By Michal Erel | October 22, 2020

 

In early 2020, enterprises worldwide faced the unanticipated challenge of quickly pivoting to remote operations at the onset of the COVID-19 pandemic. For many, this was a wake-up call that shed a spotlight on their organization’s lack of secure remote access capabilities, particularly with regards to operational technology (OT).

Many security decision makers quickly identified the need for a solution that would enable OT personnel to monitor connections, enforce privileged access control, and meet auditing and compliance requirements while working from home. However, when it comes to secure remote access, OT has some unique requirements and challenges that differentiate it from IT.

VPN- and gateway-based remote access remain popular for IT use cases, and while many of these solutions have improved with next-generation software-defined perimeter (SDP) features, they are ill-suited to OT environments due to their limited access controls and lack of monitoring and auditing capabilities. Furthermore, traditional VPNs and gateways inadvertently expand an organization’s attack surface and present adversaries with a potential point of entry via stolen credentials or internet-facing vulnerabilities.

Secure-by-Design Remote Access for OT

Understanding the specific requirements of OT environments and the limitations of existing VPN, gateway, SDP offerings on the market, Claroty set out to create a secure remote access solution for OT that offers the highest security measures with efficiency and operability in mind. In fact, Claroty Secure Remote Access (SRA) is the industry’s only solution that is purpose-built for OT and fully integrated as a native component of a comprehensive OT security platform.

Claroty SRA was designed with the following security infrastructure principles in mind:

  • Data at Rest: Password vault data for user access and asset data is stored and encrypted in the Claroty database using AES-256 and hashed using SHA-256.
  • Data in Transit: SRA splits data in transit between two encrypted tunnels in a manner that reduces the attack surface by removing direct connectivity between remote users and OT assets.

In addition, Claroty SRA’s myriad features support adherence to OT security best practices, including architecting according to the Purdue Model, applying the principle of least privilege, and using role-based access control, password-vaulting, and GDPR-compliant auditing/forensics.

The Claroty Platform: SRA Success Stories

The Claroty Platform: SRA Success Stories details the following real-world examples of how our customers have leveraged Claroty SRA to fulfill their OT security and risk management objectives:

  • SRA Success Story #1: Claroty SRA empowers a clean energy leader to minimize onsite staff amid COVID-19, while adapting industrial operations and cybersecurity for a remote workforce.
  • SRA Success Story #2: A global beverage manufacturer uses SRA to minimize third-party risk and preserve process integrity at water treatment and bottling facilities worldwide.
  • SRA Success Story #3: SRA enables one of Europe’s busiest airports to manage secure remote access to building management systems (BMS).

To learn more, download The Claroty Platform: SRA Success Stories.