Claroty adds fully integrated remote incident management to OT security platform
- Published: Friday, 06 November 2020 10:17
Claroty has announced new enhancements to The Claroty Platform, making it ‘the industry’s first OT security solution to offer remote incident management as a fully integrated capability that spans the entire incident lifecycle’. The platform now enables cyber security teams to detect, investigate, and respond to security incidents on OT networks across the broadest attack surface area securely and seamlessly from any location.
“Arming cybersecurity teams with the ability to detect, investigate, and respond to not only asset-based attacks, but also to identity-based attacks, is at the heart of the new enhancements to The Claroty Platform,” said Grant Geyer, Chief Product Officer of Claroty. “Our customers can now further evolve their OT security posture, strategy, and workflows for a variable work environment, while enduring adversarial activity and whatever else they might encounter on the network.”
Key features and functions
With its newly enhanced Secure Remote Access (SRA) 3.1 and Continuous Threat Detection (CTD) 4.2 components, The Claroty Platform now spans all three stages of the incident lifecycle:
Detection: more than half of OT and IT security professionals say their organizations are now more of a target for cyber criminals since the pandemic began, according to Claroty’s recent survey report. This reinforces the importance of quick detection and identification of unauthorized activities. The Claroty Platform gives teams an early advantage with the ability to identify and differentiate authorized remote user activity from unauthorized ones that could impact process integrity.
When users receive an alert from CTD, Claroty’s Wisdom of the Crowd capability utilizes information from similar events across Claroty’s customer base to provide context into the potential impact of the alert, enabling users to respond more effectively and efficiently.
Investigation: the increase in both teleworking and malicious activity demands quicker identification in a remote setting. Claroty’s enhanced platform arms SOC teams with full visibility into remote user activity, insight into how indicators detected on the network have manifested in other areas, the ability to investigate incidents from any location, and greater context around the business criticality and process values of assets involved in such incidents.
This minimizes the need for onsite staff while optimizing investigations with enriched assets, including both live SRA sessions including full-length video recordings, as well as threat alerts with reputational context from the Claroty community.
Response: even as IT and OT networks have become more interconnected since the pandemic began, IT and OT teams have found it more challenging to collaborate. The Claroty Platform bridges this gap with its integrated interface and the ability to disconnect potentially harmful OT remote sessions, minimizing the need for onsite staff and expediting remedial activities.
Integrations with ServiceNow and Swimlane enable teams to manage all IT and OT alerts from a single access point within the respective platforms. This allows organizations to adapt their OT incident response function and workflows for a remote or hybrid workforce.
Collectively, these features allow teams to adapt their monitoring, inspection, and response management from on- or off-site premises without compromising efficiency or effectiveness. The result for the business is reduced exposure to risk and greater operational resilience.