Claroty - Experts & Thought Leaders

Claroty, the cyber-physical systems (CPS) protection company, announced it has achieved the Amazon Web Services (AWS) Manufacturing and Industrial Competency for Operational Technology (OT) Security. The designation validates Claroty’s commitment to securing mission-critical infrastructure via Claroty xDome’s unrivaled OT expertise. With the surge in connectivity and a growing reliance on digital systems, manufacturing industries from automotive to pharmaceuticals have become lucrative targets for cyber attackers. Safeguarding critical assets Claroty xDome on AWS delivers a multifaceted approach that integrates existing IT tools Organisations are looking to safeguard their critical assets with the goal of ensuring the availability, integrity, and confidentiality of information and processes. Claroty xDome on AWS delivers a multifaceted approach that integrates existing IT tools & workflows with the CPS, offers visibility into all CPS in the OT environment, and extends security governance from IT to OT. “Achieving AWS Manufacturing and Industrial Competency status is a testament to Claroty’s commitment to providing customers with highly scalable, specialised solutions that meet the complex needs of the digital transformation occurring across manufacturing sites,” said Grant Geyer, Chief Strategy Officer at Claroty. AWS with xDome “By combining the power of AWS with xDome, organisations can unify their security governance–extending IT into OT—and drive all use cases towards cyber and operational resilience,” concluded Grant Geyer. “The Claroty xDome platform was extremely easy to set up, due to its scalable architecture on AWS,” said David Cox, CISO at Britvic. “With xDome, we managed to install the server and start getting data within two hours, and the data we got allowed us to act quickly on issues that we hadn’t already noticed in our environment.” AWS Competency programme AWS Competency Partners help customers drive innovation, meet business objectives The AWS Competency programme validates AWS Partners who leverage AWS technology to solve complex industry and use-case specific challenges. AWS Competency Partners help customers drive innovation, meet business objectives, and get the most out of AWS services. "Over the past few years, we've seen firsthand how critical OT and CPS security has become to our customers' digital transformation journeys," said Karen Langona, Global Partner Sales Director, Automotive and Manufacturing at AWS. SCADA workloads "Whether migrating SCADA workloads or implementing Smart Manufacturing solutions like AI-powered diagnostics and predictive maintenance, security is foundational.” “Our strategic collaboration with Claroty stems from their proven leadership in securing industrial environments, and their achievement of the AWS Manufacturing and Industrial Competency further validates their ability to deliver transformative value to customers,” concluded Karen Langona. 

Claroty, the cyber-physical systems (CPS) protection company, announced a new strategic collaboration with Google Security Operations that brings greater threat detection and response capabilities to organisations looking to bridge the gap between IT and operational technology (OT) in order to secure mission-critical infrastructure. This integration will enhance security by feeding high-fidelity, context-rich alerts and vulnerability data from SaaS-powered Claroty xDome or on-premise Claroty Continuous Threat Detection (CTD) into Google’s cloud-native security operation platform. Security operation centres Security operation centres (SOCs) are in the trenches of converging IT and OT environments Security operation centres (SOCs) are in the trenches of converging IT and OT environments, creating a new set of unique security challenges compounded by legacy systems, limited visibility, and the proprietary protocols that come with OT specialisation. As a result, SOCs are left with a lack of visibility into the types of threats that impact physical operations, overwhelmed by unfiltered alerts and growing compliance demands, and plagued by slowing response times that expose organisations to risk. The integration builds on Google Security Operations’ existing support for Claroty telemetry by enabling organisations securing CPS environments to unify their threat detection, accelerate incident response, proactively manage and remediate exposures, enhance threat hunting, and simplify compliance efforts. Risk reduction By prioritising remediation, this new integration drives meaningful risk reduction and operational efficiency. Capabilities of the integration include: Ingesting Claroty Alerts and Vulnerabilities into Google Security Operations: Correlate xDome and CTD insights with broader enterprise data for enriched context and precision threat detection that focus on risk-based remediation. Earlier Detection of Critical Threats: Identify CPS-specific risks that traditional IT tools miss for recognition of threats targetting OT, IoT, and other CPS assets before they escalate. Faster, Risk-Based Incident Response and Remediation: Empower security teams to detect and respond to threats with actionable, OT-aware intelligence, enabling remediation of underlying vulnerabilities that significantly reduces mean time to resolution (MTTR). Threat landscape “The CPS threat landscape is quickly expanding and is a high-value target for bad actors looking to exploit potential vulnerabilities as digital transformation takes shape across enterprises,” said Tim Mackie, Vice President of Worldwide Channel and Alliances at Claroty. He adds, “By combining the verticalised expertise of Claroty and our deep understanding of CPS, from deep protocol expertise to complete asset context, with Google Security Operations’ ability to prioritise threats, automate response workflows, and correlate complex attack patterns across domains, we’re able to increase operational uptime, simplify compliance across hybrid environments, and above all else, reduce risk.” IT security “IT security teams are increasingly taking on the responsibility of securing physical assets, from IoT, to medical devices, to building management systems, to supply chain automation,” said McCall McIntyre, Head of Security Product Partnerships, Google Cloud. He adds, “They need a fully integrated solution in their SOC that leverages the unrivaled knowledge of CPS delivered by Claroty and the intelligence-driven workflows of Google Security Operations that together empower SOC teams with a unified view of threats across environments, enabling earlier detection of attacks and accelerating response times.”

