Dragos Platform - Industrial Cybersecurity for OT Environments

Dragos is a tool that is very specialized in OT and ICS cybersecurity platforms. Dragos is very stable and widely used in critical infrastructure sectors, mainly in banking, education, and insurance sectors. It provides excellent detection visibility, threat detection, governance alignment, and incident response capabilities. In a real-time banking security operation, Dragos is a very strong choice.

In real-time banking environments, I use Dragos for fraud and transaction monitoring. Dragos integrates with other SOC systems to monitor OT and ICS systems in banking data centers as well as ATM networks. It integrates with all the different machines to identify any fraud or transaction issues that may be happening, such as incorrect deposits or withdrawals for particular customers. All of these things are monitored through fraud and transaction monitoring, which is one of the best real-time examples.

Dragos also has asset visibility capabilities where it identifies and maps critical banking infrastructure assets like servers, ATMs, and payment gateways. Asset visibility helps understand what type of ATM and what type of servers are being used, who is accessing them, who is withdrawing funds, who is depositing funds, and who is using different features.

Threat detection is another important capability where Dragos detects protocol anomalies and threats in real time while reducing false positives compared to IT-centric tools. If someone tries to detect the tool with improper options, tries to break down machines, or commits fraud, threat detection helps identify who that person is and what they have done.

Dragos integrates with SOC systems, especially OT and ICS systems, to give a clear picture of a particular customer who has been using a specific ATM at a center. If a customer goes to a bank and tries to use different options such as depositing, making fixed deposits, withdrawing, or conducting any kind of transaction or fraud, the fraud and transaction monitor helps identify which bank the customer visited, which data center was used, what servers are in it, and what ATM networks are across it. It tries to identify each piece of information related to that customer and helps understand whether proper or improper things have taken place. It is more of monitoring and transaction control, and it is very transparent toward any customer.

Risk detection while using Dragos helps identify that incident response planning is one of the options in risk detection. I have reduced it from 40% to 18.5%, and ICS visibility has also contributed to a 60% improvement overall.

Dragos includes features like automated asset discovery, protocol-aware detection, incident response playbooks, and threat intelligence reports. Dragos supports monitoring of hundreds of thousands of assets and has positive false positive reduction.

Governance alignment with formats like NERC, CIP, IEC, and others, broad-level reporting, and operational resilience are some of the best governance features providing the right guidelines and policies.

Dragos should be improved in deployment complexity as it requires OT engineering coordination. One needs to have proper engineering coordination to understand the system, deploy it, integrate it, and make all the complex things into one system. This is very challenging, and one should be really skillful and have experience to accomplish this.

Cost is another area for improvement. The cost is higher due to site-based licensing and expert services. The licensing is very heavy, and expert services are required for deployment. Cost-wise is also challenging and needs to be improved.

Integration needs alignment with IT security systems and compliance frameworks. Controlling cybersecurity where any fraudulent person or third party should not access the system is controlled, and managing that level of complexity is quite challenging.

Since there is continuous monitoring, it can reduce operational risk losses by 20% to 30% annually. Controlling that huge amount of data and transactions, especially regarding storage, requires a lot of database space. The space-wise storage should be reduced.

I have been using Dragos for the last four years.

Dragos is a stable tool. It is scalable and ideal for any banking sector. Dragos's scalability is good. It is highly scalable, especially as it handles large-scale banking networks operating with different users from different varieties, especially in India across different branches. It is a stable tool with strong reliability ratings in critical infrastructure environments. Out of five, I would rate it as 4.5 in enterprise reviews. Dragos is a stable tool with high scalability and strong stability.

Dragos's scalability is good. It is highly scalable, especially as it handles large-scale banking networks operating with different users from different varieties, especially in India across different branches. Dragos is a stable tool with strong reliability ratings in critical infrastructure environments.

Customer support is good. I could rate it a 10 out of eight. They are very good in customer support. If someone is looking for Dragos, especially who are into specialized handling of cybersecurity platforms in a very high scalable manner, maybe toward any banking sector, and if they want to provide any asset visibility, threat detection, and governance alignment with incident response capabilities, I think when all of these come into picture, Dragos is a strong choice. There are other tools available, but Dragos is a very strong tool when comparing all its metrics, scalability, and governance.

I have not used any previous solution. I started with Dragos in my current organization.

The return on investment is more about time saved. Dragos saves time compared to other tools, especially for employees. Together, I achieve reliability and accuracy at 99.9% uptime. The time saved has been significant compared to other tools in the market. It has really helped in achieving cloud data integration with different tools, saving time. It gives access to valid users, allowing me to know the transactions of different customers. Banking sectors can recover various banking sector operations in no time. Transactions and everything are covered in very little time. The time saved is a good example compared to other things.

Pricing-wise, I am not certain because there is a third party who handles the pricing in my company. The setup cost and licensing is quite critical. Licensing is always handled for access users, and only valid users can access this license. The organization level access is compared to individual level access. Dragos setup and cost is handled by a third party. Licensing is a valid license for specific accessible users.

I have not used any other tool, but there is one more tool called Nozomi Networks. That is another option I had considered, but I always use Dragos. Dragos was the very first option I used.

Risk detection is something where I identify that incident response planning is one of the options in risk detection, which has reduced to 18.5% from 40%. Using ICS visibility has helped a lot, and a 60% improvement has been done overall.

