Continuous Threat Detection

As the foundation of The Claroty Platform, Continuous Threat Detection (CTD) provides full visibility and fundamental security controls for OT environments.


Continuous Threat Detection (CTD)

Bringing Full Visibility and Fundamental Security Controls to OT Environments


Claroty Support for the MITRE ATT&CK for ICS Framework

This report details the extent that The Claroty Platform can detect adversary techniques listed in MITRE ATT&CK for ICS framework.


Claroty Continuous Threat Detection Demonstration

Claroty Technical Director Gary Kneeland provides a hands-on demonstration of the capabilities of Claroty Continuous Threat Detection, our flagship OT/IIoT security solution.

Thought Leadership

Accelerating Network Segmentation Initiatives with Claroty Continuous Threat Detection

Claroty's Continous Threat Detection provides network, operations and security teams with a deep, always-current, view of ICS network assets, communications, protocols and communication patterns.


Cisco Firepower and Claroty - CTD integration IT-OT Threat Detection

This fully integrated joint solution extends the visibility deep into the lowest levels of industrial networks, enabling dynamic, automated threat protection for OT environments.

The CTD Difference

See, protect, and defend your OT environment

CTD leverages unmatched OT protocol coverage and Passive, Active, and AppDB scanning capabilities to deliver complete OT visibility and asset management controls. Claroty is the only vendor to offer visibility into all three variables of risk in OT environments:

  • Asset visibility: All devices on OT networks, including serial networks, as well as extensive attributes about each device
  • Network Visibility: All OT network sessions and their bandwidth, actions taken, changes made, and other relevant details
  • Process visibility: All OT operations and the code section and tag values of all processes related to OT assets

The extensive OT visibility CTD provides enables it to automatically map and virtually segment OT networks into Virtual Zones, which are logical groups of assets that communicate with one other under normal circumstances. Key benefits:

  • Cross-zone violations yield real-time alerts that are automatically scored based on risk to help security teams prioritize
  • Customers without existing physical or logical segmentation can use Virtual Zones as a cost-effective alternative
  • Customers seeking to implement physical or logical segmentation can accelerate such initiatives by using Virtual Zones as the blueprint
  • Customers can integrate CTD with their existing firewalls and NAC solutions to proactively enforce policy-based segmentation and mitigate active attacks

CTD’s five detection engines provide full monitoring coverage of OT security and integrity events for efficient and effective threat detection that is further bolstered by real-time threat intelligence updates via The Claroty Cloud. Detection engines include:

  • Anomaly Detection, which identifies changes in communication patterns
  • Security Behaviors, which identifies adversary techniques used in attacks against IT and OT networks
  • Known Threats, which identifies IoCs via SNORT and YARA Rule engines
  • Operational Behaviors, which identifies OT operations such as firmware upgrades
  • Custom Rules, which identifies user-defined events
  • Wisdom of the Crowd enriches known threat alerts with reputational context from across Claroty’s entire customer base, providing users with insights into the validity of an incident in order to guide prioritization decisions and improve live and forensic investigations

CTD compares each asset in an OT environment to an extensive database of insecure protocols, configurations, and other vulnerabilities tracked by Claroty, as well as to the latest CVE data. As a result, customers can better identify, prioritize, and remediate vulnerabilities. Highlights:

  • Full-Match Vulnerabilities: The complete OT visibility provided by CTD facilitates easy and accurate identification of full-match vulnerabilities
  • Attack Vector Mapping: This feature identifies and analyzes all vulnerabilities and risks in an OT environment to calculate the most likely scenarios in which an attacker could compromise the environment
  • Risk-Based Prioritization: All vulnerabilities are scored based on the unique risk they pose, enabling more efficient and effective prioritization

Feature Spotlight

Visit our blog to learn more about specific features of The Claroty Platform

Visit Our Blog

Claroty Continuous Threat Detection

CTD’s intuitive interface offers a single-pane view into all assets, processes, sessions, and related risks & vulnerabilities in your OT environment.

Request a Demo

Contact us to learn more about how CTD can address your organization’s OT security needs.