top of page

Cyber Security for Industrial Control System

The Full Story

VISIBILITY

Unmatched OT protocol coverage and active, passive, and AppDB scanning technology enable The Claroty Platform to deliver full visibility into all three variables integral to effective risk assessment and reduction in OT environments. These include 1) Asset Visibility; 2) Network Session Visibility; and 3) Operational Process Visibility. Claroty is the only vendor that offers this caliber of OT visibility.

THREAT DETECTION

The Claroty Platform utilizes five detection engines to automatically profile all assets, communications, and processes in OT environments, establish a behavioral baseline that characterizes legitimate traffic and weeds out false positives, and provide comprehensive and continuous OT security and integrity monitoring coverage—all without requiring OT expertise. These engines include: Anomaly Detection, Security Behaviors, Known Threats, Operational Behaviors, and Custom Rules.

VULNERABILITY MANAGEMENT

After identifying the exact firmware version, operating system, model, vendor, and rack slot—among other details—of each asset in an OT environment, The Claroty Platform correlates this information against the latest CVE data and an extensive, Claroty-tracked database of insecure protocols and other security weaknesses. The result is the painless and accurate detection of full-match vulnerabilities that can then be prioritized and remediated more efficiently, effectively, and without the burden of false positives or incomplete context.

TRIAGE & MITIGATION

All aspects of the platform work together to optimize alert triage and mitigation. This starts with OT security and integrity events, each of which is ingested by a Risk Definition Algorithm to assess whether it poses a real risk. CTD then identifies connections between risky events and bundles interrelated ones into a single alert accompanied by its root-cause analysis and likeliest attack vectors. Alerts linked to OT remote access can be easily investigated and response activities initiated via SRA, whereas those linked to IT events can be easily correlated via a customer's SIEM solution.

bottom of page