IT and OT networks were already becoming more interconnected due to digital transformation, and the COVID-19-induced shift to remote work has accelerated their convergence even more. These combined forces have created an acutely expanded attack surface and volume of alerts for cybersecurity teams to manage. According to Gartner, “For those organisations whose cybersecurity operations capabilities are tuned to monitor events from their standard operating environment, the abrupt shift to a predominantly remote operating model could see events of cybersecurity interest being missed by the cybersecurity operations team. This will in large part be a result of the relocation of workers to new premises or to a remote working mode that suddenly expands the scope and complexity of the operating environment.”1
“Arming cybersecurity teams with the ability to detect, investigate, and respond to not only asset-based attacks, but also to identity-based attacks, is at the heart of the new enhancements to The Claroty Platform,” said Grant Geyer, Chief Product Officer of Claroty. “Our customers can now further evolve their OT security posture, strategy, and workflows for a variable work environment, while enduring adversarial activity and whatever else they might encounter on the network.”
Key Features and Functions
With its newly enhanced Secure Remote Access (SRA) 3.1 and Continuous Threat Detection (CTD) 4.2 components, The Claroty Platform now spans all three stages of the incident lifecycle:
- Detection: More than half of OT and IT security professionals say their organisations are now more of a target for cybercriminals since the pandemic began, according to Claroty’s recent survey report.This reinforces the importance of quick detection and identification of unauthorised activities. The Claroty Platform gives teams an early advantage with the ability to identify and differentiate authorised remote user activity from unauthorised ones that could impact process integrity.
When users receive an alert from CTD, Claroty’s Wisdom of the Crowd capability utilises information from similar events across Claroty’s customer base to provide context into the potential impact of the alert, enabling users to respond more effectively and efficiently.
- Investigation: The increase in both teleworking and malicious activity demands quicker identification in a remote setting. Claroty’s enhanced platform arms SOC teams with full visibility into remote user activity, insight into how indicators detected on the network have manifested in other areas, the ability to investigate incidents from any location, and greater context around the business criticality and process values of assets involved in such incidents.
This minimises the need for onsite staff while optimising investigations with enriched assets, including both live SRA sessions including full-length video recordings, as well as threat alerts with reputational context from the Claroty community.
- Response: Even as IT and OT networks have become more interconnected since the pandemic began, 62% of IT and OT teams have found it more challenging to collaborate. The Claroty Platform bridges this gap with its integrated interface and the ability to disconnect potentially harmful OT remote sessions, minimising the need for onsite staff and expediting remedial activities.
Integrations with ServiceNow and Swimlane enable teams to manage all IT and OT alerts from a single access point within the respective platforms. This allows organisations to adapt their OT incident response function and workflows for a remote or hybrid workforce.
Collectively, these features allow teams to adapt their monitoring, inspection, and response management from on- or off-site premises without compromising efficiency or effectiveness. The result for the business is reduced exposure to risk and greater operational resilience.
“Receiving vulnerability alerts in real-time is a must-have for our multinational mining, metals, and petroleum operations,” said Thomas Leen, VP Cybersecurity of BHP. “The Claroty Platform allows us to quickly identify which of our assets have led to vulnerabilities and prioritise the actions we need to take in order to reduce and eliminate potential risks to the business.”
SRA 3.1 and CTD 4.2 will be generally available this quarter. To learn more about The Claroty Platform, please request a demo
1Gartner, Be Resilient: Prepare to Treat Cyber Risk Following the Coronavirus (COVID-19) Outbreak by Focusing on These 7 Areas, Richard Addiscott, David Gregory, Sam Olyaei, Katell Thielemann, Bart Willemsen, Felix Gaehtgens, David Mahdi, 25 September 2020.
Claroty bridges the industrial cybersecurity gap between information technology (IT) and operational technology (OT) environments. Organisations with highly automated production sites and factories that face significant security and financial risk especially need to bridge this gap. Armed with Claroty’s converged IT/OT solutions, these enterprises and critical infrastructure operators can leverage their existing IT security processes and technologies to improve the availability, safety, and reliability of their OT assets and networks seamlessly and without requiring downtime or dedicated teams. The result is more uptime and greater efficiency across business and production operations.
Backed and adopted by leading industrial automation vendors, Claroty is deployed on all seven continents globally. The company is headquartered in New York City and has received $100 million in funding since being launched by the famed Team8 foundry in 2015. For more information, visit www.claroty.com.