Claroty - Experts & Thought Leaders

Claroty, the cyber-physical systems (CPS) protection company, launched The CPS Library across its market-pioneering Claroty xDome and Claroty Continuous Threat Detection (CTD) solutions.  The CPS Library is the industry’s only asset catalogue that reaches new depths of visibility and enables precise and deterministic traceability for vulnerability attribution. To build the AI-powered, first-of-its-kind repository, Claroty partnered with automation vendors and medical device manufacturers, including Rockwell Automation and Schneider Electric, to ensure enhanced visibility and accuracy in tracking asset specifications. Claroty Team82 research report Security teams have long struggled to accurately assess the scope and remediation of cyber risk associated with the assets in their environment, lacking a centralised standard repository that aids in uniquely identifying assets across networks. A new Claroty Team82 research report, “Resolving the CPS Identity Crisis,” found that 88% of CPS assets currently do not transmit an exact product code, and 76% transmit product names that differ from the vendor's official record. This leaves security teams struggling to ascertain whether they have a complete picture of the assets in their environments, and can be left with a partial correlation of vulnerabilities to individual assets, creating blind spots, prolonged exposure to attacks, and incomplete remediation. Precise and deterministic traceability “Resilience starts at visibility, and organisations require precise and deterministic traceability for every connected device that could potentially become exposed as an open door to attackers,” said Yaniv Vardi, CEO of Claroty. “The CPS Library is revolutionising the way we reduce risk by leveraging AI-driven techniques combined with our unmatched industry expertise that will drive the whole industry forward in how we improve accurate risk and exposure information.” Deeply integrated AI The CPS Library has AI deeply integrated at all stages, allowing for advanced asset identification, precise vulnerability mapping, and automated insight generation. LLMs and statistical inference modelling are used to ingest vast, fragmented data about assets and vendors, intelligently modelling, categorising, and correlating this information into a single, actionable source of truth that significantly lessens the burden of security teams tracking critical CPS assets across complex environments. The CPS Library is a central component to the next evolutionary stage of Claroty’s AI strategy. With Claroty’s unrivaled expertise in mission-critical environments, combined with harnessing AI to improve security outcomes, The CPS Library enhances organisations' ability to detect assets and gain deep insights. Additional AI capabilities include: The Claroty MCP Server: Customer teams can put their CPS security data to work by automating device queries, speeding up incident response, and expanding the ability to leverage this data by all relevant teams using their preferred generative AI tool. AI for Asset Identification: Statistical inference modelling, human-machine teaming, and a regionalised Large Language Model Retrieval Augmented Generation (LLM-RAG), work together to provide the most accurate and complete asset discovery and attribute information in the industry. Protecting industrial automation assets “We’re excited to deepen our relationship with Claroty in supporting its new CPS Library,” said Tony Baker, Vice President & Chief Product Security Officer at Rockwell Automation. “Cybersecurity is becoming even more complex in an increasingly interconnected world and is intertwined with smart manufacturing priorities that demand precise device identification. The granularity of device identification honed by the Claroty CPS asset library empowers organisations to better protect their industrial automation assets from evolving threats.”  Major step forward for the industry “Claroty's CPS Library represents a major step forward for the industry,” said Jay Abdallah, President of Cybersecurity Solutions at Schneider Electric. “For too long, security teams have faced fragmented approaches to identifying and managing CPS assets, leaving gaps in risk visibility.” “This standardised catalogue brings clarity and consistency to an incredibly diverse asset landscape, enabling organisations to make faster, more confident decisions to protect critical operations. It's not just a tool, it's a foundation for advancing resilience in connected environments.”

