Dragos, a company building software to secure the control systems for manufacturing and industrial equipment, has raised $74 million in a Series D round extension led by WestCap.
The round, which brings Dragos’ total raised to $440 million, leaves the startup’s post-money valuation unchanged for the second year at $1.7 billion. Dragos CEO Robert Lee says that the new money will be put toward “continuing to grow and expand” the company’s customer base, which stands at around 400 organizations and governments.
“Equity provides Dragos with the most operational flexibility,” Lee told TechCrunch in an email interview. “The Series D funding extension will bolster Dragos’ ability to make industrial cybersecurity more accessible around the world.”
Lee co-founded Hanover, Maryland-based Dragos with Justin Cavinee and Jon Lavender several years ago, inspired by his time in the U.S. Air Force as a cyber warfare operations officer. Through Dragos, Lee hoped to help asset owners and operators — specifically those in industries such as electric, water, oil and gas and chemical — protect infrastructure from threat actors that target the hardware monitoring, managing and controlling devices in industrial settings.
Data suggests that attacks on this hardware, known as industrial control systems, are increasing not only in frequency, but sophistication. Waterfall Security Solutions, a Dragos competitor, reported 57 attacks on industrial control systems in 2022 — a 140% increase in the number of attacks versus the year prior.
Meanwhile, a recent survey by ABS Group, a consulting group for the marine and offshore oil, gas and chemical sectors, reveals that 45% of organizations believe threats to their control systems are “high,” while another 15% agree that they’re “severe or critical.”
Frost & Sullivan anticipates that the global market for industrial cybersecurity will hit $10.2 billion by 2025, up from $3.3 billion in 2020.
“Bad actors are leveraging cyberattacks to target and control the environments of the world’s industrial infrastructure,” Lee said. “Once relatively ‘air gapped,’ industrial controls have become increasingly connected to IT networks.”
Dragos attempts to secure these controls by delivering visibility into an organization’s assets and communications. The company’s platform leverages analytics to identify threats, helps to prioritize vulnerabilities and provides playbooks for responding to attacks.
Lee claims that Dragos is one of the few industrial control security vendors to provide a managed hunting service and a threat intelligence service for customers. Dragos hunts for — and reports on — threat activity within an industrial control system environment, and allows customers to optionally, anonymously share threat intelligence with the broader community.
Dragos, which has a 500-person workforce, has been focused on aggressively expanding over the past several months. This spring and summer, it grew its presence in Western Europe, particularly in Germany, Austria and Switzerland; expanded its footprint in Saudi Arabia and the United Arab Emirates; and entered into an agreement with IT consultancy Macnica to provide Dragos’ products in Japan. Just in August, Dragos signed a three-year deal with the Singaporean government’s cybersecurity arm, supporting the country’s efforts to defend against cyberattacks on its operational technology and critical infrastructure.
Beyond direct agreements and customer engagements, Dragos is putting efforts into getting its partner program off the ground. The program, launched this year as the Dragos Global Partner Program, offers training to partners who resell, manage and deploy its platform, including Dragos’ asset discovery and threat detection services.
In a previous interview, Lee said that Dragos’ intention is to eventually IPO. It seems it’s just a matter of when.