Claroty, the cyber-physical systems (CPS) protection company, announces new capabilities in its SaaS-based Claroty xDome platform that provide organisations with an impact-centric view of their CPS environment. The new additions, Device Purpose and Risk Benchmarking, allow users to see how the overall risk of an environment is affected by the processes involved in a device’s use – as production lines, building floors, hospital wings, and more – and prioritise risk reduction efforts based on potential impact to business outcomes, while bridging the gap between CPS personnel and other business units. Organisations becoming aware According to Gartner, “Organisations are becoming aware of their blind spots. Asset-intensive organisations increasingly realise that CPS environments are value creation centers. A manufacturing company makes money by producing goods, for instance.” “Once largely ‘out of sight, out of mind,’ boards and C-suite executives increasingly want to know how their CPS production and mission-critical environments are protected.” Evolving asset-centric approach To date, the CPS protection industry has taken an asset-centric approach by providing in-depth visibility into specific assets and their associated risks. While establishing a comprehensive asset inventory is a necessary first step for any cybersecurity program, taking a solely asset-centric approach to reducing CPS risk may lead security teams to focus on assets that would have little to no impact on the business if compromised. Organisations must be able to prioritise their limited remediation resources based on the business purpose each asset serves, whether it delivers essential services to the general population or powers the organisation’s largest revenue stream. In instances such as a security analyst and OT engineer looking at two identical devices with the same exposures, knowing what each device does for the business is critical for determining which to address first. Claroty xDome’s new Device Focusing on business context and outcomes provides a shared language for security teams and CPS operators Claroty xDome’s new Device Purpose and Risk Benchmarking capabilities make this paradigm shift from asset-centric to impact-centric risk reduction possible, by equipping teams responsible for maintaining mission-critical processes and devices with the business context they need to effectively prevent process disruption, downtime, and financial loss. Focusing on business context and outcomes provides a shared language for security teams and CPS operators while connecting their work with larger Business Impact Analysis efforts for the organisation. Words from Claroty Chief Product Officer “The security of critical infrastructures are under growing scrutiny as adversaries increasingly target these systems of the greatest criticality,” said Yoram Gronich, Chief Product Officer at Claroty. “The teams managing these environments are facing mounting pressure from multiple fronts in their organisations and need tools that exponentially make their jobs easier so they can focus on protecting the mission-critical infrastructures that sustain societal operations—that means having the business context to meaningfully reduce risk.” Key benefits Key benefits of Claroty xDome’s new Device Purpose and Risk Benchmarking include: Device Purpose: Align assets with their business context View assets categorised in a hierarchy and taxonomy according to the user’s vertical Refine hierarchy and taxonomy from a verticalised baseline, including business impact scores Measure the impact to device risk and overall risk scores based business impact customisations Risk Benchmarking: Compare organisational risk versus industry peers Analyse how the organisation’s risk landscape stacks up against similarly-sized organisations Visualise how the most critical assets are secured Measure risk reduction efforts over time across multiple risk factors across networks

Global transportation networks are becoming increasingly interconnected, with digital systems playing a crucial role in ensuring the smooth operation of ports and supply chains. However, this reliance on technology can also create vulnerabilities, as demonstrated by the recent ransomware attack on Nagoya Port. As Japan's busiest shipping hub, the port's operations were brought to a standstill for two days, highlighting the potential for significant disruption to national economies and supply chains.  Transportation sector  The attack began with the port's legacy computer system, which handles shipping containers, being knocked offline. This forced the port to halt the handling of shipping containers that arrived at the terminal, effectively disrupting the flow of goods. The incident was a stark reminder of the risks associated with the convergence of information technology (IT) and operational technology (OT) in ports and other critical infrastructures.  This is not an isolated incident, but part of a broader trend of escalating cyber threats targeting critical infrastructure. The transportation sector must respond by bolstering its defences, enhancing its cyber resilience, and proactively countering these threats. The safety and efficiency of our transportation infrastructure, and by extension our global economy, depend on it.  Rising threat to port security and supply chains  XIoT, from sensors on shipping containers to automatic cranes, are vital to trendy port functions OT, once isolated from networked systems, is now increasingly interconnected. This integration has expanded the attack surface for threat actors. A single breach in a port's OT systems can cause significant disruption, halting the movement of containers and impacting the flow of goods. This is not a hypothetical scenario, but a reality that has been demonstrated in recent cyberattacks on major ports.  Adding another layer of complexity is the extended Internet of Things (XIoT), an umbrella term for all cyber-physical systems. XIoT devices, from sensors on shipping containers to automated cranes, are now integral to modern port operations. These devices are delivering safer, more efficient automated vehicles, facilitating geo-fencing for improved logistics, and providing vehicle health data for predictive maintenance. XIoT ecosystem  However, the XIoT ecosystem also presents new cybersecurity risks. Each connected device is a potential entry point for cybercriminals, and the interconnected nature of these devices means that an attack on one, which can move laterally and can have a ripple effect throughout the system.  