ICS Detection Endgame

Hypothesis: The current ICS cyber incident detection solutions will not exist in three years. They are interim solutions, and competitors in the market need to identify and implement an endgame strategy as they continue to run very fast with the current solution. In a...

Analysis of Dragos Platform Strategy … The Real Difference

What is Dragos? They have a diagram on their site that shows three business areas: Threat Intelligence Threat Operations Center (which are consulting services including incident response) Platform (their detection and response product) Dragos currently dominates...

Organization and Expectations for ICS Detection

The cases being made in ICS owner / operator companies for the “best” organizational structure for ICS detection, and response, are heartfelt, well considered and often at great variance with one another. The case for Operational Technology (OT) SOC vs....
Post Game Analysis: S4 ICS Detection Challenge

Post Game Analysis: S4 ICS Detection Challenge

How do you pick between 20+ ICS Detection and Asset Inventory solutions who are all claiming to be the best? The ICS Detection Challenge was designed to provide asset owner / potential customers with an unbiased technical comparison. S4x19 ICS Detection Challenge As...

ICS Detection Market: Moving Fast & Facing Challenges

I’ve analyzed and made a number of predictions on the ICS Detection market over the past two years. The biggest surprise to me over the last six months has been speed of the market. The winners and losers are being largely determined in 2018 and will result in...

The Future of the ICS Cyber Security Detection Market

The ICS Cyber Security Detection market has 20+ vendors chasing this niche with most focused on passive network monitoring to create an asset inventory and identify cyber incidents. I’ve written on this developing market, interviewed participants on stage and in...
S4x18 Debate: Enterprise SOC or OT SOC?

S4x18 Debate: Enterprise SOC or OT SOC?

This was a great debate from S4x18. Many owner / operators have an Enterprise Secure Operations Center (SOC), and they are considering how best to handle OT incident detection and response. There are two main approaches: 1. Add OT data and incident response capabilities to an Enterprise SOC or 2. Set up and run a SOC dedicated to the OT environment.



Dale Peterson interviews the ICS Detection Challenge Winner – Claroty and the runners up – Nozomi and Security Matters. They discuss where the competitors did well, how the products are likely to improve in the future, and what the future direction of the ICS product detection category is likely to be.


The ICS Detection Challenge at S4x18 last January pitted Claroty, Gravwell, Nozomi and Security Matters in a competition to determine who could create the most complete asset inventory and who could do the best job detecting attacks through passive ICS network monitoring only. Dale Peterson and Eric Byres discuss the packets used in the test and analyze the results. What this product category can and cannot do. The last 15 minutes talking about the future of the ICS Detection product category.