The importance of information systems security is growing in direct proportion to the rapidly increasing number of attacks on information systems and the ever-increasing volume of damage caused by these attacks.
Industrial command and control systems are a large and most underestimated area in terms of safety. In recent years, there has been a clear exponential increase in the number of cyber-attacks on industrial command and control systems. In the case of essential services and critical infrastructure, these types of attacks represent a serious threat with the risk of extremely high economic damage and impact on society as a whole.
It is therefore essential to take appropriate security measures that reflect current security threats and trends in the field of information and industrial security with the possibility of a direct impact on a particular company or its information system. The effectiveness and adequacy of the measures taken are directly related to the risk analysis of the information system.
Safe, reliable and efficient operations
The Claroty solution is configured to provide secure and reliable log and data collection operations in large complex industrial networks. It is fully tuned to support and understand OT infrastructure components, their technical constraints, including operations with limited computing power and communications over narrow bandwidth links.
By deploying an Intrusion Detection System in a production facility, the enterprise gains immediate visibility into non-standard behavior on the OT network. In the first month, the system can detect several potential security incidents and vulnerabilities that would otherwise go unnoticed.
The solution provides in-depth visibility and extreme detection capabilities in complex OT environments. The goal is to continuously analyze network traffic and logs to detect cybersecurity anomalies, monitor and collect data from other data sources deployed across the entire industrial network, all in real-time.
Implementation of the solution in the enterprise environment
The implementation of the solution consisted of three separate phases. In the first phase, a detailed cyber security assessment of the OT environment is performed. The result of the audit is to identify and prioritize cybersecurity areas according to urgency in terms of the requirements of the Cyber Law and related decrees, as well as in terms of cyber risks and threats that could threaten the operation of information as well as production processes.
The second phase consists of designing the architecture and solution of security monitoring for the OT environment, its implementation and launching the operation of the pilot solution at selected sites. Once the monitoring and operations are fine-tuned, the solution is deployed to other uncovered sites, maximizing the ability to intercept and detect hidden security threats that could cause problems for the enterprise in the future. In the event of a cyber security threat, the enterprise-side security team is immediately notified of this potential risk, can pinpoint the affected devices, and is prepared to take corrective action across the environment as soon as possible.
Purpose of security measures
Claroty is designed to address the specific challenges and risks to OT networks, combining a deep understanding of the ICS domain with offensive cybersecurity know-how. The solution monitors the OT network, leveraging a unique combination of signatures, purpose-built models of OT behavior, and proprietary anomaly detection capabilities to immediately detect and provide actions to human errors, network failures, or malicious activity. By correlating information across the network, the solution provides organizations with the situational awareness they need to identify the root cause of incidents and changes so that cyber risks can be mitigated.
