The New Claroty Platform: A Holistic Approach to Industrial Cybersecurity
Apr 21, 2020
The rapid pace at which the operational technology (OT) and information technology (IT) worlds continue to converge is bringing along with it new ways of understanding risk, and more critically, new challenges to addressing this risk. Our motivation and ability to streamline solutions to these types of challenges is not only what put Claroty on the map years ago, but it’s also what fueled our new enhancements to the Continuous Threat Detection (CTD) and Secure Remote Access (SRA) components of the Claroty Platform.
With CTD version 4.1 and SRA version 3.0, both of which we announced today, we aim to further enable our customers—regardless of industry, role, or skill-level—to reduce risk in their OT environments. The Claroty Platform now offers the industry’s broadest set of OT security controls across four areas integral to reducing risk: visibility, threat detection, vulnerability management, and triage & mitigation.
We’ve long recognized that visibility is the foundation of securing an OT environment. Without it, you can’t accurately assess—much less reduce—risks because you’ll have no way of identifying the threats and vulnerabilities contributing to those risks. This is why it’s always been imperative to us that the Claroty Platform provide the full visibility our customers need into all assets, networks, and processes across their OT environments. Visibility of this caliber also allows us to equip customers with some powerful tools right out of the box:
Automatic segmentation and microsegmentation of OT networks and subnets via our Virtual Zones feature
Real-time monitoring and complete recordings of all OT remote sessions with SRA
Pre-built reports that provide actionable insight into key variables of OT visibility
Now with CTD 4.1 and SRA 3.0, this visibility is even greater and more accessible to all users. Expansions to protocol coverage, as well as the level of detail provided at the asset, network, and process levels, further enhances visibility. Meanwhile, fully customizable dashboards enable users to more-easily filter, pinpoint, and action the information most critical to their priorities.
Alerts can be a drag on security operations center (SOC) efficiency. This is especially true for OT alerts, which are prone to false positives that can be difficult to distinguish from true threats. We help our customers tackle this challenge by extending the visibility provided by the Claroty Platform to threat detection. Specifically, CTD utilizes five detection engines to achieve the following:
Anomaly Detection: Detects changes in communication patterns based on Claroty’s DPI
Security Behaviors: Identifies known attack techniques for IT and OT networks
Known Threats: Uses SNORT and YARA Rule engines to detect indicators of compromise (IoCs)
Operational Behaviors: Identifies OT operations such as firmware upgrades
Custom Rules: Sends alerts on user-defined events
Furthermore, the latest OT-specific threat intelligence—including unique insights from the Claroty Research Team, IoCs, and common vulnerabilities and exposures (CVE) data from the National Vulnerabilities Database (NVD)—augments these capabilities. Now with CTD 4.1, all threat intelligence automatically updates in real-time via the Claroty Cloud.
Vulnerabilities are another major factor of risk to any OT environment, and in order to reduce this risk you must be able to identify, prioritize, and remediate vulnerabilities efficiently. The Claroty Platform helps our customers achieve this with ease by providing the fine-grain details necessary to resolve issues surrounding the prevalence of legacy systems and false positives and negatives.
In particular, the unmatched visibility that the platform provides into OT assets includes exact-match CVEs present in those assets, thereby largely eliminating false positives and negatives for our customers. Now with CTD 4.1, the platform also includes additional features that further reduce the complexity of vulnerability management:
Enhanced Attack Vector Mapping: This feature helps optimize vulnerability prioritization and remediation by automatically calculating the most likely paths through which an attacker could penetrate and compromise an environment. It also provides tailored mitigation recommendations.
Risk Dashboard: This customizable dashboard provides an overview of risk analytics, making it even easier for customers to understand, and ultimately remediate, the risks and corresponding vulnerabilities in their OT environment.
Triage & Mitigation
This brings us to triage & mitigation. Identifying and assessing threats and vulnerabilities in your OT environment is crucial, but in order to reduce risk, you also need to be able to remediate them in a timely manner. Generally speaking, the more time spent triaging an alert, the greater risk the event that triggered the alert can pose to your environment. All aspects of the Claroty Platform, including CTD 4.1 and SRA 3.0, converge here to streamline and expedite triage & mitigation for our customers. Highlights include:
New contextualized alert scoring with details surrounding the circumstances of an event
Root cause analysis enhancements that group related alerts into a chain of events
The automatic recording of and ability to audit remote network sessions
Expanded integrations with industry partners that leverage existing tools & workflows
Above all else, it’s important to remember that effective industrial cybersecurity is all about reducing risks to the availability, reliability, and safety of your OT environment. And at Claroty, we continually strive to ensure that doing so no longer needs to be a complex, time-intensive endeavor for our customers. By employing a holistic approach to our platform, in full alignment with our broad ecosystem of technology partners, Claroty is at the vanguard of IT-OT convergence.
CTD 4.1 will be available this month and SRA 3.0 will be available in May. To learn more about the Claroty Platform and its new features, please request a demo.