Cybersecurity company Radiflow has announced the launch of a new risk analysis platform.
Radiflow specializes in solutions for industrial automation networks. It’s new platform CIARA, offers cyber industrial automated risk analysis in line with risk modelling and management best practices.
“Risk assessment is currently a complex and time-consuming process that for the most part revolves around spreadsheets and subject matter expertise which is cumbersome and prone to human error,” Rani Kehat, Radiflow BVP Business Development, said in a press release. “Worse still, the threat landscape is changing continuously which means a yearly or bi-yearly risk assessment quickly becomes out of date – leading to a false sense of security. With CIARA, industrial organizations can now perform continuous assessment of their cyber-security risks and base cybersecurity expenditure planning in direct correlation to the potential loss, backed up with quantitative data.”
Radiflow’s new risk analysis platform is a fully automated tool for asset data collection, data-driven analysis and transparent risk metrics calculation that includes risk scoring per zone and business process based on business impact.
“CIARA automates the process of examining hundreds of the most commonly used security controls, against simulation of hundreds of cyber threat types while modelling against dozens of features for the digital network models including protocols, vulnerability, firmware versions, topology, device type and many others,” Yehonatan Kfir, CTO at Radiflow, said in the release. “These risk assessments are then factored against common OT risk scenarios including loss of availability, loss of control, damage to property and other. The result is a matrix of potentially tens of thousands of permutations that can’t be analysed by humans while CIARA is able to evaluate it and provide comprehensive reports in a few minutes.”
CIARA was built with the ISA/IEC 62443 series of standards in mind. These standards provide a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems. The risk analysis platform was also designed to help operators meet regulations such as the EU NIS Directive and elements of NERC CIP Cybersecurity Requirements.
“For many of our customers that are new to the area of ICS/SCADA Cyber Security, CIARA dramatically speeds up the risk management process by utilising the methodology and structure of ISA/IEC 62443 – a standard that is likely to become a mandated requirement in the future,” Ilan Barda, CEO for Radiflow, said in the release. “There is also significant budgetary pressure in the post COVID-19 business environment, and planning capabilities to help better assign scarce resources are another driving force for the adoption of better risk assessment processes.”