Dale Peterson interviews Rob Lee, founder and CEO of Dragos – SANS 515 Creator – former SCADA Diva – Chief FUD Debunker – …, focusing on how an asset owner should select an advanced IDS detection solution from a crowded market of 25+ new offerings.
Here is a breakdown of the episode:
3:50 What surprised Rob most about the response to Crashoverride?
8:40 What should be in place before an asset owner considers an advanced threat detection solution, and how many and what type of people are required to gain the benefits of a sophisticated detection solution.
13:30 Rob’s controversial view that their should be a separate ICS Secure Operations Center (SOC) rather than integrating it into an existing Enterprise SOC.
Then we talk about Rob’s breakdown of four different classes of ICS detection solutions
15:55 Configuration Analysis Solutions
19:15 Statistical Analysis (Modeling, Baseline, Threshold and Time) Solutions
24:50 Indicator (signatures) Solutions
30:35 Behavioral Solutions compared to other three approaches
35:50 How does an asset owner choose between the 25+ offerings?
37:40 Rob’s view that vendors in this space are startups and can’t do a good job in multiple classes. They need to focus on one class and a small number of sectors to be credible.
39:35 Depth v. Breadth and the push to please VC’s by saying you cover the entire ICS space.
43:50 You got to test it.
Check Out the S4 Events YouTube Channel