Claroty, the cyber-physical systems (CPS) protection company, announced it has achieved the Amazon Web Services (AWS) Manufacturing and Industrial Competency for Operational Technology (OT) Security. The designation validates Claroty’s commitment to securing mission-critical infrastructure via Claroty xDome’s unrivaled OT expertise. With the surge in connectivity and a growing reliance on digital systems, manufacturing industries from automotive to pharmaceuticals have become lucrative targets for cyber attackers. Safeguarding critical assets Claroty xDome on AWS delivers a multifaceted approach that integrates existing IT tools Organisations are looking to safeguard their critical assets with the goal of ensuring the availability, integrity, and confidentiality of information and processes. Claroty xDome on AWS delivers a multifaceted approach that integrates existing IT tools & workflows with the CPS, offers visibility into all CPS in the OT environment, and extends security governance from IT to OT. “Achieving AWS Manufacturing and Industrial Competency status is a testament to Claroty’s commitment to providing customers with highly scalable, specialised solutions that meet the complex needs of the digital transformation occurring across manufacturing sites,” said Grant Geyer, Chief Strategy Officer at Claroty. AWS with xDome “By combining the power of AWS with xDome, organisations can unify their security governance–extending IT into OT—and drive all use cases towards cyber and operational resilience,” concluded Grant Geyer. “The Claroty xDome platform was extremely easy to set up, due to its scalable architecture on AWS,” said David Cox, CISO at Britvic. “With xDome, we managed to install the server and start getting data within two hours, and the data we got allowed us to act quickly on issues that we hadn’t already noticed in our environment.” AWS Competency programme AWS Competency Partners help customers drive innovation, meet business objectives The AWS Competency programme validates AWS Partners who leverage AWS technology to solve complex industry and use-case specific challenges. AWS Competency Partners help customers drive innovation, meet business objectives, and get the most out of AWS services. "Over the past few years, we've seen firsthand how critical OT and CPS security has become to our customers' digital transformation journeys," said Karen Langona, Global Partner Sales Director, Automotive and Manufacturing at AWS. SCADA workloads "Whether migrating SCADA workloads or implementing Smart Manufacturing solutions like AI-powered diagnostics and predictive maintenance, security is foundational.” “Our strategic collaboration with Claroty stems from their proven leadership in securing industrial environments, and their achievement of the AWS Manufacturing and Industrial Competency further validates their ability to deliver transformative value to customers,” concluded Karen Langona. 

Claroty, the cyber-physical systems (CPS) protection company, announced a new strategic collaboration with Google Security Operations that brings greater threat detection and response capabilities to organisations looking to bridge the gap between IT and operational technology (OT) in order to secure mission-critical infrastructure. This integration will enhance security by feeding high-fidelity, context-rich alerts and vulnerability data from SaaS-powered Claroty xDome or on-premise Claroty Continuous Threat Detection (CTD) into Google’s cloud-native security operation platform. Security operation centres Security operation centres (SOCs) are in the trenches of converging IT and OT environments Security operation centres (SOCs) are in the trenches of converging IT and OT environments, creating a new set of unique security challenges compounded by legacy systems, limited visibility, and the proprietary protocols that come with OT specialisation. As a result, SOCs are left with a lack of visibility into the types of threats that impact physical operations, overwhelmed by unfiltered alerts and growing compliance demands, and plagued by slowing response times that expose organisations to risk. The integration builds on Google Security Operations’ existing support for Claroty telemetry by enabling organisations securing CPS environments to unify their threat detection, accelerate incident response, proactively manage and remediate exposures, enhance threat hunting, and simplify compliance efforts. Risk reduction By prioritising remediation, this new integration drives meaningful risk reduction and operational efficiency. Capabilities of the integration include: Ingesting Claroty Alerts and Vulnerabilities into Google Security Operations: Correlate xDome and CTD insights with broader enterprise data for enriched context and precision threat detection that focus on risk-based remediation. Earlier Detection of Critical Threats: Identify CPS-specific risks that traditional IT tools miss for recognition of threats targetting OT, IoT, and other CPS assets before they escalate. Faster, Risk-Based Incident Response and Remediation: Empower security