Claroty introduced on Tuesday Claroty Edge, its zero-infrastructure industrial cybersecurity solution, which will function as a highly flexible edge-data collector to deliver complete visibility into industrial networks without requiring network changes, utilizing sensors, or having any physical footprint. The platform is designed to reveal industrial assets that customers could otherwise only discover via methods that may not always be ideal for all networks, use cases, and objectives.
The new platform equips customers to discover a complete operational technology (OT), IoT, and IIoT (industrial IoT) global asset inventory, in addition to identifying and managing the vulnerabilities and risks affecting those assets, according to the New York City headquartered industrial cybersecurity firm. The increased visibility will bring about improved priority, strategy and risk mitigation to optimize network security posture, it added.
“Cyber risks to industrial control systems have consequences not only for the organization but also for public safety and the global supply chain, so every industrial enterprise has an obligation to start their cybersecurity journey,” Grant Geyer, chief product officer of Claroty, said in a press statement. “With Claroty’s enhanced platform, organizations can take advantage of the capabilities that are right for their needs today, and can evolve as the threat landscape changes and their cybersecurity programs mature.”
Claroty Edge is also an optimal entry point for customers who are just starting out in industrial cybersecurity and would like to capture the current state of their network, Benny Porat, Claroty’s co-founder and chief technology officer, wrote in a company blog post. It also helps those looking to scale their existing program’s coverage to air-gapped, physically remote, smaller, and/or differently prioritized sites. The platform relies on customers’ existing Windows-based infrastructure and can be run any time, anywhere, either on-premises or in the cloud, he added.
Customers can leverage Claroty Edge to perform cybersecurity assessments, manage highly distributed environments, fulfill on-demand audit requests, report compliance for industrial networks, conduct mergers and acquisitions (M&A) due diligence on target third-party environments as operations grow, and manage industrial cybersecurity risks more effectively and with fewer resources to bring about incident response.
“Network security in operational technology (OT) and industrial Internet of Things (IIoT) environments means security products that can speak and understand the many proprietary industrial protocols, and provide both security operations center staff with increased visibility of the full operations and OT personnel with actionable information,” said Romain Fouchereau, IDC’s research manager for European Security. “The ability to perform comprehensive network monitoring without needing to invest in extra sensors or other supporting components can help maintain system resiliency, especially in large, highly distributed organizations.”
Combined with enhancements to its Continuous Threat Detection (CTD) solution, including CTD.Live, a SaaS-based deployment option, and new features for scalable deployments. CTD.Live uses the cloud as a core component of its industrial cybersecurity strategy, and is ideal to support digital transformation initiatives, as it is fast and scalable. It ensures that CTD’s visibility and threat detection capabilities are always up to date. CTD.Live also reduces total cost of ownership (TCO) by eliminating certain hardware requirements and extending inventory, risk and vulnerability, and monitoring coverage to newly added assets automatically as customer networks expand.
The Claroty Platform also includes CTD version 4.3 that delivers improved flexibility in how critical asset, alert, and risk data can be accessed, managed, and manipulated, both directly within CTD and via integrations with third-party SIEM (security information and event management) providers. It includes new options for segmentation via Virtual Zones, enabling users to further customize and fine-tune their segmentation and alerting policies for stronger, more accurate detection of risky communications and other indicators of malicious activity.
The scalability of these capabilities increases by combining CTD.Live with Claroty’s SRA (Secure Remote Access) solution, which provides internal and third-party personnel with frictionless, reliable, and highly secure access to industrial networks. Customers can also use Claroty Edge to blueprint and optimize SRA deployments, thereby decreasing the time and resources required for full implementation.
SRA is fully integrated with CTD and supports a zero-trust architecture for industrial networks, providing compensating controls for unpatched or otherwise unsecured assets, and offers response capabilities for incidents related to remote user activity, the blog post said.
The scalability of these capabilities increases when SRA is combined with CTD.Live as it enables users of both CTD and SRA to receive and respond to alerts from the cloud, Porat said. Furthermore, customers can extend their usage of Claroty Edge to blueprint and optimize SRA deployments, reducing the time and resources required to onboard assets, fully implement, or expand the solution.
Regardless of whether a customer chooses to deploy CTD via CTD.Live or fully on-premises, they will benefit from additional enhancements made available in CTD 4.3, Porat said. Greater flexibility in how critical asset, alert, and risk data can be accessed, managed, and manipulated directly within CTD and via integrations with third-party SIEM providers is a focal point of this version, he added.
Claroty Edge is currently available, while CTD.Live and CTD 4.3 will be available next month.
In April, Claroty researchers added the necessary infrastructure to incorporate the AFL (American Fuzzy Lop) fuzzer into the OpENer EtherNet/IP stack, as part of their research into the security of the stack widely used among SCADA (supervisory control and data acquisition) vendors. Fuzz-testing code is the most straightforward and automated way to find coding errors and potentially critical flaws.