Dragos · Founded 2016 · ICS-CERT lineage
Dragos Platform
ICS / OT cybersecurity from the ICS-IR specialists
Founded in 2016 by Robert M. Lee and a team of former US ICS-CERT and government ICS hunters, Dragos pairs the Dragos Platform with the WorldView threat-intelligence service and the Neighborhood Keeper community-defence model. The strongest ICS-specific pedigree on the market, particularly in energy, oil and gas, water utilities and electricity grids where deep ICS protocol knowledge and threat-actor attribution matter most.
Platform
Core ICS visibility + IR
WorldView
ICS threat intel
NK
Community defence
What Dragos is
Dragos was founded in 2016 by Robert M. Lee, a former US Air Force ICS cyber-warfare officer and SANS instructor, alongside a team of ICS-CERT and US Government ICS threat hunters. That pedigree shapes everything: Dragos is the deepest ICS-IR specialist on the market, with the strongest threat-actor research in industries where understanding adversary tradecraft matters as much as detection.
The Dragos Platform combines asset visibility, threat detection, vulnerability management and case-management workflow for OT incident response. WorldView is the threat-intelligence service that pushes ICS-specific indicators, threat-group profiles (Dragos tracks groups like CHERNOVITE, ELECTRUM, KAMACITE, XENOTIME) and finished intelligence reports to the platform. Neighborhood Keeper is a unique community-defence model where anonymised detections are shared across participating critical-infrastructure customers, turning a single attack into a defence for an entire sector.
Where Dragos differs from Nozomi or Claroty is depth versus breadth. Dragos is purpose-built for heavy industry and critical infrastructure, energy, utilities, water, electricity, oil and gas, with less focus on healthcare IoMT or manufacturing IoT. For organisations facing nation-state-level ICS threats, that specialism is the value.
ICS-CERT
pedigree
Founded by former US ICS-CERT and Air Force ICS cyber-warfare hunters. The deepest ICS-IR pedigree on the market, the right choice for critical-infrastructure operators facing nation-state-level threats.
- Dragos Platform: visibility + detection + VM + IR
- WorldView ICS threat-intel feeds
- Neighborhood Keeper community defence
- ICS-CERT and US Government pedigree
- Threat-group profiles (CHERNOVITE, XENOTIME, etc.)
- Passive ICS-protocol parsing
- Case-management for OT incident response
- Strongest in energy, utilities, water, oil and gas
Why it wins
What makes Dragos the critical-infrastructure specialist
The strengths that show up most often where nation-state threat models, ICS-IR depth and threat-actor attribution matter most.
ICS-CERT
Founders from US ICS-CERT and Air Force cyber-warfare, deepest IR pedigree
5+ groups
Named ICS threat-groups tracked (CHERNOVITE, XENOTIME, ELECTRUM, KAMACITE, PARISITE)
Community
Neighborhood Keeper shares anonymised detections across critical-infrastructure peers
Deepest ICS-IR pedigree
Founded by former US ICS-CERT hunters and Air Force cyber-warfare officers. No other vendor has the same density of OT incident-response experience at the leadership and research level.
WorldView threat intelligence
The most credible ICS-specific threat-intelligence service. Tracks named threat groups (CHERNOVITE, ELECTRUM, KAMACITE, XENOTIME, PARISITE), publishes finished intelligence and feeds detection content tuned to actual ICS adversary tradecraft.
Neighborhood Keeper
A unique programme where anonymised detections from participating critical-infrastructure customers are shared across the community. One attack on one utility becomes a defence for an entire sector.
OT case management
Built-in case management designed for OT incident response, including evidence collection, controller-program analysis, plant-engineering collaboration and reporting. Most platforms treat IR as an afterthought; Dragos puts it at the centre.
Heavy-industry focus
Purpose-built for electricity grids, oil and gas, water utilities, pipelines and substations. If your threat model includes nation-state attacks on critical infrastructure, Dragos is the specialist answer.
Passive deployment
Default passive monitoring with no risk to production controllers. Dragos remains fully passive by default, suited to the high-stakes safety culture of critical-infrastructure operators.
