Continuous Threat Detection extracts precise details about each asset on the industrial network, profiles all communications and protocols, generates a fine-grain behavioral baseline that characterizes legitimate traffic, and alerts you to network changes, new vulnerabilities and threats. The alerts the system generates provides the contextual information you need to investigate and respond quickly. Continuous Threat Detection delivers immediate value enabling customers to:

• Rapidly detect industrial operations risk, enhance cyber resiliency, and minimize unplanned downtime
• Prevent impact to physical processes, expensive industrial equipment or injuries to people
• Quickly deploy and scale across multiple sites and reduce overall management costs

Extreme Visibility Continuous Threat Detection deeply understands ICS network communications, protocols and behaviors – providing detailed, accurate information that remains up-to-date. The system automatically discovers asset details across the entire industrial network – IP assigned, nested assets and assets that communicate over serial connections. Security and Operational Alerts Continuous Threat Detection creates a very fine-grain “baseline” model of the ICS environment.  Leveraging a “known good” baseline, and knowledge about how ICS systems work, Continuous Threat Detection employs advanced pattern matching techniques; generating rich alerts when anomalous activity or critical changes occur. Continuous Vulnerability Monitoring With deep insights into the ICS environment, CTD enables users to proactively identify and fix configuration and other network hygiene issues that can leave your network vulnerable to attacks. Leveraging proprietary intelligence, the system continuously monitors the network for new known vulnerabilities – providing precise CVE matching down to the firmware versions for industrial devices.

Claroty’s integrated ICS suite protects the safety of people, assets, and critical processes from  cyber-attacks. The platform provides security teams with extreme visibility into industrial control networks, real-time monitoring, network segmentation, control over employee and 3rd party remote access, and integration with existing SOC, cybersecurity and network infrastructure. Claroty Platform

• Provides extreme visibility into ICS Networks
• Identifies security gaps – including known and emerging threats and vulnerabilities
• Automatically generates current state of OT process-level communications and presents  an ideal network segmentation strategy
• Detects security posture changes
• Enables proactive threat hunting with actionable threat information
• Secures, monitors, and records remote connections to ICS assets

Protect. Proactively discover and eliminate vulnerabilities, misconfigurations and unsecure connections. Respond. Receive context rich alerts for  rapid triage and investigation,  and automate response using  existing network infrastructure. Detect. Continuously monitor and detect malicious activity and high-risk changes throughout the  attack “kill-chain”. Control. Implement network segmentation  and manage remote access by  enforcing granular access policies  and recording sessions. The Claroty Platform support the following levels of cyber security: Passive:

• Continuous, real-time monitoring of OT Networks
• Rapidly discover network communications and asset details down to the I/O level
• Field Proven and 100% safe for OT networks

Active:

• Precise, periodic queries of OT and IT Assets
• Safely query ICS and non-ICS assets for enhanced visibility into asset configurations
• Enhanced context for alerts and vulnerabilities

Secure Remote Access

SRA minimizes the risks remote users, including employees and 3rd party vendors, introduce to OT networks. It provides a single, manageable interface that all external users connect through, prior to performing software upgrades, periodic maintenance, and other support activities on assets within industrial control system networks. The system enforces password management, authentication and access control policies for remote connections and monitors and records remote sessions. Network administrators employ SRA to proactively control which users are granted access to industrial control assets, for what purpose, and during what time windows.

Key Benefits

Secure Remote Access delivers organizations the following value:

• Isolate critical industrial systems from unmanaged and insecure VPN plus “jump box” scenarios
• Eliminate one of the most critical attack vectors that threat actors have used to gain access to industrial systems -- pathways that have been leveraged in multiple ICS attacks
• Remove the vulnerability presented by sharing passwords across internal teams or teams working for external contractors
• Enable granular auditing through video-based session recordings and detailed reporting with advanced filtering options

Use Cases

Network administrators Have full visibility and control over 3rd party and employee accesses before, during and after a remote session takes place. OT Plant/Operation Can monitor and review remote sessions and validate that the user’s stated purpose aligns with the actual session activity. Security Teams and Auditors Can validate that remote access control policies are being consistently implemented in industrial environments, watch active sessions, and review recorded sessions based on a risk assessment.