Analysis
Attacks and Vulnerabilities
CISA
Control device security
Critical infrastructure
News
Risk & Compliance
SIEM Integration
SOC & Incident Response
System Design & Architecture
Technology & Solutions
Threat Landscape
Vendors
Vulnerabilities

New Claroty xDome cybersecurity platform improves cyber, operational resilience

August 02, 2022
New Claroty xDome cybersecurity platform improves cyber, operational resilience

Industrial cybersecurity firm Claroty released a modular, SaaS-powered industrial and commercial cybersecurity platform that scales to protect the environment and fulfill evolving goals. The Claroty xDome platform delivers the ease and scalability of SaaS without compromising the breadth or depth of the visibility, protection, and monitoring controls. These components are integral to the entire cyber-physical system (CPS) security journey, especially with the expansion of CPS across the Extended Internet of Things (XIoT).

The Claroty xDome platform helps clarify XIoT cybersecurity decisions through asset discovery, vulnerability and risk management, network protection, threat detection, and asset and change management. It covers the entire cybersecurity journey, from empowering organizations with comprehensive asset visibility, identifying, measuring, and prioritizing risk, to deploying zero trust-based protective controls to optimizing threat detection through a network of integrations. 

Fueled by digital transformation, the cyber-physical environment covers everything from traditional OT (operational technology) assets in industrial environments to the ‘smart’ lighting and HVAC systems and even the internet-connected vending machines within facilities. However, despite its clear business benefits, cyber-physical connectivity is also creating new security blindspots and a growing attack surface that pose considerable risks to operational availability, integrity, and safety of operational environments.

Claroty xDome enables organizations to extend cybersecurity across the XIoT, supporting the complete industrial cybersecurity journey from asset discovery to comprehensive cybersecurity integration and optimization. It is also designed for scalability, flexibility, and ease of use regardless of network size, architecture, or diversity of end users. In addition, the platform integrates seamlessly with security solutions to extend existing cybersecurity controls into the industrial environment.

“While asset discovery is an urgent need and how every enterprise starts their security journey, an asset inventory by itself is not a source of value,” Yaniv Vardi, CEO of Claroty, said in a media statement on Tuesday. “By supplementing asset information with vulnerability and risk management, organizations can pivot to a much more advantageous position: from reacting to cyber threats and incidents that already exist in the network, to proactively preventing them from ever taking hold in the first place. Making this shift is critical for achieving cyber and operational resilience, and xDome empowers our customers to do so. An ounce of prevention is worth a pound of cure,” he added.

The xDome platform comes from Claroty’s acquisition of Medigate, marking the next step forward in the company’s mission to secure all CPS across the XIoT. It works on combining Claroty and Medigate’s deep domain expertise and specialized technologies for industrial and healthcare environments into a single platform.

“When we had the chance to look at Claroty’s new xDome solution, we were very excited by what we saw,” Ivan Low, general manager of SecureCraft Singapore, said. “xDome is a complete solution for many customers who are embracing Industrial 4.0, moving to Industrial 5.0, as well as adopting smart building solutions for their building management systems. Marrying OT with IoT, IoMT, and IIoT truly brings out the strength of Claroty xDome for the XIoT.”

Effective industrial cybersecurity starts with knowing what needs to be secured, which is why a comprehensive XIoT asset inventory is the foundation of the industrial cybersecurity journey. Claroty xDome uses the XIoT protocol coverage and Team82’s domain-specific research into these protocols to provide a highly detailed, centralized inventory of XIoT assets. 

Claroty can provide this caliber of visibility through three distinct, highly flexible methods for each environment. It continuously monitors network traffic to identify and enrich asset details and communication profiles. It adopts Claroty Edge, strategically placed, quick, and safe querying complex or unreachable parts of the network. Finally, the platform seamlessly integrates with common CMDB and asset management tools to improve asset details and optimize enterprise asset management. 

With the ability to completely customize an organization’s risk tolerances, Claroty xDome provides tailored risk scores and recommendations for network-wide risk reduction actions. In addition, it streamlines vulnerability identification and manages remediation planning and execution while safely employing vulnerability scanners and orchestration tools to identify IT risk in the industrial environment. The platform also prioritizes risk mitigation based on actual and simulated impact results.

The approach translates to a holistic, organization-specific view of risk, the potential impact of vulnerabilities, and indicators of areas most likely to be exploited. As a result, users can identify, prioritize, and remediate vulnerabilities in industrial environments more effectively. 

Backed by Claroty’s deep domain expertise, xDome leverages its visibility into XIoT assets and their behavioral patterns to define and recommend network communication policies automatically. The automated solution makes monitoring, refining, and enforcing these policies easier through existing security infrastructure without impacting operations. These policies are also dynamic and can be simulated to demonstrate network impact before implementation, helping organizations keep up with the changing conditions within complex environments.

As a method of network segmentation, Claroty xDome’s network protection capabilities help lay the foundation for zero trust practices that are core to improving an organization’s industrial cybersecurity posture. Additionally, the approach helps to enhance the visibility of assets within the network architecture, providing a baseline view of normal network communications, and reducing risk through policy monitoring and enforcement. 

Recognizing the rising frequency and impact of threats targeting industrial environments, Claroty xDome embraces a resilient detection model to continuously monitor the environment for early indicators of known and emerging threats. The platform automatically profiles all XIoT assets and their communication patterns to generate a baseline for normal network behavior, characterize legitimate traffic to weed out false positive anomalies, and alert users in real-time to known, unknown, and emerging threats. 

Claroty xDome provides automated methods to monitor, prioritize, and respond to alerts through an unmatched depth of device visibility and remediation workflow capabilities. As a SaaS-powered solution, the platform receives automatic detection updates on at least a weekly basis, so organizations are continuously operating on the most up-to-date threat intelligence. It also extends existing SOC capabilities into the operational environment with ready-made integrations with security information and event management (SIEM), endpoint detection and response (EDR), and other security solutions.

After discovering, enriching, and profiling all XIoT assets across the industrial environment, Claroty xDome empowers organizations to streamline asset and change management. Through robust role-based access controls, organizations can automate asset management workflows by specific users and groups, saving administration time and reducing maintenance windows for operations personnel.

The xDome platform equips users with the tools needed to manage a range of asset needs that continuously monitors for vulnerabilities, outdated software, EoL indicators, and other changes requiring updates to help preserve asset availability. It also makes it easy to identify and report on the SLA compliance status of specific assets through availability, location data, and custom-defined attributes. Additions to the network, configuration changes, and anomalies are some of the many variables monitored by xDome to support MoC programs.

Earlier this year, Claroty disclosed that close to 800 ICS (industrial control system) vulnerabilities were published in the second half of last year, affecting 82 ICS vendors. Of these, 21 vendors are newly affected, had no recently published disclosures, and have equipment deployed across automation, manufacturing, and healthcare sectors.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation