Radiflow debuts CIARA 4.0, provides continuous risk monitoring and benchmarking tool for industrial sector

OT cybersecurity company Radiflow released Tuesday CIARA 4.0 which introduces a benchmark tool and delivers actionable insights for managing and minimizing risk in large multi-site industrial facilities. The platform provides users with tools for optimizing their OT (operational technology) security expenditure, including risk-based prioritization of mitigation measures, defining risk tolerance/aversion preferences, over-time OT security planning, and benchmarking against peer OT organizations.

The data-driven CIARA 4.0 platform continuously monitors changes in the site topology and vulnerabilities and threats, always re-evaluating the risk posture of facilities and their digital components. Continuous monitoring enables the CISO to review the strategic and tactical OT security plans and adapt them if needed. It also boosts compliance with security regulations and best practices while providing effective mitigation guidance. 

Today, CISOs and security teams are responsible for the cybersecurity of OT facilities. However, they lack the ability to evaluate the ever-changing cybersecurity risks to their operations. 

To help bridge this gap, CIARA 4.0 introduces two new major capabilities. The first is continuous risk monitoring to face the dynamic nature of the cyber threat, and the second is offering a portal to its industry benchmarking tool, Ilan Barda, Radiflow’s founder and CEO, told Industrial Cyber. In order to further assist the CISO with the evaluation of their risk posture, Radiflow introduced the free-to-use cloud benchmark tool.

“In the past, security posture was captured in snapshots. Today operators can reevaluate their risk posture and OT security processes at will in line with changes in the threat landscape, such as the discovery of new vulnerabilities, newly revealed attacker tactics, etc.,” according to Barda. “Since CIARA 4.0 performs the breach attack simulation on devices and their inputs automatically, it’s very easy to perform such a re-evaluation quarterly or even monthly and to adjust the security plans accordingly. This enables CISOs to re-prioritize deployment plans of security controls or even tactical changes in the SOC procedures due to higher risk alerting,” he added.

Barda said that the industry benchmarking tool can quickly enable industrial customers to evaluate their risk posture compared to the current industry status. “This evaluation, based on a quick and simple questionnaire, can provide the CISO or the CRO (Chief Risk Officer) with an initial evaluation of their risk posture and the urgency to initiate additional security projects.” 

“The benchmark is based on the findings from both Radiflow’s internal findings, various Sabanci sites, and a survey done by CS2AI regarding OT security,” Barda added. “The benchmark provides a summary dashboard so that customers can identify their gaps and fill them as needed.”

Benchmarking organizational industrial cybersecurity against other organizations in the industry and region provides various benefits that help identify common vulnerabilities, stay on par with industry standards and best practices, and minimize implementation of mitigation measures. Benchmarking identifies vulnerabilities that may have otherwise gone unnoticed, and subsequently accounts for the risk they introduce. It also includes the use of advanced OT security tools and adopting procedures and protocols commonly used by cyber-security professionals in the same industry and region.

Radiflow Cloud’s benchmarking employs both in-house and third-party research data for industry- and region-based OT security practices.

“A centralized, highly intelligent solution that enables OT cybersecurity teams to identify vulnerabilities, and stay up to date with industry standards and/or best practices, while prioritizing and evaluating mitigation efforts, slashes the investment in time and effort required to conduct secure operations,” Michael Langer, Radiflow’s chief product officer, said in a company statement. “With the accelerating pace of so many new devices being interconnected via expanding OT networks alongside decades of legacy versions, CIARA 4.0’s ability to automate accurate risk analyses and furnish actionable insights becomes vital for ensuring zero downtime.”

Barda highlighted that continuous monitoring is incredibly important in today’s landscape, but it does not exist in a vacuum. “When analyzing cyber risk, it’s sometimes difficult to evaluate if the current risk posture is weak, tolerable, or too high.” 

“We added an industry benchmark so that enterprise managers can see how their risk posture compares to others in the industry when faced with multiple hypothetical scenarios,”according to Barda. “In addition, in an effort to help our customers comply with the complex IEC62443 standard, CIARA provides a security roadmap based on the standard’s 150 by mapping 25 best practices for security controls. They can then be more easily converted into a work plan.”

Finally, “we added support for additional asset characteristics regarding the SBOM so the mapping of the vulnerabilities per asset will be more accurate. Furthermore, we also indicate which vulnerabilities are known as exploitable based on CISA’s Known Exploited Vulnerability (KEV) database so that the customer can prioritize their actions accordingly,” Barda added.

Addressing the challenges that Radiflow faced that led to the release of the CIARA 4.0 platform, and how were these obstacles overcome, Barda said that “we received a lot of customer traction for the earlier CIARA versions since it helps organizations be proactive against threats. Prior, company efforts ultimately relied on a mix of tools and hoping that an attack wouldn’t occur. However, we have also seen that customers are facing a severe lack of resources, so we took it upon ourselves to optimize some of the features in CIARA to minimize the need for operator resources.”

Barda added that this can be seen through the mapping of standards to various activities and added executive summary reports for oversight of full OT operations across facilities. “In addition, the analyst can download screenshots from the CIARA so that the CISO can use these graphical representations in their executive management presentations.”

CIARA 4.0 boosts compliance with security regulations and best practices while providing effective mitigation guidance. Apart from the IEC 62443 regulations, Barda said that CIARA 4.0 now includes support for the NIST CSF (Cyber Security Framework), mainly for U.S. customers. “We also added the ability to analyze risk reduction efforts using a smaller set of security controls best practices, which is a mix of the SANS 20 critical security controls, along with inputs from the hands-on experience we have in helping various OT security projects comply with local regulations,” he added.

Recently identified stealthy and targeted malicious activity targeted at U.S. critical infrastructure organizations, carried out by a Chinese state-sponsored hacker group called Volt Typhoon, have raised event risks for critical infrastructure assets in the nation, Moody’s Investors Service disclosed. These details led the risk assessment firm to assess that the cyber intrusions increase event risks for U.S. critical infrastructure assets, which they consider to have a higher risk than any other sector and mark as ‘credit negative’ for the affected infrastructure.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.