Rob Lee

Dale Peterson interviews Rob Lee, founder and CEO of Dragos – SANS 515 Creator – former SCADA Diva – Chief FUD Debunker – …, focusing on how an asset owner should select an advanced IDS detection solution from a crowded market of 25+ new offerings.

Here is a breakdown of the episode:

3:50 What surprised Rob most about the response to Crashoverride?

8:40 What should be in place before an asset owner considers an advanced threat detection solution, and how many and what type of people are required to gain the benefits of a sophisticated detection solution.

13:30 Rob’s controversial view that their should be a separate ICS Secure Operations Center (SOC) rather than integrating it into an existing Enterprise SOC.

Then we talk about Rob’s breakdown of four different classes of ICS detection solutions

15:55 Configuration Analysis Solutions

19:15 Statistical Analysis (Modeling, Baseline, Threshold and Time) Solutions

24:50 Indicator (signatures) Solutions

30:35 Behavioral Solutions compared to other three approaches

35:50 How does an asset owner choose between the 25+ offerings?

37:40 Rob’s view that vendors in this space are startups and can’t do a good job in multiple classes. They need to focus on one class and a small number of sectors to be credible.

39:35 Depth v. Breadth and the push to please VC’s by saying you cover the entire ICS space.

43:50 You got to test it.

Check Out the S4 Events YouTube Channel