AESCSF: Maturing Your OT Security with Claroty

As we’ve previously emphasized on the Claroty blog, compliance does not equal security. Meeting mandatory requirements is essential, but simply checking all the boxes for meeting basic standards is insufficient for ensuring the security, reliability, and resiliency of operational technology (OT) and critical infrastructure.

Encouragingly, the widespread realization that security teams must go above and beyond the minimum standard required to be compliant has led to a growing number of guiding frameworks being developed and widely adhered to over the past several years. The Australian Energy Security Cyber Security Framework (AESCSF) is a prime example.

Released in 2018 by the Australian Energy Market Operator (AEMO), the AESCSF offers a comprehensive maturity model tailored to the unique challenges of energy companies. And while it’s specifically intended for the Australian energy sector, AESCSF is based on the U.S. Department of Energy’s Cybersecurity Capability Maturity Model (ES-C2M2) and is closely aligned with many other industry standards for OT security. As such, it serves as a broadly relevant example of a top-notch OT security model that’s worth taking a look at regardless of your location or industry.

The Claroty Platform is perfectly suited to help teams align their OT security with rigorous maturity models such as AESCSF. Let’s take a look at how Claroty helps fulfill specific domains of this particular framework:

  • AESCSF Domain: Asset, Change, and Configuration Management

Claroty’s Multispectral Data Acquisition capabilities can inventory OT assets in multiple ways, gathering granular data about each asset's vendor, serial number, firmware version, and network connections. This asset inventory is updated on an ongoing basis, logging firmware updates and other changes.

  • AESCSF Domain: Cybersecurity Program Management

The Claroty Platform provides multiple features for establishing and managing cybersecurity rules and organizational policies, such as alerting thresholds and reasons, remote access privileges down to a user level, and virtual segmentation within your OT network.

  • AESCSF Domain: Threat and Vulnerability Management

By automatically comparing each asset’s attributes to an extensive database of insecure protocols, configurations, external connections, and other known vulnerabilities, Claroty enables security teams to quickly and accurately identify exact-match vulnerabilities in your OT environment.

  • AESCSF Domains: Situational Awareness, Risk Management

In addition to delivering unmatched unmatched OT visibility, threat detection, and vulnerability management, Claroty further supports situational awareness and risk management by quantifying risk within your OT environment with a single metric generated by an algorithm that factors in the unique context and specific circumstances behind each alert. This allows security teams to quickly weed out false positives, understand which threats pose the greatest risk, and prioritize triage and mitigation efforts accordingly.

  • AESCSF Domains: Event and Incident Response, Continuity of Operations


    With Claroty, security teams have access to a vast, ever-expanding wealth of OT-specific threat intelligence, including Claroty’s proprietary research and our extensive database of common vulnerabilities and exposures (CVEs), public sources, and indicators of compromise (IoCs). Armed with this intelligence, teams can expedite and simplify threat detection and response efforts. To help sort and prioritize alerts, Claroty’s Contextual Alert Risk Scoring ranks the criticality of alerts based on granular data and specific circumstances. And to help teams quickly glean a big-picture understanding of a particular threat, Claroty’s Root-Cause Analysis function offers consolidated, contextualized data for a specific chain of events.

  • AESCSF Domains: Identity and Access Management, Workforce Management

Claroty Secure Remote Access (SRA) fully accounts for all users in a system, including third-party vendors. SRA provides details about each user within an OT network, such as whether their connection is local or created via an Active Directory, when their account was created, and when they were last logged in. SRA also offers the ability to reset users’ passwordw, enable/disable endpoint or server privileges, and generate one-time passwords.

  • AESCSF Domain: Information Sharing and Communications

The Claroty Platform allows users to quickly and easily produce automated reports, ranging from simple reports on a single asset or group of assets to comprehensive Risk Assessment Reports offering insight into your entire OT network. To facilitate effortless, consistent risk communication, Claroty reports can be scheduled to run periodically and can easily be shared as email attachments.


To learn more about how Claroty can help you align your organization’s OT security with AESCSF, another maturity framework, or your own internal objectives, request a demo.

 

 

Read On