The Claroty Blog

Security Posture Assessment...A Deeper Look

| Assaf Regev

You may recall the announcement a few weeks ago of Security Posture Assessment, a new technology within the Claroty Platform. We’ve received many questions about this tool, so I wanted to breakdown what it is, why we developed it, and most importantly, how it helps make Claroty customers safer.

Those Who Cannot Remember the Past are Condemned to Repeat It

The exponential growth in the volume and complexity of cyber-attacks, along with a growing shortage of cyber-security skills, have plagued the IT world for more than a 20 years.  These challenges are now being felt with increasing severity in Operational Technology (OT) environments. Motivated by the opportunity for disruption, destruction, and profit, cyber-criminals and state-sponsored and non-state cyber-terrorist groups have increasingly turned their cross-hairs to industrial targets, and many OT organizations are playing catch-up to defend against the threat.

Industry experts have been telling us for years that OT networks are vulnerable.  It is not uncommon to encounter ICS networks lacking basic protections allowing potential attackers to quietly perform reconnaissance before launching full-blown attacks – potentially wreaking havoc on targets such as a manufacturing line, oil & gas refineries or distribution systems, or an offshore drilling rig.

The Conundrum of OT Security

On the one hand, it’s unrealistic to expect asset owners to perform massive upgrades to their OT infrastructures in the short-term, which could cost their company many millions of dollars. On the other hand, teams know they must prioritize vulnerabilities and take targeted action immediately to reduce their risk exposure. Getting started with a thorough vulnerability assessment and turning the results into an action plan can be a daunting exercise as most environments expand over time, and it is difficult to track all of the connection points and protocols involved in an industrial control system (ICS) network.

How Do You Overcome This Catch 22?

Claroty’s Security Posture Assessment is the ideal tool for consulting and security teams wanting to conduct a quick and comprehensive assessment of a plant of operational environment. The tool consumes a network capture PCAP data file, collected from a network switch on the ICS network, and produces a detailed analysis. The report provides a summary of the assets and communications discovered on the network, pinpoints vulnerable assets, and uncovers network configuration and other “network hygiene” issues that can provide attackers a pathway or impact critical processes.

Check out the short overview video below to see the level of detailed reporting generated in Security Posture Assessment. 

Detailed Reporting

Claroty’s Security Posture Assessment provides a snapshot with detailed vulnerability information along with risk-prioritized insights and recommended mitigation steps. This includes both known vulnerabilities (matching CVEs to assets) and numerous “network hygiene” insights.  Using this information, security and SOC teams can dramatically reduce their network attack surface – effectively strengthening their ICS risk posture.

Practical Recommendations

By automatically identifying assets across the entire ICS network including assigned IP, nested assets, and assets that communicate over serial connections, Security teams are provided with a logical map of devices within the network to be utilized for asset inventory and management tasks as well as addressing various regulatory and internal audit requirements.

Key Benefits

  • Consolidated view of operational and security risk – instantly detect all of your OT vulnerabilities, providing a consolidated view of cyber risks across your entire ICS network.
  • Context-aware Intelligence – deep visibility into the network’s assets, communications, and infrastructure yields precise matching of assets and CVEs, so you don’t waste time, and deep insights into additional configuration issues that can leave you exposed.
  • Actionable mitigation and remediation – provide security teams with contextual mitigation recommendations to reduce the attack surface and strengthen the overall security posture.

Subscribe to Email Updates