Swimlane partners with Dragos to automate threat detection across both IT and OT environments

Swimlane announced a partnership with Dragos. Through the partnership, the companies are offering a new integration between Swimlane Turbine and the Dragos Platform that enables customers to automate threat detection and enrichment across both IT and OT environments, leveraging AI for synchronized response.

Building on Swimlane’s existing security automation ecosystem for OT environments, this integration offers customers flexibility to tailor their OT security approach to their specific needs. The integration offers centralized case management, automated ticketing and vulnerability management use cases to streamline workflows and improve communication.

Solving the OT-IT cybersecurity gap

The convergence of modern IT and legacy industrial control systems (ICS) presents a critical cybersecurity challenge. This stems from two factors: outdated ICS technology struggling to integrate securely with modern systems, and the limitations of traditional IT security solutions in ICS/OT environments. These combined factors, coupled with the 50% rise in reported ransomware attacks targeting industrial organizations, emphasize the urgent need for prioritizing and implementing effective ICS-specific security controls.

Fortunately, today’s industrial organizations can now reduce their mean time to respond and recover (MTTR) to emerging threats by leveraging a highly customizable, yet approachable, security solution that centralizes IT and OT threat detection, remediation, and case management into a centralized system of record.

“Applying IT security solutions directly to ICS environments simply doesn’t work,” said Mike Kay, SVP of Global Partnerships at Swimlane. “Thanks to this robust integration between two industry leaders, industrial organizations can now benefit from automated asset vulnerability management that keeps humans in the loop. Security teams will now be able to customize everything from Swimlane Playbooks to applications to address OT-specific needs.”

Revolutionizing OT security

By leveraging this powerful integration, customers can unlock a wealth of innovations, including:

• Centralized case management: The integration provides a unified view of IT/OT assets, enabling analysts to focus on strategic decision-making instead of manual data collection
• Dashboard and reporting: Dashboards are populated by self-documenting Swimlane Playbooks to provide security teams with visual models to easily see organization-wide OT asset risk levels.
• Swimlane Turbine Canvas: Turbine Canvas is a low-code automation studio that enables OT experts to build custom Swimlane Playbooks easily and quickly. It uses modular and reusable components to extend the value of Dragos’ playbooks to streamline incident response by automating actions across both IT and OT environments.
• Native IOC correlation: The integration supports the sharing of native and historical information within IT and OT environments. Native correlation enables analysts to see how previous cases with the same IOCs were resolved, providing insights into the business logic used to triage the threat and to enable recognition of persistent threats over time.

“The Swimlane and Dragos integration allows industrial organizations to speed detection and recovery from cyber threats,” said Matt Cowell, Global VP of Business Development at Dragos. “The integration pairs the Dragos Platform’s ability to identify and guide remediation for threat behaviors in OT with Swimlane’s automation across IT and OT environments. With accelerated mean time to recovery, responders can be more efficient and ultimately strengthen their security posture.”

“Without prioritizing and implementing strong ICS-specific security controls, industrial organizations risk catastrophic consequences,” said Jason D. Christopher, VP of Cybersecurity and Digital Transformation at Energy Impact Partners. “Both leaders in their respective categories, Swimlane and Dragos together offer a powerful solution that empowers industrial organizations to rapidly respond to evolving threats and overcome complex security challenges.”