Who should put Dragos on the shortlist
Electricity transmission and distribution utilities and grid operators
Oil and gas producers, pipeline operators and refineries
Water and wastewater utilities, particularly large municipal operators
Substations, switchyards and power-generation plants
Critical-infrastructure operators in the UAE facing nation-state threat models
Organisations needing strong ICS threat-actor attribution and finished intelligence
Teams investing in dedicated OT incident response capability
Plants where deep ICS protocol knowledge outweighs IoT or IoMT breadth
Core features
What's inside Dragos
Dragos Platform, Single platform for OT visibility, detection, VM and IR.
Passive ICS discovery, Deep packet inspection across major ICS protocols.
Threat detection, Behavioural + Dragos analytics tuned to known ICS TTPs.
WorldView intel feed, Finished intelligence, IOCs and threat-group profiles.
Neighborhood Keeper, Community sharing across critical-infrastructure peers.
Vulnerability management, Asset-level CVE mapping with IR context.
Case management, OT-aware incident-response workflow.
Threat-group profiles, CHERNOVITE, XENOTIME, ELECTRUM, KAMACITE and more.
SIEM integration, Forwarders to Splunk, Sentinel, QRadar, Rapid7.
NERC CIP and IEC 62443 reporting, Audit-ready evidence for critical-infrastructure regulators.
Choosing a product
Simplified positioning, which Dragos product fits
Dragos is sold as three complementary products. Most UAE critical-infrastructure programmes start with the Platform and add WorldView and Neighborhood Keeper as the programme matures.
The strategic view
How the products relate
Start with the Platform, layer WorldView for ICS threat intelligence, opt into Neighborhood Keeper for community-shared defence.
Licensing
Dragos products and capabilities
The Dragos Platform is licensed per site or asset, with WorldView and Neighborhood Keeper as separate subscriptions.
| Capability | Dragos Platformcore | WorldViewthreat intel | Neighborhood Keepercommunity |
|---|---|---|---|
| Primary positioning | Visibility + detection + VM + IR | ICS-specific threat intel | Community-shared detection |
| Passive ICS asset discovery | ✓ | ✗ | via Platform |
| ICS-protocol parsing | ✓ | ✗ | via Platform |
| Threat detection (behavioural + analytics) | ✓ | intel-driven | community-shared |
| Vulnerability management | ✓ | context | ✗ |
| Case management for OT IR | ✓ | intel input | ✗ |
| Finished ICS threat intelligence | ✗ | ✓ | ✗ |
| Threat-group profiles (CHERNOVITE etc.) | via WorldView | ✓ | ✗ |
| Anonymised community sharing | ✗ | ✗ | ✓ |
| Deployment | On-prem or cloud | Subscription feed | Subscription opt-in |
| SIEM and SOC integration | ✓ | ✓ | ✓ |
| Compliance reporting (NERC CIP, IEC 62443) | ✓ | evidence | ✗ |
| Licensing basis | Per site / asset | Subscription | Community opt-in |
Deployment Options
How we deliver Dragos across UAE utilities and energy
Dragos on-premises
Self-hosted Dragos for air-gapped operators and sites with strict data-residency mandates. Default for sensitive critical-infrastructure customers.
Dragos cloud
Dragos-hosted cloud-managed option for organisations comfortable with SaaS, simplifies multi-site management.
Hybrid + intel feeds
Most utility customers combine on-prem Platform with WorldView intel feeds and Neighborhood Keeper community participation. Artiflex sizes the right mix.
Why Artiflex IT
Delivering Dragos across the UAE
Dragos is the right answer for UAE utilities, energy, water and critical-infrastructure operators facing nation-state-level threats. Artiflex handles site survey, sensor placement, deployment, WorldView integration, Neighborhood Keeper enrolment, SOC integration and ongoing management, all mapped to NERC CIP, IEC 62443, NESA and ADHICS. Fully managed, co-managed or assessment-only.
Frequently asked
Dragos questions we hear from UAE buyers
When does Dragos beat Nozomi or Claroty?
When the threat model is nation-state-level attack on critical infrastructure (energy, utilities, water, oil and gas). Dragos's ICS-CERT pedigree, WorldView intelligence and Neighborhood Keeper community-defence model are unmatched for adversary research and ICS-IR depth. Nozomi and Claroty win for breadth (manufacturing, healthcare, IoMT, IoT); Dragos wins for depth in heavy industry.
Ready to evaluate Dragos?
Book a free OT posture assessment and we will scope the Dragos Platform, WorldView intelligence and Neighborhood Keeper community-defence model for your UAE utility or energy estate.