Claroty, the pioneer in operational technology (OT) security, announces new enhancements to the Claroty platform, making it the industry’s first OT security solution to offer remote incident management as a fully integrated capability that spans the entire incident lifecycle.
The platform now enables cybersecurity teams to detect, investigate, and respond to security incidents on OT networks across the broadest attack surface area securely and seamlessly from any location.
Standard operating environment
IT and OT networks were already becoming more interconnected due to digital transformation, and the COVID-19-induced shift to remote work has accelerated their convergence even more. These combined forces have created an acutely expanded attack surface and volume of alerts for cybersecurity teams to manage.
IT and OT networks were already becoming more interconnected due to digital transformation
According to Gartner, “For those organisations whose cybersecurity operations capabilities are tuned to monitor events from their standard operating environment, the abrupt shift to a predominantly remote operating model could see events of cybersecurity interest being missed by the cybersecurity operations team. This will in large part be a result of the relocation of workers to new premises or to a remote working mode that suddenly expands the scope and complexity of the operating environment.”
Variable work environment
“Arming cybersecurity teams with the ability to detect, investigate, and respond to not only asset-based attacks, but also to identity-based attacks, is at the heart of the new enhancements to The Claroty Platform,” said Grant Geyer, Chief Product Officer of Claroty.
“Our customers can now further evolve their OT security posture, strategy, and workflows for a variable work environment, while enduring adversarial activity and whatever else they might encounter on the network.” With its newly enhanced Secure Remote Access (SRA) 3.1 and Continuous Threat Detection (CTD) 4.2 components, The Claroty Platform now spans all three stages of the incident lifecycle.
Remote user activity
This reinforces the importance of quick detection and identification of unauthorised activities
Detection: More than half of OT and IT security professionals say their organisations are now more of a target for cybercriminals since the pandemic began, according to Claroty’s recent survey report. This reinforces the importance of quick detection and identification of unauthorised activities.
The Claroty Platform gives teams an early advantage with the ability to identify and differentiate authorised remote user activity from unauthorised ones that could impact process integrity. When users receive an alert from CTD, Claroty’s Wisdom of the Crowd capability utilises information from similar events across Claroty’s customer base to provide context into the potential impact of the alert, enabling users to respond more effectively and efficiently.
Demanding quicker identification
Investigation: The increase in both teleworking and malicious activity demands quicker identification in a remote setting. Claroty’s enhanced platform arms SOC teams with full visibility into remote user activity, insight into how indicators detected on the network have manifested in other areas, the ability to investigate incidents from any location, and greater context around the business criticality and process values of assets involved in such incidents.
This minimises the need for onsite staff while optimising investigations with enriched assets, including both live SRA sessions including full-length video recordings, as well as threat alerts with reputational context from the Claroty community.
Expediting remedial activities
62% of IT and OT teams have found it more challenging to collaborate
Response: Even as IT and OT networks have become more interconnected since the pandemic began, 62% of IT and OT teams have found it more challenging to collaborate. The Claroty Platform bridges this gap with its integrated interface and the ability to disconnect potentially harmful OT remote sessions, minimising the need for onsite staff and expediting remedial activities.
Integrations with ServiceNow and Swimlane enable teams to manage all IT and OT alerts from a single access point within the respective platforms. This allows organisations to adapt their OT incident response function and workflows for a remote or hybrid workforce.
Greater operational resilience
Collectively, these features allow teams to adapt their monitoring, inspection, and response management from on- or off-site premises without compromising efficiency or effectiveness. The result for the business is reduced exposure to risk and greater operational resilience.
“Receiving vulnerability alerts in real-time is a must-have for our multinational mining, metals, and petroleum operations,” said Thomas Leen, VP Cybersecurity of BHP. “The Claroty Platform allows us to quickly identify which of our assets have led to vulnerabilities and prioritise the actions we need to take in order to reduce and eliminate potential risks to the business.”