Blog / 4 min read
William Noto (Claroty), Madhu Pai (AWS), and Karthick Srinivasan (AWS)
The realm of industrial cybersecurity is marked by intricate challenges. As industrial settings undergo digital transformation, they become susceptible to various fresh threats and obstacles. Whether it's dealing with conventional monitoring solutions incompatible with operational technology (OT), error-prone network segmentation policies, unsecured remote access, ransomware from IT migrating to OT, or targeted attacks, the problems are multifaceted. Addressing these issues appears formidable for organizations.
Enter Claroty xDome. Leveraging AWS at the foundation of its design, xDome is a product that addresses these very challenges. By offering solutions tailored to the unique needs of industrial environments, xDome protects, streamlines, and optimizes network protection and threat detection for OT and industrial IoT networks.
In this article, we will take an in-depth look at these challenges and examine how the architecture of Claroty xDome deployed on Amazon Web Service (AWS) presents a holistic remedy for tackling the cybersecurity requirements within an industrial setting. This collaborative approach not only strengthens the cybersecurity stance of asset owners in the industrial sector but also introduces novel opportunities for effectively navigating the security obstacles that may arise during digital transformation.
There are several challenges with improving security in industrial environments:
Incompatibility with Traditional Monitoring Tools: Traditional IT threat detection tools are ineffective in industrial environments because those tools do not support the proprietary protocols used by hard-to-replace, legacy devices running outdated software
Complexity of Industrial Environments: The intricate nature of industrial systems makes identification and remediation of threats difficult and time-consuming.
Error-Prone Network Segmentation Policies: Implementing and maintaining segmentation policies is a complex and fallible process, leading to potential vulnerabilities.
Widespread Unsecured Remote Access: Common practices for remote access in industrial environments are often risky, leading to potential breaches.
Rising Targeted Attacks: Malicious actors are increasingly targeting industrial environments that have a low tolerance for operational downtime. These environments are inherently insecure because most programmable logic controllers were not designed to verify that the commands they receive come from authorized, encrypted, and authentic sources. The combination of new threat vectors and a latently insecure design philosophy leads to a rapidly expanding attack surface. As a consequence, asset owners are showing a greater willingness to meet the ransom demands to maintain production expectations despite increased risks.
Claroty xDome, in collaboration with AWS, directly addresses these problems enabling a via path towards a secured digital transformation. In the following sections, we will provide details of Claroty xDome on AWS and why it's a significant advancement for both industrial operators.
1) Claroty xDome & The Purdue Model
Using the Purdue Model as a basis, Claroty's xDome and Edge products interact with different layers of a control system. From sensors and actuators at Level 0 to supervisory control at Level 2, and engineering workstations at Level 3, xDome provides the data collection and analytics required for comprehensive visibility and control.
2) Three Networks, One Comprehensive Solution
The architecture of Claroty's solution consists of three primary networks:
On-Premises Plant Network: This network represents Purdue Model levels 0 through 3.5. The integration of Claroty Edge and xDome Collection Servers at various levels ensures detailed data collection, monitoring, and analysis of the plant environment.
Claroty xDome SaaS on AWS: A secure VPC hosts services such as Amazon EC2, S3 Data Lake, RDS, Athena, and EKS, offering a highly scalable and flexible environment for data processing and threat analysis.
Customer's AWS Cloud for SOC: This network integrates with the AWS Security Hub, Amazon Security Lake, and various analytics services, providing a cohesive, powerful platform for security event management and insight.
3) A Symbiotic Relationship with AWS
Claroty xDome's architecture leverages AWS services which creates a synergistic relationship that offers several key benefits:
Scalability: Leveraging the inherent scalability of AWS, Claroty xDome provides a low Total Cost of Ownership (TCO), making it an attractive proposition for existing industrial asset owners.
Security: Encrypted connections between on-premises networks and AWS, combined with the strength of AWS security features, ensure robust protection.
Comprehensive Coverage: From data collection to threat detection and response, Claroty xDome's multi-layered approach provides a holistic solution for industrial cybersecurity needs.
Ease of Integration: With native compatibility and support for a wide range of AWS services, Claroty xDome can be effortlessly integrated into the existing AWS landscape.
Through its profound integration with AWS services, Claroty xDome introduces a groundbreaking and efficient approach to industrial cybersecurity. This collaboration offers asset owners a chance to address the distinctive security complexities within industrial settings, acting as a catalyst for digital transformation, all the while ensuring cyber and operational resilience.
Claroty's unwavering dedication to excellence, combined with the robust capabilities and adaptability of AWS, forges a partnership that sets new standards in industrial cybersecurity. As we progress, this cooperation is poised to become a pivotal element in the dynamic progression towards a safer and more secure industrial landscape.
Endnotes: 1) https://www.ibm.com/reports/data-breach