There are some features like automated asset discovery where I have proper visibility of the vendor and model context, determining what is automated to that particular option or for banking usage. Protocol-aware detection tunes to iOS or IoT OT environments, knowing what protocols and what aware detections exist. If any improper detection happens, the protocol gives awareness that something is going wrong. Incident response playbooks guide investigations of what is happening across banking systems, especially servers and databases.

Scalability is another important feature. It supports monitoring of hundreds of thousands of assets across multiple sites. More customers or different users who come and access different monitors, especially banking systems, have been enabled through this scalability. False positive reduction is another feature that understands behavior analytics tuned to OT protocols, minimizing alert fatigue. If false positive reductions or any deductions happen, they are tracked.

Governance alignment has been very much improved in my organization by using Dragos. It supports formats like NERC, CIP, IEC, and standards called NIST and CFC compliances. These are government and governance compliance according to banking sector requirements based on unique identifiers and are always valid toward any system. Broad-level reporting provides risk scoring and incident records for audits. If any risk happens, I know what should be improved next time. If anything changes, I know what needs improvement. The reporting level, especially at board level in a high-level capacity controlling branches, especially from headquarters, is one of the benefits Dragos has provided. Operational resilience is another benefit where continuous monitoring of Dragos ensures reduced downtime and financial risk.

Operational resilience is continuous monitoring. Metrics-wise, it helped me achieve downtime reduction of less than two hours of downtime per year for critical banking services. The Reserve Bank of India guidelines require banks to set impact tolerances for critical operations like payment processing. Recovery time objective helped me achieve under 30 minutes for core banking systems. Earlier it was around 3-4 hours and now it has reduced to 30 minutes.

Dragos should be improved in deployment complexity as it requires OT engineering coordination. One needs to have proper engineering coordination to understand the system, deploy it, integrate it, and make all the complex things into one system. This is very challenging, and one should be really skillful and have experience to do that. Cost is another area for improvement as it is higher due to site-based licensing and expert services. The licensing is very heavy, and expert services are required. Integration needs alignment with IT security systems and compliance frameworks where controlling cybersecurity to prevent fraudulent persons or third parties from accessing the system is complex.

Accuracy and dependency-wise, the tool is very accurate. The percentage of error-free transactions processed in banking achieving 99% is one of the most important metrics for millions of daily transactions. Fraud detection accuracy is another metric where AI-driven fraud helps identify and especially 95% of detection happens through this accuracy. Data accuracy, especially in KYC, helps banks identify what type of KYC information like ID proofs is present, avoiding regulatory penalties at 99% accuracy. Reliability-wise, the core banking system is always at 99.9% uptime and gives the right measures toward any customer. Mean time between failure (MTBF) is another metric where ATM networks achieve more than 5,000 plus hours.

I use AWS cloud for my hybrid deployment and have purchased Dragos from the AWS marketplace.

Dragos especially ensures systems recover quickly, providing resilience. It handles all the operational resilience in banking, with metrics of 99.9% uptime, 30 minutes recovery time, and 99% transaction accuracy.

I would rate this review an 8 out of 10 overall.

I am an engineer in a service provider company where we help clients choose and implement security solutions, and I'm still looking for a new solution.

I am certified in Dragos, but I have not deployed it in client sites.

I used Nozomi a few years ago for two years, and now I'm getting trained in it so that I can help clients implement the tool. My customers are still using it.

Dragos' best features are that they are more focused towards Incident Response, so they have a dedicated playbook in their platform, making it easier for anyone investigating any incidents to investigate the alerts. One of the main features of Dragos is that they have a dedicated Incident Response team, so if clients need any help, they are there to help.

Dragos does real-time monitoring as well, collecting mirror traffic from the span port of the switch, and as soon as it gets the traffic, it analyzes it in real time and shows what's going on in the networks, which relates to the real-time visibility feature for ICS networks.

I think Dragos could be improved, as I have worked in Nozomi and compared it to Nozomi. Nozomi offers a lot of flexibility in what I am able to learn and unlearn, and I have more visibility towards the nodes, links, and process variables, which I think is missing in Dragos.

I think Dragos can offer more flexibility similar to Nozomi and more visibility into the assets, nodes, and links, which would make it more competitive in the future.

I have used Clarity for two years, and it has been one year since I last used Clarity. That is how long I have been dealing with the Clarity platform.

I have experience managing the tools Clarity, Nozomi, Dragos, Sangfor, and I am familiar with these products.

My customers are already working with Devo, Dragos, Nozomi, Clarity, and these are locally deployed in the client sites, not bought on the AWS Marketplace.

I have not used Devo, but I have used Nozomi and Dragos, so I do have experience with those products.

I completed my certification in Dragos and recommend it to my customers already, and I have been dealing with Dragos for a while now.

Dragos offers a threat intelligence subscription called worldview, so if a customer subscribes to that, they will get regular threat intelligence.

I have not used much of the detailed analytics and reporting functionalities of Dragos.

Dragos is a good option to choose, as it performs well in the market.

Dragos is a big name, and there is room for Dragos in the India market, and they should promote it more.

The company that I'm working for is a partner with Dragos. I also have partnerships with other vendors including Clarity, Nozomi, and Fortinet.

I was learning FortiSIEM three months back, but I am not certified in it, so I have been dealing with Fortinet products in a somewhat limited manner. FortiGate is what I mostly deal with from Fortinet.

On a scale of 1-10, I would rate this solution a 6 or 6.5.