teams to detect and respond to threats with actionable, OT-aware intelligence, enabling remediation of underlying vulnerabilities that significantly reduces mean time to resolution (MTTR). Threat landscape “The CPS threat landscape is quickly expanding and is a high-value target for bad actors looking to exploit potential vulnerabilities as digital transformation takes shape across enterprises,” said Tim Mackie, Vice President of Worldwide Channel and Alliances at Claroty. He adds, “By combining the verticalised expertise of Claroty and our deep understanding of CPS, from deep protocol expertise to complete asset context, with Google Security Operations’ ability to prioritise threats, automate response workflows, and correlate complex attack patterns across domains, we’re able to increase operational uptime, simplify compliance across hybrid environments, and above all else, reduce risk.” IT security “IT security teams are increasingly taking on the responsibility of securing physical assets, from IoT, to medical devices, to building management systems, to supply chain automation,” said McCall McIntyre, Head of Security Product Partnerships, Google Cloud. He adds, “They need a fully integrated solution in their SOC that leverages the unrivaled knowledge of CPS delivered by Claroty and the intelligence-driven workflows of Google Security Operations that together empower SOC teams with a unified view of threats across environments, enabling earlier detection of attacks and accelerating response times.”

Global transportation networks are becoming increasingly interconnected, with digital systems playing a crucial role in ensuring the smooth operation of ports and supply chains. However, this reliance on technology can also create vulnerabilities, as demonstrated by the recent ransomware attack on Nagoya Port. As Japan's busiest shipping hub, the port's operations were brought to a standstill for two days, highlighting the potential for significant disruption to national economies and supply chains.  Transportation sector  The attack began with the port's legacy computer system, which handles shipping containers, being knocked offline. This forced the port to halt the handling of shipping containers that arrived at the terminal, effectively disrupting the flow of goods. The incident was a stark reminder of the risks associated with the convergence of information technology (IT) and operational technology (OT) in ports and other critical infrastructures.  This is not an isolated incident, but part of a broader trend of escalating cyber threats targeting critical infrastructure. The transportation sector must respond by bolstering its defences, enhancing its cyber resilience, and proactively countering these threats. The safety and efficiency of our transportation infrastructure, and by extension our global economy, depend on it.  Rising threat to port security and supply chains  XIoT, from sensors on shipping containers to automatic cranes, are vital to trendy port functions OT, once isolated from networked systems, is now increasingly interconnected. This integration has expanded the attack surface for threat actors. A single breach in a port's OT systems can cause significant disruption, halting the movement of containers and impacting the flow of goods. This is not a hypothetical scenario, but a reality that has been demonstrated in recent cyberattacks on major ports.  Adding another layer of complexity is the extended Internet of Things (XIoT), an umbrella term for all cyber-physical systems. XIoT devices, from sensors on shipping containers to automated cranes, are now integral to modern port operations. These devices are delivering safer, more efficient automated vehicles, facilitating geo-fencing for improved logistics, and providing vehicle health data for predictive maintenance. XIoT ecosystem  However, the XIoT ecosystem also presents new cybersecurity risks. Each connected device is a potential entry point for cybercriminals, and the interconnected nature of these devices means that an attack on one, which can move laterally and can have a ripple effect throughout the system.  The threat landscape is evolving, with cybercriminals becoming more sophisticated and their attacks more damaging with a business continuity focus. The growing interconnectivity between OT and XIoT in port operations and supply chains is also presenting these threat actors with a greater attack surface. Many older OT systems were never designed to be connected in this way and are unlikely to be equipped to deal with modern cyber threats. Furthermore, the increasing digitisation of ports and supply chains has led to a surge in the volume of data being generated and processed. This data, if not properly secured, can be a goldmine for cybercriminals. The potential for data breaches adds another dimension to the cybersecurity challenges facing the transportation sector.  