At Claroty we’ve always been obsessed with delivering our customers an unrivaled depth and breadth of OT visibility. Today, from this industry-leading position of visibility, we’re extremely excited to announce our expanded coverage beyond the world of OT and into the universe of the Internet of Things (IoT). Continuous Threat Detection (CTD) version 3.5 now delivers unified visibility, security monitoring, and risk assessment for both IoT and OT devices. This new coverage, combined with faster deployment features and a new machine learning (ML) alert algorithm, delivers fast time-to-value without the distracting noise of unnecessary alerts. In addition, we are introducing broader functionality for diverse use cases, and additional technological integrations, making this release one of Claroty’s biggest to date!
IoT Visibility & Security Monitoring
With more and more IoT devices populating OT networks on a daily basis, managing and monitoring these devices is critical to reducing enterprise risk without sacrificing innovation and digital transformation. Now Claroty customers enjoy all the benefits of CTD for their managed and unmanaged IoT assets. CTD now automatically discovers and classifies any and all IoT devices on your network, correlates these devices with known vulnerabilities, and continuously monitors them with Claroty’s five award-winning detection engines. Claroty’s proprietary and easy-to-use GUI semi-automatically augments protocol support for new devices in the field. The result is full-spectrum, unified visibility across IoT and OT devices at no risk to operations.
IoT-OT Network Segmentation
While the benefits of segmenting your networks from external access is clear, the actual implementation tends to be very difficult and time-consuming. Leveraging CTD’s new Virtual Zones+ feature, the system automatically tags assets with similar network traffic parameters into logical groups. Once grouped, CTD identifies the relationships between logical groups and automatically generates granular communication policies. The policies assign permission levels to each zone, along with a specific level of trust to help the end-user understand the risk posed by every logical connection between the zones. Anomaly-based alerts indicate a breach of this trust.
Establishing baseline communications between assets in automatically designated virtual zones can rapidly accelerate and bring down the cost of network segmentation projects. And through CTD’s firewall integrations with Palo Alto, Cisco, CheckPoint, and now Fortinet, customers can proactively enforce network segmentation policy violations by identifying and restricting anomalous or non-compliant communications across zones.
Root Cause Analytics (RCA)
All too often security tools deliver alerts to the SOC without any context surrounding its origin. CTD’s new Root Cause Analytics feature provides customers with visibility into the chain of events leading up to every single alert. This is particularly important for OT security alerts consumed by IT security professionals with limited to no knowledge of OT operations. This new feature enables fast and easy triage of alerts, as well as proactive threat hunting. Root Cause Analytics equips CTD’s users with context surrounding the associated threat and risk to better hunt for threats and confidently resolve security events.
Claroty Threat Intelligence (CTI)
When it comes to OT and IoT security, relevant and actionable threat intelligence is an increasingly valuable asset. With this latest release, CTD customers now receive the benefits of Claroty Threat Intelligence (CTI), a highly curated, multi-source, and tailored feed that enriches Claroty’s Root Cause Analytics with proprietary research and analysis of OT zero-day vulnerabilities and ICS-specific indicators of compromise (IoC) linked to adversary tactics, techniques, and procedures (TTP). CTI’s YARA rules, for example, run on OT asset config changes and code sections, not just IT artifacts. Powered by Team82, Claroty’s research and development (R&D) arm, CTI equips threat hunters and incident responders with the relevant context needed to detect and prevent targeted attacks early in the kill chain and mitigate the consequences of malware infections.
ClarotyOS and System Dashboard
One of Claroty’s main value propositions has always been fast time-to-value and thanks to CTD’s new ClarotyOS and System Dashboard feature, deployment will be faster than ever before. ClarotyOS is a purpose-built, hardened Linux OS that requires no more than a few basic configurations before CTD can start discovering assets, extracting granular attributes, and learning their communications.
With this latest release, Claroty’s solution can be deployed in a number of ways; from rack mount and DIN-rail form factors to hardened hardware and virtual appliances, container-based delivery models, embedded into select switches and routers as well as within our partners' security infrastructure. System dashboards allow for status checks at each site, reducing the risk of user error during deploying and facilitating easy maintenance.
Machine Learning (ML) Alert Algorithm
Last but not least, CTD version 3.5 leverages artificial intelligence to improve both the user experience and security at the same time. Let’s face it, most Security Operations Centers (SOC)are overwhelmed with alerts that necessarily consumes hours of investigation or pose little to no risk to the enterprise.
This feature eliminates the noise. CTD's five detection engines each generate different baselines of events and the system's ML Alert Algorithm correlates these events with other online patterns and behaviors on the network. While every change is logged in the system and classified as an event, only the highest fidelity alerts are delivered to the end-user for further review and investigation. These alerts are naturally enriched by Claroty Threat Intelligence and include the full context afforded by Claroty’s Root Cause Analytics. Risk-based indicators and a proprietary scoring index prioritize these ML-generated alerts within an user's queue and alerting sensitivities are entirely customizable to accommodate different organizations’ risk appetites.
We hope you love this update as much as we do.
Stay informed about all updates by subscribing to this blog. We’ll be releasing more information on each of the above features in the coming days. And if you would like more details on any of these enhancements, reach out and request a demo!