With the rise of the Extended Internet of Things (XIoT), cyber-physical systems and underlying connected assets that were not necessarily designed to co-exist seamlessly in a connected environment are now subject to an expanded attack surface. This is now par for the course with the current state of digital transformation, and it will take years, if not decades, before a new generation of connected assets emerges with more natively integrated security processes and pathways.
In the meantime, we need to introduce cybersecurity practices and capabilities that are missing from many of these newly integrated cyber-physical systems. The 2022 Market Guide for Operational Technology Security from Gartner®, a company that delivers actionable, objective insight to executives and their teams provides security and risk management leaders with an overview of the state of the OT security market and recommendations to leverage the evolving landscape of available OT security offerings.
According to the Market Guide, “70% of asset-intensive organizations will have converged their security functions across both enterprise and operational environments by 2025.” Claroty is listed as a Representative Vendor.
Claroty has recognized the need for holistic cybersecurity for increasingly interconnected technology environments, and that’s why we are building a future where cyber and physical worlds safely connect. Over the past year, our acquisition of Medigate, $400 million Series E investment led by SoftBank Group, and the expansion of our reseller agreement in Europe with Yokogawa to include Southeast Asia, Australia, and New Zealand have accelerated and expanded our capabilities to help organizations move towards cyber-physical systems cybersecurity and uphold operational resilience.
Claroty is not alone in its realization that the time has come for OT cybersecurity to evolve and broaden. In our discussions with CISOs and security leaders, we have found that many are taking a hard look at the evolution from OT network-centric security toward cyber-physical systems asset-centric security with the rise of various IoT technologies.
In its new Market Guide for Operational Technology Security, Gartner makes several recommendations for security and risk management leaders responsible for the technology, information, and resilience risk of OT systems security, including to “anchor security efforts to operational resilience.” Based on our observations, while most organizations have centralized governance and responsibility for OT cybersecurity under the CISO, the details of implementation and how the organization is structured can fall along a wide spectrum, from less to more control for the security team. Multiple variations work: the key is having a clear understanding of the boundaries and responsibilities for each team with respect to budget, implementation, and ongoing reporting.
Gartner also recommends security and risk management leaders “assess where they are on the typical end-user OT/cyber-physical systems security journey.” At Claroty, we have found this is very helpful in benchmarking against peers, competitors, and the industry as a whole; highlighting and communicating the risk to the organization relative to the market; and planning and prioritizing investments.
Finally, Gartner recommends that security and risk management leaders “inventory what OT security solutions are currently used in their organizations, and evaluate the growing list of solutions now on the market for best fit.” In our experience, this is an important but challenging step in accelerating IT/OT security stack convergence. OT and cyber-physical security teams are discovering unmanaged assets everywhere and connectivity that shouldn’t be there as this environment has been largely unseen for decades. It’s a process that might take iterations. Thankfully, in the last few years, our industry has made tremendous progress in technology that helps us easily discover such assets and profile their exposure, risk, and vulnerabilities.
The Gartner Market Guide for Operational Technology Security includes examples of questions to ask vendors as a starting point when evaluating solutions, which we believe makes it a valuable resource for decision makers. We welcome the opportunity to provide a demo of Claroty’s cyber-physical cybersecurity solutions, and address these questions and more.
*Gartner, “Market Guide for Operational Technology Security”, Katell Thielemann, Wam Voster, Barika Pace, Ruggero Contu, August 4, 2022
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.