Claroty introduces a new Security Posture Assessment product and significant enhancements to its Continuous Threat Detection ICS cybersecurity platform. The release incorporates real-time vulnerability monitoring and network hygiene insights with attack vector analysis, enabling industrial asset owners to fully protect industrial systems from rapidly growing threats.
The Claroty Platform is built on Claroty’s CoreX engine, which reportedly provides:
• Real-time threat detection including advanced anomaly and signature-based detection for complete coverage of known and unknown threats, and analysis tools for ICS threat hunting.
• Continuous vulnerability monitoring enabling customers to uncover and remedy network configuration “hygiene” issues and identify assets with known vulnerabilities (CVEs).
• Secure remote access with policy- and workflow-based access control and session monitoring.
• Enterprise scalability including a consolidated “single pane of glass” management console for multi-plant environments and integration with existing security systems (e.g., SIEM, log management, security analytics, etc.).
• Cost-effective deployments in remote, bandwidth- or compute-constrained environments, leveraging an advanced sensor-based architecture suitable for use cases such as electric transmission or oil/gas pipelines.
The new Security Posture Assessment product is suited for consulting and security teams who want to conduct a quick but comprehensive assessment of a plant or operational environment. The new software product ingests a network capture (PCAP) file and generates a comprehensive report detailing the industrial network, its assets and deep insights including network configuration and other weaknesses.
The new release of Claroty Continuous Threat Detection (Version 2.1) includes a large number enhancements including:
• Continuous monitoring for vulnerabilities and network hygiene issues – Leveraging the same CoreX engine capabilities as Security Posture Assessment, customers receive real-time updates about industrial assets with known vulnerabilities. The system provides fine-grained CVE matching – for example, down to the firmware version on controllers – so that customers don’t waste time on vulnerabilities that don’t apply to their specific environment. The new capability also includes ongoing detection of network configuration issues and other “network hygiene” weaknesses that can leave industrial networks exposed.
• OT attack vector analysis – A completely new ability to generate specific scenarios simulating possible attack vectors that have the potential of compromising critical OT assets. This empowers security teams with the visibility to proactively mitigate risk and prioritize activities along the paths of greatest potential impact to their processes.
• Enhanced threat and vulnerability intelligence – Claroty Research continues to expand its curated intelligence, adding to its knowledge base of indicators of compromise (IOCs) and ICS- specific vulnerabilities. The comprehensive threat and vulnerability feed enables improved detection, more precise threat identification, rapid situational awareness and up-to-date information about the latest weaknesses in industrial devices.