Our new Biannual ICS Risk & Vulnerability Report is the most up-to-date look at CVEs disclosed in OT devices.
Check it out!
Announcing Claroty Open Source
By Guy Zylberberg, Amit Itzkovitch, and Tomer Shlomo | January 21, 2021
Developing software solutions is never a solo performance. Behind every development is extensive collaboration between engineers, product managers, manufacturers, researchers, and end-users, among many others. A core example of the collaborative efforts that go into software development is open-source code, which is code made freely available for anyone to modify and use within their own projects as needed. This type of public resource enables developers to utilize and build on solutions to coding problems that other developers had previously resolved.
To this end, we are pleased to announce Claroty Open Source, a new initiative that we’ve launched in order to contribute to the shared pool of knowledge and tools in the open-source community. As part of this initiative, we will be periodically releasing code packages we created to solve some of the unique challenges we’ve faced in the development of our products. Along with our specific need for these modules, we feel that the solutions they provide can be beneficial across multiple applications and industries.
1) JWThenticator: Key-based Authentication for Cloud Applications
This code package enables key-based authentication for cloud services and microservices in order to validate generated JSON web tokens (JWT) via an API gateway. Claroty’s need for this arose from our requirement to synchronize information across our customers’ deployments of multiple applications such as Claroty Continuous Threat Detection (CTD) and Enterprise Management Console (EMC) to our cloud services and infrastructure. Existing third-party solutions do not support key-to-JWT authentication while existing cloud authentication services were complex and prone to breakage.
Image: JWThenticator API Gateway Example Architecture.
This code release can be utilized in nearly any microservices architecture that requires access to back-end data without a username and password login, replacing the need for third-party identity and access management (IAM) solutions, which can be costly and cumbersome. This includes everyday user applications such as transportation planners and news feeds, enterprise applications such as production dashboards and inventory systems, as well as development projects utilizing IoT components. Although this microservice was designed with cloud infrastructure in mind, it can also be used as a stand-alone service without an API gateway or even in offline environments.
2) NETunnel: Multi-connection network tunneling over HTTPs Connections
NETunnel is a modularized code package that enables fast and reliable network tunneling over HTTPS connections. NETunnel can be used in one of two ways: simple client-server tunneling for arbitrary connections, or as multi-server network architecture that enables persistent and reliable network tunnels between instances. For Claroty this means that multiple microservices in our products can use a single NETunnel instance in order to perform network tunneling.
NETunnel is best suited for developers looking to establish secure connections and send information between multiple servers over HTTPS, for example, when a firewall exists between two locations and only allows HTTPS traffic to be sent through it. One use case for this code package is in voice over internet protocol (VoIP) services, which, without a solution like NETunnel, could be unable to send voice and video information over secure public Wi-Fi networks.
We are excited to share these code packages and more in the coming months. Documentation and README files are available on Claroty’s Github page.
To learn more about The Claroty Platform and see these developments in action, request a demo.