Dragos Expands ICS Platform with New Acquisition

Industrial control systems (ICS) provider Dragos today announced that it has acquired Network Perception for an undisclosed sum, a move aimed at expanding its threat detection and visualization capability for operational technology (OT) environments.

Since its founding in 2016, Dragos has emerged as one of the leading providers of cybersecurity protection for ICS systems. It has amassed $440 million in Series D funding and has over 400 employees. The company that Dragos bought, Network Perception, is lesser known and considerably smaller. It has only 27 employees and has raised $15.73 million, most of which is Series A funding from 2022.

The Dragos threat intelligence platform, designed for OT infrastructure, includes sensors that monitor networks for anomalies and IOCs and visualization tools to track assets and risks and provide response playbooks.

Adding Network Perception promises to fill a gap in the Dragos platform, company officials told Dark Reading. Network Perception's NP-View tool provides network visibility, compliance monitoring, segmentation analytics and reporting for various large electric utilities.

Early Ties with Government and Industry Regulators

Network Perception was incubated roughly a decade ago at the University of Illinois at Urbana-Champaign (UIUC) cybersecurity research lab. At the time, co-founder and CEO Robin Berthier says he and his team were working on the U.S. Department of Energy's 10-year cybersecurity roadmap, which developed a prototype for what is now NP-View.

"We grew pretty fast to become the de facto solution in the electric industry as the OT network visibility and segmentation analysis solution, which is extremely important in the case of compliance for the regulation in this industry," Berthier says.

He credits Network Perception's initial success to the decision by the industry's key regulators, North American Electric Reliability Corp. (NERC) and the Federal Energy Regulatory Commission (FERC), to use NP-View to conduct audits nationwide in 2017. According to Berthier, Network Perception has since tallied about 100 customers.

Berthier claims that NP-View is unique because it ingests only configuration files from firewalls, routers and switches deployed in OT networks, not log data or telemetry from sensors.

"From those configuration files, we build a model of the environment, and we can then show a topology map of those complex networks and check all the potential pathways inside those environments, which is very complementary to what Dragos is doing," Berthier explains.

Further, he notes that while Dragos' sensors monitor network traffic, security operators still must decide what steps to take to address suspicious activity and anomalies. "It's really important to have the context around the network's access policy, like the zone-to-zone accessibility," Berthier says.

Modeling Network Traffic for Threats

NP-View models an adversary's potential targets, including which ports and services are vulnerable and what's permitted by the firewalls, according to Berthier. "It is that part of the modeling of networks that gives you that information that is extremely complex and sophisticated," he says.

"It's a level of sophistication today that no human, even expert analysts, can comprehend because of the different layers of logic that the firewalls are using, from VPNs to VLANs to access rules to network address translation," Berthier adds. "We model and present that in a very simple, comprehensive way for both technical as well as non-technical users.”

When integrated, the Dragos platform will be able to consume the data ingested into NP-View to add context around the different levels of suspicious activity that is needed, he notes.

The addition of Network Perception will likely boost Dragos' visualization and risk-based capabilities while enhancing customers’ cyber resilience and compliance efforts, predicts Omdia principal analyst for IoT cybersecurity, Hollie Hennessy.

"Many OT organizations are struggling with challenges such as skills shortage and resource issues, meaning compliance can be a struggle--thus being able to automate functions such as reporting instantly, can alleviate some of those issues," she says. "Network perception also has micro segmentation capabilities which again can help to mitigate risk - something that will enrich Dragos' preventative capabilities and can also help with compliance."

Dragos field technology officer Phil Tonkin says that half of Network Perception's customer base, which is all in the electric sector, uses the Dragos platform. While Dragos's earliest customers were electric utilities, the company has expanded its base to include oil and gas providers, manufacturers, water utilities, transportation and mining.

In the coming quarters, Tonkin says Dragos will integrate NP-View into its platform and offer it as an option to its customers in adjacent OT sectors. "Although the driver to get capabilities like this into the electric sector in the US has often been driven by compliance, we're seeing more and more people understanding the need to carry out those same actions just to manage their risks," he says.

The deal marks only the second acquisition for Dragos. The company bought assessment tool provider NexDefense in 2019. Though isn’t ruling out other potential acquisitions, Dragos is not currently shopping for other companies. “Right now, our focus is to just build on the strengths that we've just gained by bringing Network Perception into the team,” Tonkin says.