With CrowdStrike, Claroty has a valuable partner that shares its common mission to secure industrial environments, succeeds in providing one of the best solutions available, and displays a willingness to innovate that has yielded remarkable results.
In celebration of this partnership, CrowdStrike and Claroty have come together to recommend 6 Best Practices for Securing Industrial Environments. These six steps can be considered a recommendation for organizations deploying both an Endpoint Detection and Response (EDR) solution—such as CrowdStrike Falcon—and a broader network security solution, such as Claroty Continuous Threat Detection (CTD) or Claroty xDome.
This blog series will seek to take a deeper look at each recommended practice, the reasoning behind its necessity, and the manner in which the CrowdStrike-Claroty joint solution addresses each one. The previous best practices in this series are “Secure the Known,” “Discover the Unknown & Build Comprehensive Visibility,” “Build a Vulnerability Management Plan,” and “Secure the Unknown.”
Having come this far in your cybersecurity journey is a tremendous accomplishment. At this stage, your organization has confidence in its visibility, monitoring, and management of network components. You know what you have on your networks, you can see what those connected devices and systems are doing, and you have a plan in place to continuously improve the overall security of your networks. The next priority should be to establish policies capable of preventing inappropriate and dangerous access to your networks, as well as the critical systems within.
Effective network access control is about more than just preventing access, as asset management professionals need to be able to access systems remotely regularly. Without a safe, monitored, and auditable solution to provide this necessary access, professionals in the field will likely figure out their own way to gain this access. While asset managers are used to working around the complexities and restrictions of network controls, this is not an area where corners can be cut. What may appear to personnel in the field to be the simplest, easiest solution can often leave otherwise secure networks highly vulnerable to unwanted and dangerous remote access incursions. The use of VPNs and other legacy options represent a significant risk to network security in industrial environments, and as such, a solution purpose-built for secure remote access to industrial environments is essential.
Historically, managing remote access has meant making compromises. Organizations would have to choose between simple options with little to no security metrics and security-conscious alternatives with highly complex implementations and cumbersome usability. Plus, these solutions were created with an IT network in mind, rather than industrial environments.
There are unique considerations for remote access for OT environments, including the following requirements:
OT assets need to be accessed by internal users and third-party vendors on a regular basis.
Access needs to be quick and reliable. In an emergency, there is no time for multiple levels of authentication, VPNs, jump servers, or other barriers that could disrupt operations.
Administrators need to know and control who is logging in, from where, for what purpose, and whether that purpose is legitimate.
Claroty Secure Remote Access (SRA) was purpose-built to meet specific operational, administrative, and security needs of industrial networks. SRA minimizes the cost and complexity of administering safe, secure, and reliable OT remote access for internal and third party users. Administrators can see who is accessing what devices in real time and all sessions are recorded for review at a later date. In the event an ongoing session merits concern, live monitoring of the session and the ability to end sessions remotely enables secure and trusted access.