IT/OT Collaboration
News
Partnerships/M&A
Vendors

Claroty, CrowdStrike release integrated offering to protect ICS networks

November 19, 2020
Claroty for ICS networks

Operational technology (OT) company Claroty and CrowdStrike announced on Thursday that they are incorporating Claroty Platform’s OT asset discovery and threat detection capabilities with CrowdStrike’s Falcon platform for identifying targeted and compromised endpoints. Claroty’s OT security platform promises complete IT/OT visibility and threat detection coverage for industrial control system (ICS) networks and endpoints.

With this integration, the offering will provide IT/OT visibility and a single source of information for these assets across connected sites, by enabling Claroty to identify and enhance IT-oriented ICS assets, such as human machine interfaces (HMIs), historian databases and engineering workstations (EWs), in which a CrowdStrike agent is installed, the company said.[optin-monster-shortcode id=”dv4jqlr9fih8giagcylw”]

The joint offering leads to a merged database of proprietary and open-source Yara and Snort rules from both vendors, providing the widest and most-actionable IT/OT threat signature database for ICS networks.

With most joint customers using signatures from both CrowdStrike and Claroty, configuration differences between IT and OT threat signatures have historically required some signatures to be manually reconfigured before being executed for detection in ICS networks.

The CrowdStrike-Claroty offering manages this by allowing joint customers to execute all IT and OT threat signatures from both databases without requiring manual reconfiguration, while allowing them to push those signatures from the Claroty Platform’s Enterprise Management Console (EMC) to connected sites in a single click. This will lead to these customers being able to effectively detect threats across the IT/OT boundary for the ICS networks across all connected sites using the Claroty platform.

With this functionality, ICS monitoring efforts are bound to be unified, scalable and consistent, thereby bringing down false positives, mean times to detect (MTTD) and mean time to respond (MTTR), while boosting the ROI of both solutions.

“This particular integration is uniquely beneficial to Claroty customers because it is the first in which data flows into The Claroty Platform rather than from it, making it a comprehensive repository of both IT and OT asset information,” said Galina Antova, co-founder and chief business development officer of Claroty in a press statement. “We are very proud to join forces with CrowdStrike to make our comprehensive OT security capabilities more accessible to IT and SOC teams, at a time when they are entrusted with protecting OT more than ever before.”

Connecting both endpoint and network sources, the joint solution also enables Claroty to automatically identify and enrich certain IT-oriented ICS assets, such as HMIs, historian databases and EWs, in which a CrowdStrike agent is installed. Claroty does this by fetching each asset’s configuration file from CrowdStrike and then analysing that file, so it does not require connecting to the ICS network.

The adoption of this procedure leads to enhanced visibility into the ICS network, which consequently leads to fewer false positives, improved security and the ability to extend existing benefits and use cases of CrowdStrike Falcon from the IT to OT environments within ICS networks.

Joint customers whose OT environments do not currently include HMIs, EWs or other IT-oriented ICS assets in which CrowdStrike is already installed are persuaded by the companies to install this functionality.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
Radiflow helps customers achieve NIS2 compliance, spurring growth in Europe
Radiflow, Exclusive Networks partner to elevate OT cybersecurity
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats