Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/30/2020
04:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Claroty Adds Fully Integrated Remote Incident Management To Industry-Leading Ot Security Platform

Enhanced Secure Remote Access and Continuous Threat Detection enable seamless detection, investigation, and response to OT security incidents across the broadest attack surface area from any location

NEW YORK – October 28, 2020 – Claroty, the global leader in operational technology (OT) security, today announced new enhancements to The Claroty Platform, making it the industry’s first OT security solution to offer remote incident management as a fully integrated capability that spans the entire incident lifecycle. The platform now enables cybersecurity teams to detect, investigate, and respond to security incidents on OT networks across the broadest attack surface area securely and seamlessly from any location.

IT and OT networks were already becoming more interconnected due to digital transformation, and the COVID-19-induced shift to remote work has accelerated their convergence even more. These combined forces have created an acutely expanded attack surface and volume of alerts for cybersecurity teams to manage. According to Gartner, “For those organizations whose cybersecurity operations capabilities are tuned to monitor events from their standard operating environment, the abrupt shift to a predominantly remote operating model could see events of cybersecurity interest being missed by the cybersecurity operations team. This will in large part be a result of the relocation of workers to new premises or to a remote working mode that suddenly expands the scope and complexity of the operating environment.”1

“Arming cybersecurity teams with the ability to detect, investigate, and respond to not only asset-based attacks, but also to identity-based attacks, is at the heart of the new enhancements to The Claroty Platform,” said Grant Geyer, Chief Product Officer of Claroty. “Our customers can now further evolve their OT security posture, strategy, and workflows for a variable work environment, while enduring adversarial activity and whatever else they might encounter on the network.”

Key Features and Functions

With its newly enhanced Secure Remote Access (SRA) 3.1 and Continuous Threat Detection (CTD) 4.2 components, The Claroty Platform now spans all three stages of the incident lifecycle:

  • Detection: More than half of OT and IT security professionals say their organizations are now more of a target for cybercriminals since the pandemic began, according to Claroty’s recent survey report. This reinforces the importance of quick detection and identification of unauthorized activities. The Claroty Platform gives teams an early advantage with the ability to identify and differentiate authorized remote user activity from unauthorized ones that could impact process integrity.
    • When users receive an alert from CTD, Claroty’s Wisdom of the Crowd capability utilizes information from similar events across Claroty’s customer base to provide context into the potential impact of the alert, enabling users to respond more effectively and efficiently.
  • Investigation: The increase in both teleworking and malicious activity demands quicker identification in a remote setting. Claroty’s enhanced platform arms SOC teams with full visibility into remote user activity, insight into how indicators detected on the network have manifested in other areas, the ability to investigate incidents from any location, and greater context around the business criticality and process values of assets involved in such incidents.
    • This minimizes the need for onsite staff while optimizing investigations with enriched assets, including both live SRA sessions including full-length video recordings, as well as threat alerts with reputational context from the Claroty community.
  • Response: Even as IT and OT networks have become more interconnected since the pandemic began, 62% of IT and OT teams have found it more challenging to collaborate. The Claroty Platform bridges this gap with its integrated interface and the ability to disconnect potentially harmful OT remote sessions, minimizing the need for onsite staff and expediting remedial activities.
    • Integrations with ServiceNow and Swimlane enable teams to manage all IT and OT alerts from a single access point within the respective platforms. This allows organizations to adapt their OT incident response function and workflows for a remote or hybrid workforce.

Collectively, these features allow teams to adapt their monitoring, inspection, and response management from on- or off-site premises without compromising efficiency or effectiveness. The result for the business is reduced exposure to risk and greater operational resilience.

“Receiving vulnerability alerts in real-time is a must-have for our multinational mining, metals, and petroleum operations,” said Thomas Leen, VP Cybersecurity of BHP. “The Claroty Platform allows us to quickly identify which of our assets have led to vulnerabilities and prioritize the actions we need to take in order to reduce and eliminate potential risks to the business.”

SRA 3.1 and CTD 4.2 will be generally available this quarter. To learn more about The Claroty Platform, please request a demo.

1Gartner, Be Resilient: Prepare to Treat Cyber Risk Following the Coronavirus (COVID-19) Outbreak by Focusing on These 7 Areas, Richard Addiscott, David Gregory, Sam Olyaei, Katell Thielemann, Bart Willemsen, Felix Gaehtgens, David Mahdi, 25 September 2020.

About Claroty

Claroty bridges the industrial cybersecurity gap between information technology (IT) and operational technology (OT) environments. Organizations with highly automated production sites and factories that face significant security and financial risk especially need to bridge this gap. Armed with Claroty’s converged IT/OT solutions, these enterprises and critical infrastructure operators can leverage their existing IT security processes and technologies to improve the availability, safety, and reliability of their OT assets and networks seamlessly and without requiring downtime or dedicated teams. The result is more uptime and greater efficiency across business and production operations.

Backed and adopted by leading industrial automation vendors, Claroty is deployed on all seven continents globally. The company is headquartered in New York City and has received $100 million in funding since being launched by the famed Team8 foundry in 2015. For more information, visit www.claroty.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21620
PUBLISHED: 2021-02-24
A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.
CVE-2021-21621
PUBLISHED: 2021-02-24
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.
CVE-2021-21622
PUBLISHED: 2021-02-24
Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2020-28599
PUBLISHED: 2021-02-24
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-7846
PUBLISHED: 2021-02-24
Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.