How to Leverage CrowdStrike Integration with Dragos

Introduction

In this video and article, we will look at the integration available between CrowdStrike and Dragos – a CrowdStrike Store partner. The Dragos app enables CrowdStrike customers to analyze their existing Falcon agent data for any evidence of ICS and OT-focused adversaries operating in their IT environment.

Video

Overview

Dragos is focused on protecting the world’s most critical infrastructure from adversaries. Their expertise around industrial security software and services adds a layer of knowledge to better arm CrowdStrike customers that support industrial operations. Because the CrowdStrike agent and event data is largely comprised of IT systems, this integration enables companies to be more proactive and effective in protecting their industrial operations from compromise.

 

Integration in the Dragos UI

The Overview page provides a visual representation of existing CrowdStrike event data through an Operational Technology lens. Dragos applies their specialized set of indicators to provide early warning of how and where activity groups focused on operational technology might be operating in the enterprise endpoint environment. That is critical as the adversary often targets IT systems as a pivot point to the more critical OT environments. The graph will illustrate any detected spikes in activity from Dragos known adversaries.

dragos overview

 

 

Dragos also provides additional details on the OT adversaries including capabilities, common targets, and mode of operations.

dragos activity groups

 

The event tab gives you the ability to see additional details for events where Dragos detecting adversary activity. The list includes the CrowdStrike event ID, event date, event type and device ID. Correlated with that are the specific indicator, related indicator type, confidence level, kill chain from Dragos.

dragos events

 

CrowdStrike UI

Using the CrowdStrike event ID, customers can leverage the Event Search function of the Falcon UI to find the specific event in question. By pivoting to the process explorer view, all of the related processes and details are shown in a graphical, process tree view. This visual representation provides context to the single event by including all of the associated activities including the initial attack vector, parent processes, and command line details.

dragos process tree

 

Conclusion

The Dragos app enables CrowdStrike customers to analyze their existing agent data for ICS- or OT-focused adversaries operating in their IT environment. Expanding visibility and leveraging the specialized IOCs and adversary information from Dragos allows companies to proactively protect their critical industrial operations, and reduce potential negative impacts on safety, reliability and productivity. Being able to apply that knowledge and then investigate and take action from the CrowdStrike UI helps customers minimize risks and stop breaches.

You can begin your trial of Dragos today directly in the CrowdStrike store.

dragos store

More resources

 

CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial