Claroty Industrial Control System Security Demo

Claroty bridges the cybersecurity gap between IT and OT environments. Backed and adopted by leading industrial automation vendors, Claroty is deployed on all seven continents.

Claroty reduces the complexity of OT security:

• Claroty's solutions are technology-agnostic and enable customers to leverage their existing IT security infrastructure to protect their OT assets & networks.
• Installing, using, and maintaining Claroty's solutions does not require customers to disrupt operations or make substantial investments in new tools or staffing.
• Claroty protects the bottom line by helping to ensure more uptime and greater efficiency across business and production operations.

Claroty delivers comprehensive OT security:

• Claroty improves the availability, safety, and reliability of OT assets and networks within industrial enterprises and critical infrastructure.
• Claroty bridges the IT/OT cybersecurity gap with the only converged IT/OT cybersecurity solution compatible across IT, OT, and converged IT/OT environments.
• Claroty is the only OT security provider to offer native Secure Remote Access (SRA).

CTD leverages unmatched OT protocol coverage and Passive, Active, and AppDB scanning capabilities to deliver complete OT visibility and asset management controls. Claroty is the only vendor to offer visibility into all three variables of risk in OT environments:

• Asset visibility: All devices on OT networks, including serial networks, as well as extensive attributes about each device
• Network Visibility: All OT network sessions and their bandwidth, actions taken, changes made, and other relevant details
• Process visibility: All OT operations and the code section and tag values of all processes related to OT assets

The extensive OT visibility CTD provides enables it to automatically map and virtually segment OT networks into Virtual Zones, which are logical groups of assets that communicate with one other under normal circumstances. Key benefits:

• Cross-zone violations yield real-time alerts that are automatically scored based on risk to help security teams prioritize
• Customers without existing physical or logical segmentation can use Virtual Zones as a cost-effective alternative
• Customers seeking to implement physical or logical segmentation can accelerate such initiatives by using Virtual Zones as the blueprint
• Customers can integrate CTD with their existing firewalls and NAC solutions to proactively enforce policy-based segmentation and mitigate active attacks

CTD's five detection engines provide full monitoring coverage of OT security and integrity events for efficient and effective threat detection that is further bolstered by real-time threat intelligence updates via The Claroty Cloud. Detection engines include:

• Anomaly Detection, which identifies changes in communication patterns
• Security Behaviors, which identifies adversary techniques used in attacks against IT and OT networks
• Known Threats, which identifies IoCs via SNORT and YARA Rule engines
• Operational Behaviors, which identifies OT operations such as firmware upgrades
• Custom Rules, which identifies user-defined events

CTD compares each asset in an OT environment to an extensive database of insecure protocols, configurations, and other vulnerabilities tracked by Claroty, as well as to the latest CVE data. As a result, customers can better identify, prioritize, and remediate vulnerabilities. Highlights:

• Full-Match Vulnerabilities: The complete OT visibility provided by CTD facilitates easy and accurate identification of full-match vulnerabilities
• Attack Vector Mapping: This feature identifies and analyzes all vulnerabilities and risks in an OT environment to calculate the most likely scenarios in which an attacker could compromise the environment
• Risk-Based Prioritization: All vulnerabilities are scored based on the unique risk they pose, enabling more efficient and effective prioritization.

This lab in its first module is designed to serve as a preconfigured environment for users to explore the Claroty interface and operations at their own direction. WWT can provide a guided demo of the solution as well as coordinate a deep dive session with Claroty upon email request to the listed lab owners and contributors for this deployment.  

Claroty monitors span port traffic to monitor the ICS network. The network has no security controls. All traffic generated in the network is monitored and analyzed by Claroty. Claroty provides insight into the hosts in the network, their roles and their communications. Once traffic is baselined, new hosts or traffic baseline deviations will generate an alert.

This lab demonstrates the following Claroty features:

• Discover and identify ICS assets
• Map ICS network
• Baseline ICS traffic
• Generate alerts related to ICS assets/traffic
• Become acquainted with Dashboard and Reporting capabilities

WebUI/Sensor and monitored processes hosted on virtual ATC infrastructure

The end-user jumpbox.

The Virtual OT/ICS environment.

The Claroty CTD server runnning Claroty CTD Version 4.5.0.35192