Inc., provider of the industry’s most trusted
industrial cybersecurity platform and services, today announced the
successful completion of the S4 Detection Challenge with findings
showcased by company researchers at the ICS Detection Challenge:
Analysis and Results session at the S4 ICS cyber security event in Miami
Beach this week.
As a testament to the progress the ICS security community has made in
the past year, the 2019 detection challenge was designed to simulate a
real-world ICS incident, incorporating 400 GB of packet captures from a
real-world mining operation with a set of adversaries “injected” by the
S4 organizers for participants to find.
“More than 500 hours of effort were put into developing the challenge,
transforming it from last year’s challenge based on 3GB of data. This
year presented a much more complicated attack sequence to better
represent a real-world, multi-component attack, designed to
significantly test participating ICS security vendors’ capabilities in
asset identification, threat detection, and response,“ said Ron Brash,
manager in Risk Advisory at Deloitte Canada and S4 challenge developer.
With only two ICS cybersecurity companies decidedly represented in this
year’s challenge, the planned competition format was altered to a
dataset of 130 GB. From the data in the revised challenge, Dragos
detected 140 network protocols, mapped 4600 unknown assets, and
discovered malicious industrial campaigns through intelligence-driven
threat behavior analytics. (Threat behavior analytics detect threats
through characterizations of specific patterns of behaviors, such as a
flow of adversary communications and connections, or failed
authentication attempts).
“Dragos is honored to have been one of the two companies showcased
during the live S4 detection presentation, and we look forward to future
S4 events,” says Dan Gunter, Principal Threat Analyst at Dragos.
“Competitions like this are useful to validate technical claims and
features to the industrial community while helping to push the space
forward.”
The Dragos
industrial cybersecurity platform enables industrial cybersecurity
analysts and threat hunters to maximize visibility and efficiency in
threat detection and response. It is an automated network-monitoring
appliance that performs deep packet inspection to passively identify ICS
assets and communications, detect malicious activity, and guide
defenders step-by-step if a threat is found.
The Dragos presentation shared during the analysis and results session
at the 2019 S4 ICS Security Conference is available at Dragos
S4 Detection Challenge Video.