The threat landscape is evolving, with cybercriminals becoming more sophisticated and their attacks more damaging with a business continuity focus. The growing interconnectivity between OT and XIoT in port operations and supply chains is also presenting these threat actors with a greater attack surface. Many older OT systems were never designed to be connected in this way and are unlikely to be equipped to deal with modern cyber threats. Furthermore, the increasing digitisation of ports and supply chains has led to a surge in the volume of data being generated and processed. This data, if not properly secured, can be a goldmine for cybercriminals. The potential for data breaches adds another dimension to the cybersecurity challenges facing the transportation sector.  Role of cyber resilience in protecting service availability  Cyber resilience refers to organisation's ability to prepare for, respond to, and recover from threats As the threats to port security and supply chains become increasingly complex, the concept of cyber resilience takes on a new level of importance. Cyber resilience refers to an organisation's ability to prepare for, respond to, and recover from cyber threats. It goes beyond traditional cybersecurity measures, focusing not just on preventing attacks, but also on minimising the impact of attacks that do occur and ensuring a quick recovery.  In the context of port operations and supply chains, cyber resilience is crucial. The interconnected nature of these systems means that a cyberattack can have far-reaching effects, disrupting operations not just at the targeted port, but also at other ports and throughout the supply chain. A resilient system is one that can withstand such an attack and quickly restore normal operations. Port operations and supply chains The growing reliance on OT and the XIoT in port operations and supply chains presents unique challenges for cyber resilience. OT systems control physical processes and are often critical to safety and service availability. A breach in an OT system can have immediate and potentially catastrophic physical consequences. Similarly, XIoT devices are often embedded in critical infrastructure and can be difficult to patch or update, making them vulnerable to attacks.  Building cyber resilience in these systems requires a multi-faceted approach. It involves implementing robust security measures, such as strong access controls and network segmentation, to prevent attacks. It also involves continuous monitoring and detection to identify and respond to threats as they occur. But perhaps most importantly, it involves planning and preparation for the inevitable breaches that will occur, ensuring that when they do, the impact is minimised, and normal operations can be quickly restored.  Building resilience across port security and supply chains   In the face of cyber threats, the transport sector must adopt a complete method of cybersecurity In the face of escalating cyber threats, the transportation sector must adopt a comprehensive approach to cybersecurity. This involves not just implementing robust security measures, but also fostering a culture of cybersecurity awareness and compliance throughout the organisation.  A key component of a comprehensive cybersecurity strategy is strong access controls. This involves ensuring that only authorised individuals have access to sensitive data and systems. It also involves implementing multi-factor authentication and regularly reviewing and updating access permissions. Strong access controls can prevent unauthorised access to systems and data, reducing the risk of both internal and external threats. Network segmentation Network segmentation is another crucial measure. By dividing a network into separate segments, organisations can limit the spread of a cyberattack within their network. This can prevent an attack on one part of the network from affecting the entire system. Network segmentation also makes it easier to monitor and control the flow of data within the network, further enhancing security.  Regular vulnerability assessments and patch management are also essential. Vulnerability assessments involve identifying and evaluating potential security weaknesses in the system, while patch management involves regularly updating and patching software to fix these vulnerabilities. These measures can help organisations stay ahead of cybercriminals and reduce the risk of exploitation.  EU’s NIS2 Directive EU’s NIS2 Directive came into effect, and member states have until October 2024 to put it into law The transportation sector must also be prepared for greater legislative responsibility in the near future. The EU’s NIS2 Directive recently came into effect, and member states have until October 2024 to put it into law. The Directive aims to increase the overall level of cyber preparedness by mandating capabilities such as Computer Security Incident Response Teams (CSIRTs). Transport is among the sectors labelled as essential by the bill, meaning it will face a high level of scrutiny. Getting to grips with the complexities of XIoT and OT integration will be essential for organisations to achieve compliance and avoid fines. Global transportation infrastructure Finally, organisations must prepare for the inevitable breaches that will occur. This involves developing an incident response plan that outlines the steps to be taken in the event of a breach. It also involves regularly testing and updating this plan to ensure its effectiveness. A well-prepared organisation can respond quickly and effectively to a breach, minimising its impact and ensuring a quick recovery.  In conclusion, mastering transportation cybersecurity requires a comprehensive, proactive approach. It involves implementing robust technical measures, fostering a culture of cybersecurity awareness, and preparing for the inevitable breaches that will occur. By taking these steps, organisations can enhance their cyber resilience, protect their critical operations, and ensure the security of our global transportation infrastructure.