Our new Biannual ICS Risk & Vulnerability Report is the most up-to-date look at CVEs disclosed in OT devices.
Check it out!
Best Practices for Securing Industrial Environments, Part 2: Discover the Unknown & Build Comprehensive Visibility
May 24, 2022
With CrowdStrike, Claroty has a valuable partner who shares a common mission to secure industrial environments, succeeds in providing one of the best solutions available, and whose willingness to innovate yields remarkable results.
This blog series will seek to take a deeper look at each recommended practice, the reasoning behind its necessity, and the manner in which the CrowdStrike-Claroty joint solution addresses each one. To start with the first best practice — “Secure the Known” — read this blog.
Best Practice #2: Discover the Unknown & Build Comprehensive Visibility
It is human nature to fear the unknown. It is perfectly natural and wholly understandable to have an innate aversion to dark caves, to ocean depths the sunlight doesn’t reach, to the vast expanses of our universe beyond the confines of Earth’s gravity. At the core of each of these fears, whether you relate to them or not, is a universal human instinct underpinning so much of our decision making and critical thinking — the fear of the unknown.
As human history has progressed and pushed civilization beyond long forgotten fears that once divided and terrified us, the singular difference between our modern confidence and our ancestors’ aversion has been the acquisition of knowledge. Discovery has undoubtedly changed human experience and enabled critical advances, removing uncertainty and prying us away from the instinct to lean into ignorance. Just as an ostrich burying its head in the sand makes for easy prey, the asset management or cybersecurity professional who believes “what you don’t know can’t hurt you” makes their entire organization an easy target.*
This state of ignorance is unacceptable for industrial environments, where disruptions in process and operation can entail tremendous cost and horrific danger. Comprehensive visibility must be a primary concern, and there is no shame in admitting you simply cannot secure what you don’t know about. The vast majority of enterprises are surprised to find how many unmanaged assets are tucked away within their OT networks, and Claroty’s experience with every kind of industrial environment has confirmed the universality of this problem.
Claroty offers safe and flexible asset discovery solutions, enabling organizations to truly achieve comprehensive OT network visibility. Options such as Continuous Threat Detection (CTD) and Edge provide for passive, active, and Claroty’s unique AppDB discovery methods. The result is powerful; deep understanding and unshakable confidence that the unknowns within every industrial network have been accounted for. This knowledge enables IT and OT professionals to proactively take on vulnerabilities, risks, and incursions when they occur.
Figure 1: An example of device insights typically discovered by CTD.
Figure 2: A view within Claroty CTD of known threat alerts from CrowdStrike Falcon empowering CTD root cause analysis.
A truly complete inventory of an industrial environment is dependent not only on finding all of its unknown components, but also on having an understanding of the features and activities of those components. Claroty CTD has the largest library of proprietary protocols and the deepest visibility into the granular details of OT, IoT, and IIoT assets, connections, and processes. CTD also enriches asset information within the CrowdStrike Falcon platform, empowering enterprises to confidently expand the reach of Falcon and better protect industrial environments. This breadth and depth of discovery is critical to understanding industrial networks and forming an effective cybersecurity strategy.
Figure 3: A view of device enrichment within CTD.
*It’s worth noting the irony of this ostrich example, as we now know this behavior is a function of caring for their eggs — although no such excuse is available for willful ignorance in humans.