Security Stack Logo
Dragos Platform logo

Cyber-Physical Systems (CPS) Security

Dragos Platform

Industrial cybersecurity platform delivering OT asset visibility and threat detection.

Industrial Control Systems (ICS) SecurityOperational Technology (OT) SecurityCritical Infrastructure Protection

Dragos Platform Overview

What it does

The Dragos Platform is purpose-built cybersecurity software for operational technology (OT) and industrial control systems (ICS), providing asset visibility, threat detection, vulnerability management, and incident response specifically for critical infrastructure. Unlike IT security tools that lack understanding of industrial protocols, the platform uses threat behavior analytics that characterize adversary tactics, techniques, and procedures (TTPs) to identify malicious activity with high confidence while minimizing false positives that plague generic solutions.

How it works

The platform discovers and classifies OT, IT, IoT, and IIoT assets through passive network monitoring and active ICS device collection, capturing device type, manufacturer, firmware version, and communication patterns with detailed vulnerability context. Detection capabilities use composite threat analytics based on real-world attack groups documented by Dragos WorldView intelligence researchers, providing alerts with investigation playbooks that guide security teams through efficient response workflows and automated risk prioritization based on environmental context rather than generic CVE scores.

Credentials and traction

The Dragos Platform is ISO/IEC 27001:2022 and SOC 2 Type II certified. Dragos was named a Leader in the 2026 Gartner Magic Quadrant for Cyber-Physical Systems Protection Platforms, its second consecutive placement, and holds a 4.5 out of 5 rating on Gartner Peer Insights in the CPS Protection Platform category. Frost & Sullivan ranked it #1 in Innovation in the 2025 Frost Radar for OT Cybersecurity Solutions. The platform serves critical infrastructure operators across the electric, oil and gas, manufacturing, and water sectors.

Key Capabilities

mapped to solution categories
Industrial Control Systems (ICS) Security

Monitors ICS network traffic by analyzing span port or tap data without injecting any traffic, critical for environments where active probing can cause PLC faults or safety system trips.

Inspects industrial protocols (Modbus, DNP3, IEC 61850, EtherNet/IP, PROFINET, OPC-UA, BACnet) at function-code level for commands and configuration changes. Coverage breadth and inspection depth (command-level function code analysis vs. packet-level header parsing) both vary across ICS security products and are primary evaluation criteria.

Models expected behavior of safety-instrumented systems (SIS) separately from process control systems, preventing false alerts on normal SIS state machine transitions.

Identifies device vulnerabilities by fingerprinting asset type, firmware version, and protocol implementation from passive traffic observation, no active scan that could disrupt device operation.

Maps network topology, identified vulnerabilities, and detected anomalies to IEC 62443 zone and conduit requirements and security level targets.

Provides a single platform for monitoring both enterprise IT and OT network segments, enabling unified SOC operations without separate monitoring tooling for each domain.

Builds ICS asset inventories (PLCs, RTUs, HMIs, engineering workstations) from passive network observation without probes that could disrupt operations.

Critical Infrastructure Protection

Ingests and applies threat intelligence specific to critical infrastructure threat actor groups (Sandworm, ELECTRUM, Volt Typhoon), and sector-specific attack techniques.

Generates pre-formatted incident notifications compliant with CISA reporting requirements, NERC CIP-008, and sector-specific regulatory reporting obligations.

Supports sector-specific compliance frameworks alongside IEC 62443: NERC CIP for electric utilities, TSA security directives for pipelines, NRC cybersecurity requirements for nuclear.

Monitors OT system availability, process variable integrity, and control system state, flagging deviations that indicate cyberattack or equipment failure affecting operational continuity.

Operational Technology (OT) Security

Discovers OT/ICS assets by analyzing existing network traffic (Modbus polls, Profinet broadcasts, EtherNet/IP connections), without sending any probe packets that could disrupt device operation.

Dissects OT protocol payloads at the function code level, detecting unauthorized read/write operations, unusual register ranges, and firmware upload commands in Modbus, DNP3, EtherNet/IP, PROFINET, and OPC-UA traffic.

Baselines normal device communication patterns (command frequency, connection pairs, timing), and alerts on deviations, detecting reconnaissance, manipulation, and lateral movement.

Forwards enriched OT security alerts into enterprise SIEM and SOAR platforms with OT-specific context, enabling unified SOC operations without requiring OT-specialized analysts.

Identifies and prioritizes vulnerabilities across discovered OT and ICS assets using device, firmware, and exposure context, recommending safe, operationally feasible remediation or compensating controls for environments where patching is constrained.

Compliance

certifications
ISO 27001SOC 2 Type II

Integrations

compatible tools
Cisco Secure Firewall ASACrowdStrike Falcon Discover for IoTCrowdStrike Falcon Insight XDRFortinet FortiGateFortinet FortiSIEMFortinet FortiSOARIBM QRadarLogRhythm NextGen SIEMMicrosoft SentinelPalo Alto NetworksPalo Alto XSOARServiceNowSplunkTrellix Enterprise Security Manager

Implementation & support

Deployment model
Air-GappedCloudHybridOn-PremisesSaaS
Pricing structure
Custom / Enterprise
Support channels
24/7 SupportCustomer Success TeamDocumentationEmail SupportKnowledge BasePhone SupportTechnical Account Manager (TAM)Ticketing PortalTraining / Academy

Info last updated on May 28, 2026

Vendors

Is this your product?

Claim your profile to connect with the teams looking for your solutions.

Security Stack Logo

The curated research platform for enterprise cybersecurity solutions.

All product and company names, logos, and brands are property of their respective owners and are used on this website for identification purposes only. Security Stack does not endorse any vendor, product, or service listed, and makes no warranties, express or implied, as to the accuracy or completeness of this content, including any warranties of merchantability or fitness for a particular purpose.

© 2026 Security Stack. All rights reserved.