The following is a joint blog from David Doggett - Senior Director of Cybersecurity Innovation and Technology at Schneider Electric and Galina Antova - Co-founder at Claroty:
Today (8.7.17), Schneider Electric and Claroty announced that the two companies are partnering to address cybersecurity challenges for the world’s industrial infrastructure. Under the terms of the agreement, Claroty’s real-time industrial control threat monitoring and anomaly detection solution will be added to Schneider Electric’s Collaborative Automation Partner Program (CAPP).
Responding to the Changing Cyber Threat Landscape:
Schneider Electric’s Perspective
At Schneider Electric, we’ve long taken safety and cybersecurity seriously. Schneider Electric has developed a 3-tiered approach to secure Industrial Control Systems. Schneider is aggressively adding cybersecurity features to its core products. Schneider has also added a cybersecurity services practice to support customers who need assistance to secure their networks. The third tier involves the selection of best-in-class security technology partners to allow customers to easily complement the secure offer and build a best-in-class secure system.
An essential part of system defense is monitoring for intrusion or anomalous behavior before it can execute an attack with consequences.
It is that mission that led us to Claroty – a recognized leader in industrial control systems cybersecurity and a company named one of the 10 most innovative at the prestigious RSA Security conference in 2017. After many months of evaluating the Claroty Platform and comparing it to other solutions in market, we arrived at the partnership announced today.
In the past 3 months, we’ve arguably seen more (at least from a disclosure perspective) threat activity against critical infrastructure/industrial control networks than we’ve seen in the past few years. Signaling a trend – the attackers are coming, they’re coming from multiple angles and with multiple motives.
With two recent examples of disruptive cyber-attacks against Ukraine’s energy grid (2015/2016), the spill-over ransomware impact to industrial networks caused by WannaCry and Petya/NotPetya, and disclosure of a coordinated campaign against global nuclear and energy firms, we are entering a new reality of increasing danger to the world’s critical infrastructure.
We’ve been warning about the changing threat landscape in critical infrastructure/ICS for some time now – and we believe that the following warning from a previous blog post we penned is accurate and should be heeded.
“We have set off on a mission to bring rapid and long overdue change to the cybersecurity of industrial control networks,” said Amir Zilberstein, Chief Executive Officer, Claroty. “We recognize that this complex challenge is best addressed in a unified and robust fashion – where security vendors such as Claroty work hand in hand with leading equipment manufacturers. Partnering with Schneider Electric and delivering our solutions within its comprehensive approach to cybersecurity through its EcoStruxure architecture will help drive the broadest reach and most immediate impact to industrial companies."
Why We Chose to Partner with Claroty – thoughts from Schneider Electric
The Claroty platform proactively protects industrial control systems and continuously monitors industrial networks for cyber threats. Continuous threat detection creates a detailed inventory of industrial network assets, identifies misconfigurations, monitors traffic between assets, and finds anomalies that may indicate the presence of a malicious actor. Context rich alerts provide plant and security personnel with actionable insights for efficient investigation, response, and recovery.
For a threat detection system to be beneficial in the Industrial sector it must meet several criteria:
- The system must cater to the industrial sector and its users, including the ability to recognize industrial systems, products, and protocols and to have a global support system that aligns with the industrial needs. A system designed for the Industrial environment meets these needs whereas systems adapted from enterprise focus often struggle.
- The solution must be able to run in a mode where it can “do no harm” within Industrial Control Systems environments – its approach must not introduce the potential for down-time or impact to safety.
- The solution must be complete enough to address external threats, internal threats, and unintentional human error that could cause safety concerns or disruption.
We found these traits and more in Claroty. Key differentiators included:
- Claroty was purpose built for Industrial Control Systems networks by a team with a deep history in the space. It fulfills on the “do no harm” requirement by utilizing a passive, deep packet inspection (DPI) approach to monitoring.
- A key characteristic of the Claroty platform is its ability to explore the deepest level of industrial network protocols without adversely impacting the system. This enables end users to safely identify anomalies while protecting complex and sensitive industrial networks.
- Claroty’s ability to understand not only public Modbus protocol but also the Schneider programming protocols and Triconex protocols was outstanding – meaning it can not only detect deviations to normal behavior and IT type anomalies in the control room but can also alert the shop floor teams on specific attempts to modify the control of the plant.
What this Means for Customers:
“At Schneider Electric we recognize the urgent need to assist our customers in enhancing their safety and cybersecurity programs,” said David Doggett, Senior Director Cybersecurity, Industry Business, Schneider Electric. “Claroty provide the real-time network monitoring and anomaly-detection component of these programs.”
“Passive network intrusion detection techniques are critical for applications where system availability is paramount,” continues Doggett. “Claroty’s platform can strengthen solutions against known cyber-attacks that have breached or bypassed existing boundary protections or alert network operators about novel attack vectors or attacks initiated by rouge insiders using existing tools and credentials.”
The solution is available NOW for Schneider clients and both companies stand at the ready to engage in discussions. Request a demo from Claroty today or contact us for more information on the partnership!