March 2019 Update: This integrated solution comprised of Claroty's Continuous Threat Detection and Cisco's Identity Services Engine and Firepower next-generation firewalls has been tested and officially certified by Cisco as "Cisco Compatible". For more detail on the combined solution, read below and visit our page in the Cisco Marketplace
While enterprises have made great strides in protecting their business networks, industrial control system (ICS) networks remain at high risk. ICS networks are the critical revenue generating backbone for manufacturers, energy companies, pharmaceuticals, and many others. These networks, often referred to as “operational technology” or OT, can be found in everything from manufacturing plants to energy production and distribution and even HVAC and building management systems, are being besieged by advanced adversaries. News headlines of network intrusions into critical infrastructure are becoming more frequent, but it’s not just targeted attacks that have had a devastating impact on OT networks. WannaCry and NotPetya demonstrated that attacks that were not targeting OT can still cause extreme “collateral” damage–estimates for these two attacks alone top $10 billion.
With pxGrid, ISE and the Firepower portfolio, plus a phalanx of integration partners, Cisco has created an unmatched ecosystem for protecting enterprise business networks. Cisco customers can now extend that reach and rapidly bring their OT networks up to the same protection standard as their business networks with an integrated solution from Claroty, the leader in industrial control system security.
This new solution combines Continuous Threat Detection, Claroty’s advanced visibility, and real-time monitoring technology for OT networks, with Cisco Identity Services Engine (ISE) and Firepower–to extend visibility deep into the lowest levels of industrial networks and enabling dynamic, automated, and active threat protection for OT environments. This powerful, integrated solution addresses several important OT network protection use cases including:
- Deep Visibility into Industrial Networks – Claroty safely and automatically discovers all assets across industrial networks, including SCADA and DCS environments, without the need for agents. The system monitors SPAN traffic and leverages the advanced industrial network protocol dissectors in the CoreX engine to automatically identify and classify industrial assets. We’re not just talking MAC and IP addresses here. The system identifies detailed configuration information and automatically classifies the different types of industrial assets–from Human Machine Interfaces (HMIs), Programmable Logic Controllers (PLC) and Remote Terminal Units (RTU), which are the backbone of industrial networks, to ancillary devices like Engineering Workstations, Historians and more. The system provides comprehensive details about the assets, the protocols used to communicate, the various assets they are talking to and details about the actual OT conversations taking place.
- Automated Policies – this extreme level of visibility into OT networks is not an end goal itself. Through integration with pxGrid, Cisco customers can easily ingest asset details into ISE and leverage this rich asset data to create new policies that are fine-tuned for industrial networks. This integration also enables ISE to automate policy management– applying preset policies for new assets that appear based on the asset type and other details. For example, ISE can generate policies for PLCs or RTUs that are running firmware with known vulnerabilities (CVEs) or access policies that can be tuned for the different levels of risk posed by devices such as Human Machine Interfaces (HMIs) and Programmable Logic Controllers (PLCs) or Remote Terminal Units (RTUs) which monitor and control industrial processes.
- Expanded Threat Protection – with comprehensive information about individual OT assets, plus details about application-level communication patterns using industrial protocols, customers can create or automate the creation of advanced firewall rules. Using Claroty’s virtual zones capability, which automatically creates logical groups of assets (zones) based on the communications patterns between assets, customers have the Firepower rules necessary to implement zone-to-zone micro-segmentation for dramatically enhanced threat protection. This detailed knowledge about industrial assets and their communications patterns also enables customers to adjust Firepower’s threat detection and prevention to meet the unique requirements of each OT environment.
- Comprehensive Vulnerability Management – Continuous Threat Detection also pinpoints which industrial assets have known vulnerabilities and the integration enables ISE or Firepower to ingest this data and automatically apply additional protection rules.
With Claroty and Cisco integration, customers can bolster their monitoring and protection, “stay ahead of the hack
Learn more about the benefits of the joint Cisco Firepower & Claroty solutions with this Integration Brief.
For more information on the partnership check out the Cisco Blog.