3 . Developing staff , ensuring that they ’ re putting people and processes in place with the expertise required .
How important is threat intelligence in detecting and responding to these types of attacks , and how does your organisation approach this ?
It ’ s extremely important to learn from adversaries , and that ’ s all that threat intelligence is . What have we seen before ? What would we have done differently the next time ?
Many organisations have focused heavily on indicators of compromise and are looking for an IP address or a piece of malware that they can find next time . While that ’ s not bad , it ’ s not scalable , especially when you think about attacks that may use the same methods but happen against different types of facilities or different equipment .
When we think about threat intelligence , we think about it in understanding adversaries ’ tactics and techniques and the methods they ’ re accomplishing .
I want to know how somebody is modifying a safety system , not which one it is . Where intel shines are that it ’ s not just creating another detection or alert . It ’ s understanding the context and prioritising the things we see so that we take the right response when something happens .
How important is the Middle East market for your company , and how do you work with partners to provide solutions and services to end-users ?
Our tagline is ‘ safeguarding civilisation ’, and to us , that means something . I think this region specifically has some strategic adversaries , and we are at an inflection point where they ’ re taking advantage of the transformation happening to industries here . The Middle East was the first place we went outside of the US . Our first team on the ground here was based in Riyadh , and then we built out our office in Dubai , and we are starting to work in Kuwait and Oman .
We have found that this region , more than most places globally , is all about partnership .
If we come as a seller of a box , demanding payment , and saying we ’ ll see you in three months , that ’ s not going to work . We have no better partners in the world than the ones we ’ ve developed here .
How does Dragos set itself apart from others in this market ?
First , we take that intelligent further approach . Dragos professionals have been part of the response to any significant industrial attack that ’ s ever occurred . Those insights are things that we can codify and bring to our customers .
Second , we ’ ve hired the best of the best . We don ’ t just operate as a technology company , we have a services team and an intel team , and we want to have really smart individuals who are used to being in these environments .
We do many ancillary things that aren ’ t business lines for us , like training or learning management systems with classes . Still , these things are helpful in that partnership discussion and making sure that people can be successful .
Third , through being a Dragos customer , you get that partnership feel from the moment the PO is signed . Most of our focus and the way that we ’ ve built our sales , customer success and professional services teams is to understand the risk that a customer ’ s taking and the work ahead of them so that when they take that leap of faith to try and do right by their community , we are with them every step of the way to ensure they can be successful .
How can organisations implement simple but effective security policies and procedures to lower their cyber risk ?
It ’ s a very daunting thing to be a CISO or a CEO looking at this problem for two reasons .
One , it ’ s not been done before , and now there ’ s a significant focus on it – you ’ ve got to walk a very delicate balance of helping to inform on the risk without coming off with fear , uncertainty and doubt .
Second , there are many security controls , products and services in enterprise IT . It can seem overwhelming that you might now need to copy that into the other side of the business , which is larger and more complex . But you don ’ t need to copy and paste what you have in IT . Instead , we need to look at a couple of critical controls and figure out the OT specific nature of them and apply those well and consistently .
• Step one : Figure out a defensible architecture .
• Step two : Get the visibility and monitoring in place to understand what ’ s going on and what needs to be protected .
• Step three : Have multi-factor authentication wherever you can put it in terms of remote access .
• Step four : Ensure you have a vulnerability management programme – don ’ t try to fix every vulnerability out there .
• Step five : Have an ICS specific incident response plan .
If you were to do those five controls well across your operations environment , you ’ d have a world-leading OT security programme . •