sb-as logo
Story image

Claroty adds remote incident management to OT security capabilities

05 Nov 2020

Claroty has recently onboarded remote incident management to its OT security platform as a response to the heightened security requirements as part of the shift to remote work.

Claroty says it updated the platform to help cybersecurity teams detect, investigate, and respond to security incidents within OT networks - no matter where team members are located.

The company also says that while IT and OT networks were already converging as part of the evolution of digital transformation, COVID-19 and the shift to remote work has help to speed up this convergence, leading to an expanded attack surface.

“Arming cybersecurity teams with the ability to detect, investigate, and respond to not only asset-based attacks, but also to identity-based attacks, is at the heart of the new enhancements to The Claroty Platform,” says Claroty chief product officer Grant Geyer. 

“Our customers can now further evolve their OT security posture, strategy, and workflows for a variable work environment while enduring adversarial activity and whatever else they might encounter on the network.”

New features cover detection, investigation, and response. These help teams to adapt monitoring, inspection, and response management from either on-premise or remotely. 

Detection:  The Claroty Platform gives teams an early advantage with the ability to identify and differentiate authorised remote user activity from unauthorised ones that could impact process integrity.

When users receive an alert from CTD, Claroty’s Wisdom of the Crowd capability utilises information from similar events across Claroty’s customer base to provide context into the potential impact of the alert, enabling users to respond.

Investigation: The increase in both teleworking and malicious activity demands quicker identification in a remote setting. Claroty’s platform arms SOC teams with full visibility into remote user activity, insight into how indicators detected on the network have manifested in other areas, the ability to investigate incidents from any location, and greater context around the business criticality and process values of assets involved in such incidents.

This minimises the need for onsite staff while optimising investigations with enriched assets, including both live SRA sessions including full-length video recordings, as well as threat alerts with reputational context from the Claroty community.

Response: An integrated interface and the ability to disconnect potentially harmful OT remote sessions, minimising the need for onsite staff and expediting remedial activities.

Integrations with ServiceNow and Swimlane enable teams to manage all IT and OT alerts from a single access point within the respective platforms. This allows organisations to adapt their OT incident response function and workflows for a remote or hybrid workforce.