Dale Peterson interviews Rob Lee, founder and CEO of Dragos - SANS 515 Creator - former SCADA Diva - Chief FUD Debunker - ..., focusing on how an asset owner should select an advanced IDS detection solution from a crowded market of 25+ new offerings.

Here is a breakdown of the episode:

3:50 What surprised Rob most about the response to Crashoverride?

8:40 What should be in place before an asset owner considers an advanced threat detection solution, and how many and what type of people are required to gain the benefits of a sophisticated detection solution.

13:30 Rob's controversial view that their should be a separate ICS Secure Operations Center (SOC) rather than integrating it into an existing Enterprise SOC.

Then we talk about Rob's breakdown of four different classes of ICS detection solutions

15:55 Configuration Analysis Solutions

19:15 Statistical Analysis (Modeling, Baseline, Threshold and Time) Solutions

24:50 Indicator (signatures) Solutions

30:35 Behavioral Solutions compared to other three approaches

35:50 How does an asset owner choose between the 25+ offerings?

37:40 Rob's view that vendors in this space are startups and can't do a good job in multiple classes. They need to focus on one class and a small number of sectors to be credible.

39:35 Depth v. Breadth and the push to please VC's by saying you cover the entire ICS space

43:50 You got to test it


Signup for the ICS Security: Friday News & Notes email

Check Out the S4 Events YouTube Channel


United States


Disclaimer: The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.


Thank you for helping to keep the podcast database up to date.