Project File Analysis
Collection Method Overview
As one of Claroty’s five collection methods, Project File Analysis uses a unique, non-intrusive, pioneered-by-Claroty approach to discover and enrich XIoT assets in commercial environments.
As one of Claroty’s five collection methods, Project File Analysis uses a unique, non-intrusive, pioneered-by-Claroty approach to discover and enrich XIoT assets in commercial environments.
Claroty's Project File Analysis harnesses a unique file-parsing mechanism to provide deep visibility into XIoT assets — even those in truly air-gapped commercial environments.
Project File Analysis can be easily combined with any of our other collection methods, reinforcing two key tenets of our commercial cybersecurity portfolio:
First, Claroty recognizes there is no one-size-fits-all path to asset discovery because each customer, environment, and cybersecurity journey is unique.
Second, we also recognize that achieving a comprehensive XIoT asset inventory almost always requires using not only Project File Analysis or any other, singular collection method but a combination of multiple methods. This limitation isn't a weakness of our technology — it’s a vendor-agnostic reality of collection itself.
It’s also why Claroty is proud to be the only vendor to offer a whopping five highly flexible, mix-and-match collection methods designed to empower you to gain full visibility into all XIoT assets in your commercial environment, your way.
Claroty is proud to have pioneered Project File Analysis to tackle some of the toughest challenges inherent to XIoT asset discovery in commercial environments. Key benefits of this collection method include:
Project File Analysis is uniquely non-intrusive because it relies on parsing files that are typically stored in offline repositories. As such, this collection method has no impact whatsoever on operational availability, process integrity, or safety.
This collection method can deliver efficient, effective visibility into assets and asset details even under challenging circumstances where most other collection methods would fall short — such as in fully air-gapped environments, for example.
Since Project File Analysis does not require lengthy installations or direct connectivity to the commercial environment, it can deliver deep visibility rapidly and even help expedite implementations of other Claroty offerings by blueprinting their deployments.
Have questions about Project File Analysis? You're not alone! See below for answers to questions we often receive about this collection method — and if you're seeking additional information or would like to speak with one of our experts, contact us here.
A: Claroty's Project File Analysis works by ingesting and parsing the configuration files that are routinely backed-up on workstations and other support and management components of commercial environments. These files typically include details used by or related to commercial assets like PLCs and RTUs, as well as other assets with which those PLCs and RTUs communicate, making them rich information sources on virtually all assets in the environment.
Since this collection method does not require direct connectivity to the commercial environment itself, it is even suitable for those that are air-gapped or otherwise largely inaccessible.
A: Yes. Since the deep visibility provided by Project File Analysis is extracted from back-ups of configuration files — its timeliness depends on how often these files are backed-up.
While backups happen extremely frequently in many commercial environments, they seldom occur in others. For those in which asset changes are a common occurrence yet backups are not, relying solely on Project File Analysis can result in an outdated asset inventory. As a result, we encourage (and make it easy for) customers to combine Project File Analysis with one or more of our other collection methods to keep their asset inventory up-to-date.
A: Just as every customer is unique, every combination of our five collection methods has its own unique benefits and rationales. That being said, most of our customers who choose to use our Project File Analysis also use our Passive Monitoring.
A common scenario is for customers to first deploy Project File Analysis to rapidly discover their assets. Using their newly obtained asset inventory as a blueprint, customers can then more easily, effectively, and efficiently deploy Passive Monitoring to extend or support threat detection, segmentation, and other commercial cybersecurity controls across their environment.
Claroty xDome is a highly flexible, modular, SaaS-based platform that supports all use cases and capabilities across your entire commercial cybersecurity journey.
Claroty Continuous Threat Detection (CTD) is a robust commercial cybersecurity platform that supports on-premise deployments without compromise.
Project File Analysis is just one of the five highly flexible, mix-and-match collection methods we offer our commercial cybersecurity customers. Our others include:
Claroty’s approach to passive monitoring, the most common collection method for commercial asset discovery and anomaly detection, offers continuous visibility with cybersecurity and operational monitoring across commercial environments.
Claroty Edge is a unique method that uses our patented technology to deliver easy and non-disruptive — yet comprehensive — visibility into all types of assets in OT environments in just minutes without any additional hardware or configuration.
Safe Queries, which are Claroty’s differentiated approach to active scans, send highly targeted queries to segments of the OT environment to identify and enrich the assets present — all with unmatched precision and no risk of disruption.
Claroty’s vast technical ecosystem includes ready-made integrations with CMDB, EDR, and dozens of other tools that extend the value of customers’ existing investments while enhancing the visibility provided by our other collection methods.
Want to see how Claroty will support your entire XIoT cybersecurity journey?
