Feb 26, 2020

With cybersecurity teams requiring greater visibility into their operational technology (OT) networks, integrations that connect information technology (IT) and OT security teams are more important than ever.

To that end, Claroty has partnered with Demisto, a Palo Alto Networks company, to integrate our Continuous Threat Detection (CTD) security platform with the Demisto Cortex XSOAR security orchestration, automation, and response solution. With the Claroty CTD and Cortex XSOAR integration, enterprises and managed security service providers (MSSPs) can more efficiently and effectively analyze, prioritize, and remediate potential threats in OT environments, lowering the risk to business-critical facilities and processes.

Cortex XSOAR integrates with hundreds of security products and enables customers to build playbooks that incorporate a combination of automated tasks and manual best practices to standardize and scale incident response. Demisto’s playbooks help reduce MTTR (mean time to respond) for security incidents and free up time for security teams to conduct deeper investigations. In addition, the case management and machine learning capabilities help security teams maintain incident oversight and improve their security posture over time.

The Claroty CTD and Cortex XSOAR integration allows organizations to automate three security controls that are fundamental to any effective security strategy.

Use Case 1: OT Asset Discovery & Enrichment

Maintaining an accurate enterprise asset database is extremely difficult, but without it effective security is near impossible. With this integration, CTD identifies all OT assets–along with the corresponding vendor, model, and serial number, among other details–within a customer’s environment.

Cortex XSOAR then ingests this information seamlessly, triggering a playbook that automates the population and maintenance of the enterprise’s configuration management database (CMDB) with OT asset information. The rich contextual data provided for each asset makes it realistic to prioritize security processes and actions based on the CMDB.


Use Case 2: OT Vulnerability Management

Proactive vulnerability management is a fundamental control because it hardens assets against the most common exploits seen in the wild. This integration automates OT vulnerability management: Claroty CTD identifies critical vulnerabilities on OT assets and sends this information to Cortex XSOAR, initiating a playbook that automatically creates context-rich tickets in the enterprise service manager for action.

Crucially, this process focuses on high-risk issues on truly important assets, so that non-critical issues do not overwhelm the vulnerability management process and obfuscate the issues that demand immediate attention.


Use Case 3: OT Threat Detection Alerts

In order to scale, enterprises must centralize and automate the processing of alerts that are indicators of risk or compromise. As part of this integration, Claroty CTD continually monitors a customer’s environment for OT threats and correlates threat detection alerts with asset and flow information observed from that environment.

These OT threat detection alerts then populate within Cortex XSOAR where a playbook automatically passes them to the enterprise SIEM and ticketing system, allowing security analysts to quickly evaluate alerts and take corrective action if necessary.


Learn more about Claroty CTD and the Cortex XSOAR integration.