Over the past two and half years, digital transformation has accelerated significantly—by five to 10 years—as has the convergence of physical and digital assets. Ransomware attacks against oil pipelines, food supply chains, hospitals, and other critical infrastructure has brought into sharp focus the high criticality of cyber-physical systems (CPS) and their exposure to attacks.
While the rise of the Extended Internet of Things (XIoT)—the connected assets that underpin cyber-physical systems—has created security challenges for all types of organizations, the complexity of this web of connected devices can impact organizations in different ways. Think about the breadth of assets that may be included, from OT assets such as PLCs, to building management systems (BMS) such as HVAC controllers and elevators, to IoT devices such as security cameras and vending machines, to healthcare and IoMT devices such as infusion pumps and MRI machines. How these devices are used, how they connect to the rest of the network, how important they are to business-critical processes, and which threats pose real risk, will vary from organization to organization. For these reasons, it’s important for security teams to have a powerful yet also easy way to customize the capabilities that help them monitor, identify, and respond to security concerns and potential operational disruptions.
Clearly, there’s no such thing as a one-size-fits-all approach to securing cyber-physical systems and upholding operational resilience in today’s hyperconnected environment. Organizations need a user-friendly suite of products to set parameters for identifying and addressing what matters most to them. If you are among the 85% of critical infrastructure organizations predicted to adopt hyper converged solutions by 2024, here are three key takeaways to remember as you evaluate offerings.
Key Takeaway 1: Beware of solutions that paint with a broad brush and don’t allow you to customize cyber-physical systems security on a granular level
Every environment is unique, so to achieve operational resilience, you need to be able to track the variables that are most important for your environment. Claroty xDome has more than 90 different variables you can use to customize your risk tolerance parameters. For example, you can set alerts based on events you define, including out-of-range values or specific communications. While essential for network protection and optimal detection and response, this flexibility also enables you to design a preventative maintenance program to avoid unscheduled downtime and build operational resilience. You can also filter information by firmware and software versions and group assets in ways that are logical for your organization to help inform mitigations and cyber resilience efforts including risk assessments, vulnerability management, Zero Trust best practices, incident investigation, and triage.
Key Takeaway 2: Curated, nuanced context empowers security teams to ensure operational resilience
Claroty further enriches customized alerts with context. Leveraging an algorithm based on the unique context and specific circumstances in which each alert is triggered, provides a single, tailor-made metric for assessing risks present in your environment. In addition to easily weeding out distracting false positives, alert risk scoring enables rapid and effective prioritization when responding to a time-sensitive incident. This helps ensure operational resilience by ensuring incidents are resolved quickly and effectively.
You can further inform the parameters you set for alerts and filters using asset risk scoring. This granular mechanism to score risk for each asset on the network enables you to further identify and understand the nature of an asset’s risk in order to better prioritize and remediate related alerts and vulnerabilities. An asset’s overall risk score can be based on individual scores on vulnerability, criticality, accessibility, infection, and threat. For example, HVAC systems would have a higher criticality score for organizations in the pharmaceutical or food and beverage sectors that rely on temperature-sensitive processes.
Key takeaway 3: Situational factors play a big role, so understanding attack behavior within the context of your cyber-physical environment is vital
Regardless of your level of visibility, threat detection, or vulnerability management controls you implement to manage risk, you cannot eliminate it. Critical infrastructure organizations face information threats, hostile surveillance, and malware. Claroty takes customization and context even further by enabling you to understand situational factors that threat actors use to their advantage during an attack, and the steps you can take proactively to remediate risk.
Attack vector mapping identifies the most at-risk assets and zones in your cyber-physical network and simulates the various means through which an attacker could penetrate that network, with a focus on lateral-movement scenarios. Through a visual representation, you see all the points at which you would be alerted during the course of an attack. From the first alert that a new asset (for example, an intruder’s system) has entered the environment, and along the entire contextualized chain of events and all alerts related to a single incident. Invaluable context surrounding every step of the attack, enables you to stop a threat actor before they get to an operationally critical part of the network and commence an attack to disable a critical process that can result in safety issues or costly downtime.
One-size-fits-all security for today’s connected organization is a myth. Designed for flexibility and ease-of-use, Claroty’s suite of products offers the customization, contextual enrichment, and situational awareness capabilities security teams need to be able to understand what threats and security flaws pose real risk to their bottom line and secure their unique environment.
Interested in learning more about Claroty’s cyber-physical cybersecurity solutions? Request a demo.
