Last year, when we launched bots.splunk.com, we told you, our fearless readers, that we would be continually adding new content so keep checking back for more Learn and Play Now modules. I know some of you might have forgotten this guidance (and you know who you are), so I wanted to make sure you all knew that we have added a new Partner Experience. This new Partner Experience features Dragos and their virtual ICS/OT challenge!
Partner Experiences are capture the flag (CTF) on-demand challenges, built by a Splunk technology partner, running in Splunk, hosted on the BOSS Platform and are available at no cost (as in free)!
A Brief Introduction to Dragos
Dragos is an industrial (ICS/OT/IIoT) cybersecurity company on a mission to safeguard civilization. They identify threats through intelligence-driven analytics, prioritize vulnerabilities, and provide best-practice playbooks to guide teams as they investigate and respond to threats before they cause significant impacts to operations, processes, or people.
By integrating the Dragos Platform to Splunk, defenders can quickly prioritize, investigate, and respond to industrial threats which can also help compliance requirements across both IT and OT environments. Security teams at industrial organizations can now access ICS datasets from Dragos alongside the enterprise IT datasets collected in Splunk, providing analysts with improved overarching situational awareness and to ensure secure industrial operations.
Bridging the divide between IT and OT teams has become a significant challenge. Only 21% of companies surveyed in the recent Ponemon report, 2021 State of Industrial Cybersecurity. said they have achieved ICS/OT cybersecurity maturity, citing lack of skills and training as a primary contributing factor.
Start Capturing Those Flags!
Users that are unfamiliar with Dragos can find a brief introductory module under Learn on bots.splunk.com. From there, you can dive into their Play Now scenario that utilizes Dragos to identify control logic modifications, persistence being maintained within networks, command & control (C2) being implemented, and much more. Inside of the events, you can view categorized alerts, network telemetry, as well as detailed messages to help the operator understand what transpired. Wait...you're not very familiar with Dragos? Not to fear, there are hints provided for the questions!
There are over 30 questions and you’ll want to budget between 1.5 to 3 hours to complete the challenge. Maybe you are concerned that you won’t have enough time. No worries, you can play and come back later and play again. After all, it’s on demand!
We hope you take the opportunity to check out the Dragos Industrial Partner Experience on bots.splunk.com and try your hand at their challenges. The team did a great job building an engaging partner experience and highlighting some very cool capabilities Dragos can bring to your blue team.
By the way, did you know that all the Learn, Play Now and BOSS events on the BOSS Platform are free? As in free! Come for the Dragos partner experience and stay to learn more about investigating and hunting with Splunk and so much more!