The Claroty Blog

Claroty's Winter 2018 Release Delivers OT Network Segmentation, Multispectral Data Acquisition, and Expanded Partner Integrations

| Patrick McBride

I'm very excited to tell you about the latest version of the Claroty Platform. Our research, engineering, and QA teams have been working very hard this fall. They have cooked up some really cool new capabilities that provide demonstrable risk reduction ROI and significantly decrease the cost and time required to bring OT security up to par with business networks.

These new capabilities will help you better protect your OT networks from cyberattacks and ensure your most critical industrial processes remain up, running and generating revenue. These game changing capabilities demonstrate Claroty's ongoing commitment to leading the industrial cybersecurity market in innovation.  They include:

  • Virtual Zones and OT Network Segmentation – an innovative approach to creating both virtual and policy-based segmentation for your OT network without the typical time, expense and disruption. Read here for more detail.
  • Multispectral Data Acquisition – a ground-breaking new approach to data collection that provides nearly 100% visibility into all the assets in the OT network environment, what they are,  what function they perform, configuration information, how the assets are communicating in the network and specific details about the application-level (layer 7) process automation “conversations”. Click here for more detail.
  • Technology Ecosystem Integrations – Claroty has expanded its technology integration ecosystems to include partnerships with several additional market-leading industrial automation and cybersecurity technology providers. These integrations enable enterprises to better leverage their current OT investments in technology, processes and training. A complete list of integrations is available here.

 

Virtual Zones and OT Network Segmentation

Our virtual zones functionality automatically generates and maintains a “current state” view of your OT/ICS process-level communications. This is not simplistic net-flow, it is a deep understanding about how the industrial assets in your environment are communicating and the actual process automation “conversations” taking place between assets. 

With this understanding of how your industrial automation system is configured and communicating, our proprietary algorithms create logical groupings of assets and add new assets to the appropriate groups. Thus, Claroty is able to automatically generate an ideal segmentation strategy for your OT network and implement a “virtual segmentation” scheme automatically. 

Virtual segmentation is a very time- and cost-effective way to rapidly enhance the security of your plant or operational environment and is built into the latest version of our Continuous Threat Detection product. Virtual segmentation can be used across the entire OT network and is really the only practical option for segmentation in the lower layers of your OT network where blocking is prohibited because of the very negative impact it can have on operational processes (e.g., between Layer 2 & Layer 1 of the Purdue model).  With virtual segmentation, alerts based on cross-zone violations receive high risk status so your SOC team can more easily prioritize them. 

In addition to virtual segmentation, Claroty can also enforce network segmentation by automatically creating policies for firewalls and network access control (NAC) products, and defining an asset grouping strategy for VLANs. These policies enable you to enforce segmentation using your existing network infrastructure without impacting how your industrial automation systems are working. We have already developed integrations for vendors such as Palo Alto Networks, Check Point, Cisco (ISE) and ForeScout for this purpose.

Beyond enforcing proactive, policy-based segmentation, our alert-based integrations with leading firewall platforms enables customers to mitigate active attacks. For example, Claroty can send real-time alerts about unapproved devices or compromised assets on the network, and your firewall can automatically quarantine or otherwise isolate the device communications until it is investigated and approved or fixed.

Virtual zones and network segmentation enforcement provide an active, automated and integrated method of rapidly building defense in depth for your most critical systems and preserving the investments you've already made in network infrastructure.

 

Multispectral Data Acquisition

Multispectral combines the power of our existing, market-leading Passive (DPI), Active (query-based) and App DB data acquisition into one integrated platform.

Passive: Continuous, real-time monitoring of OT Networks

  • Rapidly discover network communications and asset details down to the I/O level
  • Field Proven and 100% safe for OT networks.
Active: Precise, periodic queries of OT and IT Assets
  • Safely query ICS and non-ICS assets for enhanced visibility into asset configurations
  • Enhanced context for alerts and vulnerabilities
App DB: Offline Enrichment of OT asset data
  • Ingest and parse PLC/RTU project and other configuration files and binaries
  • Gain nearly 100% asset coverage and enhanced configuration details

This combined capability enables us to provide you nearly 100% visibility into your OT environment. The difference between limited, not good enough visibility, and “extreme visibility” is stark, and it matters financially.  In a nutshell, extreme visibility is about reducing risk and empowering individuals who manage and secure these critical networks and the operational personnel who manage and monitor industrial processes.

Get the detail here on why you need an extreme level of visibility and why Claroty, the king of passive, made our two-year-old active technology generally available now. It also describes the safeguards we’ve implemented to ensure that our active capability can be safely utilized in critical production environments.

These new multispectral capabilities deliver on Claroty’s promise of providing our customers with the best visibility possible into industrial control networks and maintains Claroty’s track record of industry-leading innovation. 

 

Technology Ecosystem Integrations

We’re announcing a range of new technology partner integrations, from security operations center (SOC) tools to network infrastructure providers, enabling you to leverage the investments you've already made in technology process development, and training. 

 The list includes integrations across:

  • Network Infrastructure (Cisco, Siemens, Palo Alto, CheckPoint)
  • Network Access Control (ForeScout, Cisco)
  • SIEM & Analytics (Splunk, IBM QRadar, RSA)
  • Endpoint Detection and Remediation (EDR) (TripWire)
  • Certified Partner Deployment Options

As noted above, integration with network infrastructure and NAC tools enables automated deployment of network segmentation and micro segmentation policies within your OT network and the automation of alert-based actions to stop attacks in real-time.

Integrating Claroty’s rich IT and OT asset data and network communications information with the SIEM & Analytics SOC teams already use provides a cost-effective method of implementing an integrated IT/OT SOC.  Whether responding to alerts containing very rich context that improves triage and reduces investigation times, or proactively hunting for threats, Claroty’s unsurpassed information about the OT environment streamlines SOC operations and lowers TCO.

We have also developed certified partner deployment options for switches and other network gear to accommodate various use cases and to ensure that you are able to leverage your investments in this gear. For example, we can run lightweight sensors on Siemens Scalance and Ruggedcom switches enabling very cost-effective deployment options for a range of highly distributed use cases such as electric transmission grids and pipelines.

You can learn more about these integrations on our Technology Ecosystem Integrations section of our website.

 

The Bottom Line

I believe these enhancements to the Claroty Platform fill critical gaps in the industrial cybersecurity market as industrial enterprises continue to be impacted by targeted OT network attacks and broad-based attacks which “spillover” from IT networks into the operational environment.

As our customer base continues to grow very rapidly, we are working alongside them to develop the innovative capabilities that actually reduce risk and improve operational efficiency in the real-world.  Stay tuned for our next platform update in the next few months.

Subscribe to the Blog