Attacks and Vulnerabilities
Control device security
Critical infrastructure
Industrial Cyber Attacks
Malware, Phishing & Ransomware
News
Risk & Compliance
SBOM
Vendors
Vulnerabilities

Claroty adds VRM capabilities to its SaaS platforms to bolster organization’s risk reduction for CPS

September 13, 2023
Claroty’s Team82 finds two vulnerabilities in XINJE PLC Program Tool, deployed across critical infrastructure sector

[The article updated with a write-through to include quotes from Grant Geyer, chief product officer of Claroty]

Claroty has announced enhancements to its SaaS platforms’ vulnerability and risk management (VRM) capabilities. The move will further empower cybersecurity teams to evaluate and strengthen their organization’s CPS (cyber-physical systems) risk posture. These enhancements comprise a granular yet flexible risk scoring framework, features that enable vulnerability prioritization workflows to be ‘up to 11 times more efficient than industry standards,’ and support for the evolving Software Bills of Materials (SBOM) landscape.

The new enhancements to xDome and Medigate, Claroty’s SaaS-based solutions for industrial and healthcare organizations, respectively, build upon already advanced VRM capabilities, according to a Wednesday media statement. They deliver the ‘most’ transparent and granular way to quantify CPS risk posture.

Claroty xDome is a modular, SaaS-powered industrial cybersecurity platform that scales to protect the environment and fulfill goals as they evolve. As a SaaS solution with a flexible user interface built to adapt to all OT (operational technology), security, and executive needs, xDome deploys and scales no matter the user or use case.

Detailing the role that Claroty’s SaaS platform will play using the new VRM capabilities, Grant Geyer, chief product officer of Claroty, told Industrial Cyber that the “VRM offering is now the industry’s first to enrich and assign all vulnerabilities to priority groups based on the latest current and predicted exploitability indicators from the Known Exploited Vulnerabilities (KEV) catalog and Exploit Prediction Scoring System (EPSS).” 

He added that by tracking all vulnerabilities that have been exploited in the wild, the KEV catalog offers invaluable insight into those that are already being weaponized. “The EPSS, meanwhile, uses a data science model to estimate which vulnerabilities are likely to be exploited within the next 30 days.” 

“Combining the latest data points from both sources enables us to give customers full visibility into the current and probable near-term state of the vulnerabilities posing the greatest risk to their own environments,” according to Geyer. “As a result, customers can more effectively — and, on average, more than 11 times more efficiently — prioritize the vulnerabilities threat actors are most likely to leverage.” 

Geyer also said that Claroty is also introducing a new risk framework that is more accurate than ever because it accounts for an expanded range of factors that can increase risk, as well as compensating controls that can offset risk. 

On how the enhancements to Claroty’s SaaS platform help supercharge risk reduction for cyber-physical systems, Geyer outlined that while the objective of every cybersecurity program is to reduce risk, the stakes are substantially higher in asset-intensive organizations where impact to CPS can cause real-world risk to national security, economic security, and public safety. “One needs to look no further than the numerous ransomware attacks against hospitals, pipelines, and water treatment systems over the past few years to recognize that the risk has the potential to impact our lives,” he added. 

“The blunt reality is that the industry is leveraging standards and tools that simply aren’t effective at empowering security operations teams to adequately address the CPS security challenges they face,” Geyer said. “Understanding which vulnerabilities pose the biggest threat allows organizations to focus their limited resources on the vulnerabilities that matter the most and deprioritize the ones that don’t.”

It also enables preparation for the CPS risk implications of the evolving SBOM landscape. As recent regulatory developments have made it clear that SBOMs are key to software supply chain risk management, Claroty now enables customers to upload SBOMs, view those uploaded by their peers, and support related workflows moving forward.

“Integrating CVEs and CVSS scores with SBOM analysis and asset intelligence, the data is optimized for actionable prioritization. When you add layers of context like business-critical assets and vulnerability exploitability, you’re essentially closing the loop on a consequence-driven risk equation, balancing both likelihood and impact,” Jonathon Gordon, directing analyst at TP Research, told Industrial Cyber. “The guiding principle for any robust industrial cybersecurity program is clear: align everyone—stakeholders and practitioners alike—around a unified, consequence-driven cyber risk management plan. This approach zeroes in on the most pressing cyber threats that could jeopardize both operational safety and business productivity.”

Gordon added that the fusion of cyber-physical asset intelligence, vulnerability prioritization, and risk contextualization empowers practitioners to focus specifically on what’s crucial for their business. “This integrated approach allows resource-strapped teams to strategically prioritize their efforts, reducing the most significant risks first. This narrative is precisely what every Industrial Enterprise CISO aims to present to their board.”

“This is yet another illustration of how industrial cybersecurity solutions are rapidly adapting to changing market needs—no system, process, or team operates in isolation in these complex cyber-physical environments,” according to Gordon. “In today’s complex cyber-physical world, no system, process, or team can afford to operate in a vacuum. The focus is increasingly shifting towards solutions that not only offer interoperability but also make a compelling business case for OT cybersecurity.”

Claroty’s new risk framework is more accurate than ever because it accounts for an expanded range of factors that can increase risk, as well as compensating control improvements that can offset risk. “The framework comes pre-configured out-of-the-box, so even customers who are new to CPS security can calculate their risk posture immediately and take prioritized actions to protect their operations,” it added.

It also empowers customers to tailor CPS risk calculations to their needs and align with  their existing GRC (governance, risk, and compliance) processes and risk priorities. This enables greater control of how different factors are weighted in their CPS risk posture assessments, further empowering them to prioritize remediation steps appropriately. These enhancements also prioritize vulnerabilities based on exploitation likelihood, asset criticality, and impact. 

The KEV/EPSS, SBOM upload, and risk capabilities are generally available now, while features enabling SBOM analysis and parsing will be available in the fourth quarter of this year. 

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness