Claroty - Experts & Thought Leaders

Claroty, the cyber-physical systems (CPS) protection company, and Axonius, the pioneer in cybersecurity asset management and SaaS management, announced a new partnership that combines technologies to bring enterprise attack surface management to all assets across an organization’s networks, including IT, cloud, and the Extended Internet of Things (XIoT) — the vast network of CPS including OT, IoT, BMS, and IoMT. By combining Claroty’s knowledge of CPS environments with Axonius’ 1,000+ integrations that extend to the cloud, customers gain a unified view and profile of all assets across environments. Additionally, the platforms extend seamlessly into vulnerability profiling, attack surface exposure visualisation, and management of exposures via protective measures and access controls to limit and segment allowable network communication and drive intelligent and timely incident response. XIoT’s undeniable benefits These organisations are well-protected against and prepared for everything from ransomware “We’re excited to be partnering with Claroty to bring to organisations a unified system of record for securing their digital infrastructure,” said Mark Daggett, Vice President of Worldwide Channel Alliances at Axonius. “Together we deliver a complete and comprehensive asset inventory that powers core controls to help organisations reach a key goal for their security strategy: reduce risk.” The integration of the Claroty and Axonius platforms gives organisations the tools they need to reduce risk and achieve cyber-resilience — meaning they not only survive adverse cyber conditions but they thrive despite them. These organisations are well-protected against and prepared for everything from ransomware and supply chain attacks to insider threats. As a result, they can embrace digital transformation and the XIoT’s undeniable benefits safely, securely, and confidently. Expertise of CPS environments “In an era of remote work, next-gen 5G mobile technology, and a vast cyber-attack connected landscape ranging from on-premise devices to cloud services, understanding exactly what encompasses your hyperconverged connected estate is more challenging and critical than ever before,” said Stephan Goldberg, Vice President of Business Development at Claroty. “The combination of Claroty’s unmatched vertical expertise of CPS environments, their business applications and technology characteristics with Axonius’ ability to provide business-level context to all assets from cloud to on-prem, creates a holistic view of all connected assets, vulnerabilities, and the dynamic attack surface and exposures that is unlike any other offering on the market.”

Claroty, the cyber-physical systems protection company, announced the release of the Global Healthcare Cybersecurity Study 2023, a survey of 1,100 cybersecurity, engineering, IT, and networking professionals from healthcare organisations. The study explores their experience with cybersecurity incidents over the past year, the state of their security programmes, and future priorities. Myriad cybersecurity challenges The survey’s findings show that healthcare organisations are facing myriad cybersecurity challenges that require them to increasingly prioritise cybersecurity and compliance. According to the study: 78% of respondents experienced a minimum of one cybersecurity incident over the last year. 47% cited at least one incident that affected cyber-physical systems such as medical devices and building management systems. 30% cited that sensitive data like protected health information (PHI) was affected. More than 60% reported that incidents caused a moderate or substantial impact on care delivery, and another 15% reported a severe impact that compromised patient health and/or safety. Noteworthy financial implication Another noteworthy financial implication, more than a third of experiencing incidents in the past year Surprisingly, of the respondents who were victims of ransomware attacks, more than a quarter made ransom payments. Another noteworthy financial implication, more than a third of experiencing incidents in the past year incurred costs from the attack of more than $1 million. “The healthcare industry has a lot working against it on the cybersecurity front—a rapidly expanding attack surface, outdated legacy technology, budget constraints and a global cyber talent shortage,” said Yaniv Vardi, CEO of Claroty. “Our research shows that healthcare organisations need the full support of the cyber industry and regulatory bodies in order to defend medical devices from mounting threats and protect patient safety.” Standards and regulations of cybersecurity Additional findings show that increased standards and regulations fuel stronger cybersecurity, but there’s more work to be done: Nearly 30% say current government policies and regulations require improvement or do nothing to prevent threats. NIST (38%) and HITRUST Cybersecurity Frameworks (38%) were selected by most respondents as important to their organisations. 44% cite regulatory developments such as mandated incident reporting as the most influential external factor to an organisation’s overall security strategy. Cyber skills shortage The study also found that the cyber skills shortage is still a top challenge:  More than 70% of healthcare organisations are looking to hire in cybersecurity roles. 80% of those hiring say it’s difficult to find qualified candidates who have the skills and experience required to properly manage a healthcare network’s cybersecurity. Methodology Claroty contracted with Pollfish to conduct a survey of healthcare providers, healthcare delivery organisations (HDOs), hospitals, and clinics in North America (500), South America (100), APAC (250), and Europe (250). Only individuals who work full-time in cybersecurity, clinical engineering, biomedical engineering, information systems, risk, or networking completed the survey, for a total of 1,100 respondents. Respondents work for organisations with a minimum of 25 beds to over 500 beds, with the largest group (45%) working for organisations with 100 to 500 beds. The survey focuses on the period of June 2022–June 2023 and was completed in July 2023.

Claroty, the cyber-physical systems protection company announced it has been recognised as a Representative Vendor in the 2023 Gartner Market Guide for CPS Protection Platforms. This is the first Gartner Market Guide to focus on cyber-physical systems (CPS) protection platforms as a market category, highlighting the growing need for technology solutions that discover and protect CPS assets in production and mission-critical environments amid a rapidly changing threat landscape.  CPS protection platforms According to the report, “Gartner defines the CPS protection platforms market as products and services that use knowledge of industrial protocols, operational/production network packets or traffic metadata, and physical process asset behavior to discover, categorise, map and protect CPS in production or mission-critical environments outside of enterprise IT environments." "Gartner defines CPS as engineered systems that orchestrate sensing, computation, control, networking, and analytics to interact with the physical world (including humans). When secure, they enable safe, real-time, reliable, resilient, and adaptable performance.” Deep domain expertise The key capabilities they should look for in a CPS protection platform align closely with Claroty’s vision and strategy" “We believe that Gartner’s analysis of the market, how it has evolved from OT security to CPS security, the CPS-related challenges facing security and risk management (SRM) pioneers, and the key capabilities they should look for in a CPS protection platform aligns closely with Claroty’s vision and strategy,” said Yaniv Vardi, CEO of Claroty. “With our highly advanced product portfolio, deep domain expertise across industrial, healthcare, commercial, and public sectors, and robust partner ecosystem, Claroty is uniquely equipped to support organisations across all maturity levels and all phases of the CPS security journey.” Five distinct asset discovery methods The report states, “Once focused mainly on passive deep packet inspection, most vendors seek differentiation and richer inventories with a variety of additional techniques, including native protocol active queries.”  Claroty is the only vendor to offer five distinct asset discovery methods that customers can mix and match to suit their specific needs: Passive monitoring with deep packet inspection, Safe Queries, or native protocol active scanning, Project file analysis, The patented Claroty Edge uses a non-persistent binary, and Ecosystem enrichment via 70+ integrations with CMDB, firewall, backup, and recovery, and dozens of other tools that customers may already use. Solutions for vulnerability management As cybersecurity challenges present risks throughout the organisation beyond enterprise IT systems" Gartner recommends, “As cybersecurity challenges present risks throughout the organisation beyond enterprise IT systems, SRM pioneers should evaluate where they are in their journey, and specifically, assess whether they have a good inventory of all CPS assets in their organisation, as well as solutions for vulnerability management, threat intelligence or specialised protection capabilities that IT-centric tools cannot address.”  Claroty fulfills these recommendations via the following capabilities:  After discovering all CPS assets in the environment, Claroty enriches each of them with an unparalleled 90+ attributes from vendor and model, to firmware and rackslot as well as contextual information about how they communicate, the physical processes they underpin, and where they fit within the topology of the environment. Additionally, Claroty supports over 450 proprietary protocols.  The Claroty Platform fuels vulnerability management by automatically correlating each asset’s attributes against its database of CVEs, misconfigurations, findings from its award-winning Team82 researchers (who have disclosed nearly 500 vulnerabilities to date), and other flaws. The platform optimises asset risk prioritisation with custom risk scoring, which empowers customers to easily understand the cumulative vulnerabilities impacting an asset’s risk, how to prioritise remediation efforts accordingly and to model and refine their risk scoring based on their specific needs. Claroty aids threat intelligence by continuously updating indicators of compromise (IoCs) and signatures as they are being discovered, as well as automatically flagging behavioural anomalies.  All of these capabilities and more from SaaS and on-premise deployment options to Zero Trust controls for network segmentation and secure remote access are augmented by Claroty’s 24/7 customer support and extensive partner network of 600+ resellers globally.

Global transportation networks are becoming increasingly interconnected, with digital systems playing a crucial role in ensuring the smooth operation of ports and supply chains. However, this reliance on technology can also create vulnerabilities, as demonstrated by the recent ransomware attack on Nagoya Port. As Japan's busiest shipping hub, the port's operations were brought to a standstill for two days, highlighting the potential for significant disruption to national economies and supply chains.  Transportation sector  The attack began with the port's legacy computer system, which handles shipping containers, being knocked offline. This forced the port to halt the handling of shipping containers that arrived at the terminal, effectively disrupting the flow of goods. The incident was a stark reminder of the risks associated with the convergence of information technology (IT) and operational technology (OT) in ports and other critical infrastructures.  This is not an isolated incident, but part of a broader trend of escalating cyber threats targeting critical infrastructure. The transportation sector must respond by bolstering its defences, enhancing its cyber resilience, and proactively countering these threats. The safety and efficiency of our transportation infrastructure, and by extension our global economy, depend on it.  Rising threat to port security and supply chains  XIoT, from sensors on shipping containers to automatic cranes, are vital to trendy port functions OT, once isolated from networked systems, is now increasingly interconnected. This integration has expanded the attack surface for threat actors. A single breach in a port's OT systems can cause significant disruption, halting the movement of containers and impacting the flow of goods. This is not a hypothetical scenario, but a reality that has been demonstrated in recent cyberattacks on major ports.  Adding another layer of complexity is the extended Internet of Things (XIoT), an umbrella term for all cyber-physical systems. XIoT devices, from sensors on shipping containers to automated cranes, are now integral to modern port operations. These devices are delivering safer, more efficient automated vehicles, facilitating geo-fencing for improved logistics, and providing vehicle health data for predictive maintenance. XIoT ecosystem  However, the XIoT ecosystem also presents new cybersecurity risks. Each connected device is a potential entry point for cybercriminals, and the interconnected nature of these devices means that an attack on one, which can move laterally and can have a ripple effect throughout the system.  The threat landscape is evolving, with cybercriminals becoming more sophisticated and their attacks more damaging with a business continuity focus. The growing interconnectivity between OT and XIoT in port operations and supply chains is also presenting these threat actors with a greater attack surface. Many older OT systems were never designed to be connected in this way and are unlikely to be equipped to deal with modern cyber threats. Furthermore, the increasing digitisation of ports and supply chains has led to a surge in the volume of data being generated and processed. This data, if not properly secured, can be a goldmine for cybercriminals. The potential for data breaches adds another dimension to the cybersecurity challenges facing the transportation sector.  Role of cyber resilience in protecting service availability  Cyber resilience refers to organisation's ability to prepare for, respond to, and recover from threats As the threats to port security and supply chains become increasingly complex, the concept of cyber resilience takes on a new level of importance. Cyber resilience refers to an organisation's ability to prepare for, respond to, and recover from cyber threats. It goes beyond traditional cybersecurity measures, focusing not just on preventing attacks, but also on minimising the impact of attacks that do occur and ensuring a quick recovery.  In the context of port operations and supply chains, cyber resilience is crucial. The interconnected nature of these systems means that a cyberattack can have far-reaching effects, disrupting operations not just at the targeted port, but also at other ports and throughout the supply chain. A resilient system is one that can withstand such an attack and quickly restore normal operations. Port operations and supply chains The growing reliance on OT and the XIoT in port operations and supply chains presents unique challenges for cyber resilience. OT systems control physical processes and are often critical to safety and service availability. A breach in an OT system can have immediate and potentially catastrophic physical consequences. Similarly, XIoT devices are often embedded in critical infrastructure and can be difficult to patch or update, making them vulnerable to attacks.  Building cyber resilience in these systems requires a multi-faceted approach. It involves implementing robust security measures, such as strong access controls and network segmentation, to prevent attacks. It also involves continuous monitoring and detection to identify and respond to threats as they occur. But perhaps most importantly, it involves planning and preparation for the inevitable breaches that will occur, ensuring that when they do, the impact is minimised, and normal operations can be quickly restored.  Building resilience across port security and supply chains   In the face of cyber threats, the transport sector must adopt a complete method of cybersecurity In the face of escalating cyber threats, the transportation sector must adopt a comprehensive approach to cybersecurity. This involves not just implementing robust security measures, but also fostering a culture of cybersecurity awareness and compliance throughout the organisation.  A key component of a comprehensive cybersecurity strategy is strong access controls. This involves ensuring that only authorised individuals have access to sensitive data and systems. It also involves implementing multi-factor authentication and regularly reviewing and updating access permissions. Strong access controls can prevent unauthorised access to systems and data, reducing the risk of both internal and external threats. Network segmentation Network segmentation is another crucial measure. By dividing a network into separate segments, organisations can limit the spread of a cyberattack within their network. This can prevent an attack on one part of the network from affecting the entire system. Network segmentation also makes it easier to monitor and control the flow of data within the network, further enhancing security.  Regular vulnerability assessments and patch management are also essential. Vulnerability assessments involve identifying and evaluating potential security weaknesses in the system, while patch management involves regularly updating and patching software to fix these vulnerabilities. These measures can help organisations stay ahead of cybercriminals and reduce the risk of exploitation.  EU’s NIS2 Directive EU’s NIS2 Directive came into effect, and member states have until October 2024 to put it into law The transportation sector must also be prepared for greater legislative responsibility in the near future. The EU’s NIS2 Directive recently came into effect, and member states have until October 2024 to put it into law. The Directive aims to increase the overall level of cyber preparedness by mandating capabilities such as Computer Security Incident Response Teams (CSIRTs). Transport is among the sectors labelled as essential by the bill, meaning it will face a high level of scrutiny. Getting to grips with the complexities of XIoT and OT integration will be essential for organisations to achieve compliance and avoid fines. Global transportation infrastructure Finally, organisations must prepare for the inevitable breaches that will occur. This involves developing an incident response plan that outlines the steps to be taken in the event of a breach. It also involves regularly testing and updating this plan to ensure its effectiveness. A well-prepared organisation can respond quickly and effectively to a breach, minimising its impact and ensuring a quick recovery.  In conclusion, mastering transportation cybersecurity requires a comprehensive, proactive approach. It involves implementing robust technical measures, fostering a culture of cybersecurity awareness, and preparing for the inevitable breaches that will occur. By taking these steps, organisations can enhance their cyber resilience, protect their critical operations, and ensure the security of our global transportation infrastructure.