Claroty Industrial Control System Security Demo

Solution Overview

Claroty bridges the cybersecurity gap between IT and OT environments. Backed and adopted by leading industrial automation vendors, Claroty is deployed on all seven continents.

Claroty reduces the complexity of OT security:

  • Claroty's solutions are technology-agnostic and enable customers to leverage their existing IT security infrastructure to protect their OT assets & networks.
  • Installing, using, and maintaining Claroty's solutions does not require customers to disrupt operations or make substantial investments in new tools or staffing.
  • Claroty protects the bottom line by helping to ensure more uptime and greater efficiency across business and production operations.

Claroty delivers comprehensive OT security:

  • Claroty improves the availability, safety, and reliability of OT assets and networks within industrial enterprises and critical infrastructure.
  • Claroty bridges the IT/OT cybersecurity gap with the only converged IT/OT cybersecurity solution compatible across IT, OT, and converged IT/OT environments.
  • Claroty is the only OT security provider to offer native Secure Remote Access (SRA).

CTD leverages unmatched OT protocol coverage and Passive, Active, and AppDB scanning capabilities to deliver complete OT visibility and asset management controls. Claroty is the only vendor to offer visibility into all three variables of risk in OT environments:

  • Asset visibility: All devices on OT networks, including serial networks, as well as extensive attributes about each device
  • Network Visibility: All OT network sessions and their bandwidth, actions taken, changes made, and other relevant details
  • Process visibility: All OT operations and the code section and tag values of all processes related to OT assets

The extensive OT visibility CTD provides enables it to automatically map and virtually segment OT networks into Virtual Zones, which are logical groups of assets that communicate with one other under normal circumstances. Key benefits:

  • Cross-zone violations yield real-time alerts that are automatically scored based on risk to help security teams prioritize
  • Customers without existing physical or logical segmentation can use Virtual Zones as a cost-effective alternative
  • Customers seeking to implement physical or logical segmentation can accelerate such initiatives by using Virtual Zones as the blueprint
  • Customers can integrate CTD with their existing firewalls and NAC solutions to proactively enforce policy-based segmentation and mitigate active attacks

CTD's five detection engines provide full monitoring coverage of OT security and integrity events for efficient and effective threat detection that is further bolstered by real-time threat intelligence updates via The Claroty Cloud. Detection engines include:

  • Anomaly Detection, which identifies changes in communication patterns
  • Security Behaviors, which identifies adversary techniques used in attacks against IT and OT networks
  • Known Threats, which identifies IoCs via SNORT and YARA Rule engines
  • Operational Behaviors, which identifies OT operations such as firmware upgrades
  • Custom Rules, which identifies user-defined events

CTD compares each asset in an OT environment to an extensive database of insecure protocols, configurations, and other vulnerabilities tracked by Claroty, as well as to the latest CVE data. As a result, customers can better identify, prioritize, and remediate vulnerabilities. Highlights:

  • Full-Match Vulnerabilities: The complete OT visibility provided by CTD facilitates easy and accurate identification of full-match vulnerabilities
  • Attack Vector Mapping: This feature identifies and analyzes all vulnerabilities and risks in an OT environment to calculate the most likely scenarios in which an attacker could compromise the environment
  • Risk-Based Prioritization: All vulnerabilities are scored based on the unique risk they pose, enabling more efficient and effective prioritization.

Lab Diagram