Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/30/2020
04:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Claroty Adds Fully Integrated Remote Incident Management To Industry-Leading Ot Security Platform

Enhanced Secure Remote Access and Continuous Threat Detection enable seamless detection, investigation, and response to OT security incidents across the broadest attack surface area from any location

NEW YORK – October 28, 2020 – Claroty, the global leader in operational technology (OT) security, today announced new enhancements to The Claroty Platform, making it the industry’s first OT security solution to offer remote incident management as a fully integrated capability that spans the entire incident lifecycle. The platform now enables cybersecurity teams to detect, investigate, and respond to security incidents on OT networks across the broadest attack surface area securely and seamlessly from any location.

IT and OT networks were already becoming more interconnected due to digital transformation, and the COVID-19-induced shift to remote work has accelerated their convergence even more. These combined forces have created an acutely expanded attack surface and volume of alerts for cybersecurity teams to manage. According to Gartner, “For those organizations whose cybersecurity operations capabilities are tuned to monitor events from their standard operating environment, the abrupt shift to a predominantly remote operating model could see events of cybersecurity interest being missed by the cybersecurity operations team. This will in large part be a result of the relocation of workers to new premises or to a remote working mode that suddenly expands the scope and complexity of the operating environment.”1

“Arming cybersecurity teams with the ability to detect, investigate, and respond to not only asset-based attacks, but also to identity-based attacks, is at the heart of the new enhancements to The Claroty Platform,” said Grant Geyer, Chief Product Officer of Claroty. “Our customers can now further evolve their OT security posture, strategy, and workflows for a variable work environment, while enduring adversarial activity and whatever else they might encounter on the network.”

Key Features and Functions

With its newly enhanced Secure Remote Access (SRA) 3.1 and Continuous Threat Detection (CTD) 4.2 components, The Claroty Platform now spans all three stages of the incident lifecycle:

  • Detection: More than half of OT and IT security professionals say their organizations are now more of a target for cybercriminals since the pandemic began, according to Claroty’s recent survey report. This reinforces the importance of quick detection and identification of unauthorized activities. The Claroty Platform gives teams an early advantage with the ability to identify and differentiate authorized remote user activity from unauthorized ones that could impact process integrity.
    • When users receive an alert from CTD, Claroty’s Wisdom of the Crowd capability utilizes information from similar events across Claroty’s customer base to provide context into the potential impact of the alert, enabling users to respond more effectively and efficiently.
  • Investigation: The increase in both teleworking and malicious activity demands quicker identification in a remote setting. Claroty’s enhanced platform arms SOC teams with full visibility into remote user activity, insight into how indicators detected on the network have manifested in other areas, the ability to investigate incidents from any location, and greater context around the business criticality and process values of assets involved in such incidents.
    • This minimizes the need for onsite staff while optimizing investigations with enriched assets, including both live SRA sessions including full-length video recordings, as well as threat alerts with reputational context from the Claroty community.
  • Response: Even as IT and OT networks have become more interconnected since the pandemic began, 62% of IT and OT teams have found it more challenging to collaborate. The Claroty Platform bridges this gap with its integrated interface and the ability to disconnect potentially harmful OT remote sessions, minimizing the need for onsite staff and expediting remedial activities.
    • Integrations with ServiceNow and Swimlane enable teams to manage all IT and OT alerts from a single access point within the respective platforms. This allows organizations to adapt their OT incident response function and workflows for a remote or hybrid workforce.

Collectively, these features allow teams to adapt their monitoring, inspection, and response management from on- or off-site premises without compromising efficiency or effectiveness. The result for the business is reduced exposure to risk and greater operational resilience.

“Receiving vulnerability alerts in real-time is a must-have for our multinational mining, metals, and petroleum operations,” said Thomas Leen, VP Cybersecurity of BHP. “The Claroty Platform allows us to quickly identify which of our assets have led to vulnerabilities and prioritize the actions we need to take in order to reduce and eliminate potential risks to the business.”

SRA 3.1 and CTD 4.2 will be generally available this quarter. To learn more about The Claroty Platform, please request a demo.

1Gartner, Be Resilient: Prepare to Treat Cyber Risk Following the Coronavirus (COVID-19) Outbreak by Focusing on These 7 Areas, Richard Addiscott, David Gregory, Sam Olyaei, Katell Thielemann, Bart Willemsen, Felix Gaehtgens, David Mahdi, 25 September 2020.

About Claroty

Claroty bridges the industrial cybersecurity gap between information technology (IT) and operational technology (OT) environments. Organizations with highly automated production sites and factories that face significant security and financial risk especially need to bridge this gap. Armed with Claroty’s converged IT/OT solutions, these enterprises and critical infrastructure operators can leverage their existing IT security processes and technologies to improve the availability, safety, and reliability of their OT assets and networks seamlessly and without requiring downtime or dedicated teams. The result is more uptime and greater efficiency across business and production operations.

Backed and adopted by leading industrial automation vendors, Claroty is deployed on all seven continents globally. The company is headquartered in New York City and has received $100 million in funding since being launched by the famed Team8 foundry in 2015. For more information, visit www.claroty.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14190
PUBLISHED: 2020-11-25
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
CVE-2020-29074
PUBLISHED: 2020-11-25
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.
CVE-2020-14191
PUBLISHED: 2020-11-25
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
CVE-2020-29070
PUBLISHED: 2020-11-25
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVE-2020-26212
PUBLISHED: 2020-11-25
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of ever...