Operational technology (OT) company Claroty and CrowdStrike announced on Thursday that they are incorporating Claroty Platform’s OT asset discovery and threat detection capabilities with CrowdStrike’s Falcon platform for identifying targeted and compromised endpoints. Claroty’s OT security platform promises complete IT/OT visibility and threat detection coverage for industrial control system (ICS) networks and endpoints.
With this integration, the offering will provide IT/OT visibility and a single source of information for these assets across connected sites, by enabling Claroty to identify and enhance IT-oriented ICS assets, such as human machine interfaces (HMIs), historian databases and engineering workstations (EWs), in which a CrowdStrike agent is installed, the company said.
The joint offering leads to a merged database of proprietary and open-source Yara and Snort rules from both vendors, providing the widest and most-actionable IT/OT threat signature database for ICS networks.
With most joint customers using signatures from both CrowdStrike and Claroty, configuration differences between IT and OT threat signatures have historically required some signatures to be manually reconfigured before being executed for detection in ICS networks.
The CrowdStrike-Claroty offering manages this by allowing joint customers to execute all IT and OT threat signatures from both databases without requiring manual reconfiguration, while allowing them to push those signatures from the Claroty Platform’s Enterprise Management Console (EMC) to connected sites in a single click. This will lead to these customers being able to effectively detect threats across the IT/OT boundary for the ICS networks across all connected sites using the Claroty platform.
With this functionality, ICS monitoring efforts are bound to be unified, scalable and consistent, thereby bringing down false positives, mean times to detect (MTTD) and mean time to respond (MTTR), while boosting the ROI of both solutions.
“This particular integration is uniquely beneficial to Claroty customers because it is the first in which data flows into The Claroty Platform rather than from it, making it a comprehensive repository of both IT and OT asset information,” said Galina Antova, co-founder and chief business development officer of Claroty in a press statement. “We are very proud to join forces with CrowdStrike to make our comprehensive OT security capabilities more accessible to IT and SOC teams, at a time when they are entrusted with protecting OT more than ever before.”
Connecting both endpoint and network sources, the joint solution also enables Claroty to automatically identify and enrich certain IT-oriented ICS assets, such as HMIs, historian databases and EWs, in which a CrowdStrike agent is installed. Claroty does this by fetching each asset’s configuration file from CrowdStrike and then analysing that file, so it does not require connecting to the ICS network.
The adoption of this procedure leads to enhanced visibility into the ICS network, which consequently leads to fewer false positives, improved security and the ability to extend existing benefits and use cases of CrowdStrike Falcon from the IT to OT environments within ICS networks.
Joint customers whose OT environments do not currently include HMIs, EWs or other IT-oriented ICS assets in which CrowdStrike is already installed are persuaded by the companies to install this functionality.