Dragos expands ICS platform with new acquisition

Industrial control systems (ICS) provider Dragos today announced that it has acquired Network Perception for an undisclosed amount, a move aimed at expanding its threat detection and visualization capabilities for operational technology (OT) environments.

Since its founding in 2016, Dragos has grown into one of the leading providers of cybersecurity for ICS systems. It has $440 million collected in Series D financing and has more than 400 employees. The company that Dragos bought, Network Perception, is less well known and considerably smaller. It has only 27 employees and has has raised $15.73 millionmost of which is 2022 Series A funding.

The Dragos threat intelligence platform, designed for OT infrastructure, includes sensors that monitor networks for anomalies and IOCs and visualization tools to track assets and risks and provide response playbooks.

Adding Network Perception promises to fill a gap in the Dragos platform, company officials told Dark Reading. Network Perception’s NP-View tool provides network visibility, compliance monitoring, segmentation analytics and reporting for several major electric utilities.

Early ties with government and industry regulators

Network Perception was developed about a decade ago at the cybersecurity research lab at the University of Illinois at Urbana-Champaign (UIUC). Co-founder and CEO Robin Berthier says that at the time, he and his team were working on the U.S. Department of Energy’s 10-year cybersecurity roadmap, which developed a prototype for what is now NP-View.

‘We grew quite quickly into the de facto solution in the electrical industry as the solution for OT network visibility and segmentation analysis, which is extremely important in case of regulatory compliance in this sector,” says Berthier.

He attributes Network Perception’s initial success to the decision of the industry’s top regulators, North American Electric Reliability Corp. (NERC) and the Federal Energy Regulatory Commission (FERC), to use NP-View to conduct national audits in 2017. According to Berthier, Network Perception has since added about 100 customers.

Berthier claims that NP-View is unique in that it only records configuration files from firewalls, routers, and switches deployed in OT networks, and not log data or telemetry from sensors.

“From those configuration files we build a model of the environment, and we can then show a topology map of those complex networks and check all the potential paths within those environments, which is very complementary to what Dragos does,” Berthier explains.

He further notes that while Dragos’ sensors monitor network traffic, security personnel must still decide what steps to take to address suspicious activity and anomalies. “It’s very important to have the context around the network access policies, such as zone-to-zone accessibility,” says Berthier.

Modeling network traffic for threats

NP-View models an adversary’s potential targets, including which ports and services are vulnerable and what is allowed by the firewalls, Berthier said. “It’s that part of network modeling that gives you that information that is extremely complex and sophisticated,” he says.

“It’s a level of sophistication today that no human, not even expert analysts, can understand because of the layers of logic that the firewalls use, from VPNs to VLANs and from access rules to network address translation,” Berthier adds. “We model and present that in a very simple, comprehensive way for both technical and non-technical users.”

When integrated, the Dragos platform will be able to use the data ingested into NP-View to add context around the different levels of suspicious activity needed, he notes.

The addition of Network Perception will likely enhance Dragos’ visualization and risk-based capabilities while boosting customers’ cyber resilience and compliance efforts, predicts Hollie Hennessy, Omdia’s principal analyst for IoT cybersecurity.

“Many OT organizations face challenges such as skills shortages and resource issues, which means compliance can be an issue. Being able to automate functions such as instant reporting can alleviate some of these issues,” she says. “Network Perception also has micro-segmentation capabilities that can again help mitigate risk – something that will enrich Dragos’ preventive capabilities and also help with compliance.”

Dragos field technology officer Phil Tonkin says half of Network Perception’s customer base, all of which are in the electrical sector, use the Dragos platform. While Dragos’ first customers were electric utilities, the company has expanded its base to include oil and gas suppliers, manufacturers, water utilities, transportation and mining.

Tonkin says Dragos will integrate NP-View into its platform in the coming quarters and offer it as an option to its customers in adjacent OT sectors. “While the impetus to get these types of capabilities into the US electric sector is often driven by compliance, we are seeing more and more people seeing the need to take the same actions just to manage their risks,” he says.

The deal marks only the second acquisition for Dragos. The company purchased a supplier of assessment tools NexDefense in 2019. Although other potential acquisitions are not ruled out, Dragos is not currently looking for other companies. “Right now, our focus is on building on the strengths we just acquired by bringing Network Perception to the team,” Tonkin said.