Role of cyber resilience in protecting service availability  Cyber resilience refers to organisation's ability to prepare for, respond to, and recover from threats As the threats to port security and supply chains become increasingly complex, the concept of cyber resilience takes on a new level of importance. Cyber resilience refers to an organisation's ability to prepare for, respond to, and recover from cyber threats. It goes beyond traditional cybersecurity measures, focusing not just on preventing attacks, but also on minimising the impact of attacks that do occur and ensuring a quick recovery.  In the context of port operations and supply chains, cyber resilience is crucial. The interconnected nature of these systems means that a cyberattack can have far-reaching effects, disrupting operations not just at the targeted port, but also at other ports and throughout the supply chain. A resilient system is one that can withstand such an attack and quickly restore normal operations. Port operations and supply chains The growing reliance on OT and the XIoT in port operations and supply chains presents unique challenges for cyber resilience. OT systems control physical processes and are often critical to safety and service availability. A breach in an OT system can have immediate and potentially catastrophic physical consequences. Similarly, XIoT devices are often embedded in critical infrastructure and can be difficult to patch or update, making them vulnerable to attacks.  Building cyber resilience in these systems requires a multi-faceted approach. It involves implementing robust security measures, such as strong access controls and network segmentation, to prevent attacks. It also involves continuous monitoring and detection to identify and respond to threats as they occur. But perhaps most importantly, it involves planning and preparation for the inevitable breaches that will occur, ensuring that when they do, the impact is minimised, and normal operations can be quickly restored.  Building resilience across port security and supply chains   In the face of cyber threats, the transport sector must adopt a complete method of cybersecurity In the face of escalating cyber threats, the transportation sector must adopt a comprehensive approach to cybersecurity. This involves not just implementing robust security measures, but also fostering a culture of cybersecurity awareness and compliance throughout the organisation.  A key component of a comprehensive cybersecurity strategy is strong access controls. This involves ensuring that only authorised individuals have access to sensitive data and systems. It also involves implementing multi-factor authentication and regularly reviewing and updating access permissions. Strong access controls can prevent unauthorised access to systems and data, reducing the risk of both internal and external threats. Network segmentation Network segmentation is another crucial measure. By dividing a network into separate segments, organisations can limit the spread of a cyberattack within their network. This can prevent an attack on one part of the network from affecting the entire system. Network segmentation also makes it easier to monitor and control the flow of data within the network, further enhancing security.  Regular vulnerability assessments and patch management are also essential. Vulnerability assessments involve identifying and evaluating potential security weaknesses in the system, while patch management involves regularly updating and patching software to fix these vulnerabilities. These measures can help organisations stay ahead of cybercriminals and reduce the risk of exploitation.  EU’s NIS2 Directive EU’s NIS2 Directive came into effect, and member states have until October 2024 to put it into law The transportation sector must also be prepared for greater legislative responsibility in the near future. The EU’s NIS2 Directive recently came into effect, and member states have until October 2024 to put it into law. The Directive aims to increase the overall level of cyber preparedness by mandating capabilities such as Computer Security Incident Response Teams (CSIRTs). Transport is among the sectors labelled as essential by the bill, meaning it will face a high level of scrutiny. Getting to grips with the complexities of XIoT and OT integration will be essential for organisations to achieve compliance and avoid fines. Global transportation infrastructure Finally, organisations must prepare for the inevitable breaches that will occur. This involves developing an incident response plan that outlines the steps to be taken in the event of a breach. It also involves regularly testing and updating this plan to ensure its effectiveness. A well-prepared organisation can respond quickly and effectively to a breach, minimising its impact and ensuring a quick recovery.  In conclusion, mastering transportation cybersecurity requires a comprehensive, proactive approach. It involves implementing robust technical measures, fostering a culture of cybersecurity awareness, and preparing for the inevitable breaches that will occur. By taking these steps, organisations can enhance their cyber resilience, protect their critical operations, and ensure the security of our global transportation infrastructure.