Full visibility, continuous threat detection & secure remote access for ICS/OT assets
The Claroty Platform is a complete industrial cybersecurity solution that comprises Claroty’s Continuous Threat Detection (CTD), Secure Remote Access (SRA), and Edge technologies. The platform seamlessly integrates with any industrial environment regardless of its scale, architecture, or the maturity of existing cybersecurity programs. Highly flexible and rapid deployment options enable The Claroty Platform to reveal and protect all OT, IoT, and IIoT assets within the network while automatically detecting the earliest indicators of threats to those assets via proprietary detection technologies. Further extending the value of these controls, Claroty maintains a vast integration ecosystem, robust API, and employs the industry’s only solution for integrated remote incident management capabilities that span the entire incident lifecycle.
Continuous Threat Detection (CTD)
Rapidly discovers and manages all assets to deliver full industrial network visibility
Detects known & zero-day threats and behavioral and operational anomalies in real-time
Minimizes risk introduced by remote & third-party users
Enforces IT/OT security best practices in accordance with Zero Trust & Least Privilege principles
Provides over-the-shoulder monitoring of all OT remote sessions for unauthorized changes, live troubleshooting, & emergency disconnections
Enables ongoing auditing for maintenance, compliance, & forensic purposes
Offers highly available, flexible configuration options, as well as directory services and antivirus solution Integrations
Claroty Edge
Provides nearly instantaneous visibility into all OT, IoT, and IT assets in an industrial environment
Enhances the speed, ease, and effectiveness with which risks & vulnerabilities can be identified and managed
No hardware, network changes, configuration, or any physical footprint required
Suitable for any network, regardless of geographical spread or architecture
Helps optimize incident response efforts including impact assessments, scoping, and postincident forensics
Excels in providing detailed information, instantly, for audit & compliance or M&A due diligence purposes.
Reveal
Effective industrial cybersecurity starts with knowing what needs to be secured. The Claroty Platform supports the industry’s most comprehensive list of protocols found in industrial environments; these include an unmatched range of both proprietary and standard OT, IoT, IIoT, BMS, and IT protocols. This in-depth understanding of network communication provides unparalleled asset, network, and process visibility:
Asset Visibility
encompasses all devices on an industrial network, including serial networks, as well as extensive attributes about each device such as model number, firewall version, and custom asset attributes.
Network Visibility
includes all network sessions, including remote access, along with their bandwidth, actions taken, changes made, and other relevant details.
Process Visibility
tracks all OT operations, as well as the code section and tag values of all processes with which industrial assets are involved.
Protect
The Claroty Platform provides insights into the inherent risks present within a network. These include things like critical vulnerabilities and misconfigurations, poor security practice among staff and vendors, and unreliable, unmonitored, and inefficient remote access mechanisms. This empowers users to not only identify and prioritize these areas of risk, but to deploy proactive controls and mitigations to manage network exposure.
Virtual Zones
Automatic virtual network segmentation based on network communication under normal circumstances, creating a cost-effective alternative to physical segmentation and provides a mechanism for real-time alerts to cross-zone violations.
Attack-Vector Mapping
Identifies and analyzes vulnerabilities and risks within the industrial environment to calculate the most likely scenarios in which an attacker could compromise the network.
Remote Access Control
SRA uses a combination of multi-factor authentication, use-and-group-based tiered access permissions, and just-in-time provisioning to strictly control, monitor, and streamline remote access onto the network.
Detect
Claroty’s resilient threat detection model profiles all assets, communications, and processes in the industrial network to establish the fine-grain behavioral baselines that empower our five threat.detection engines. The Claroty Platform equips enterprises with the ability to respond quickly and effectively when alerts surface, providing the context and information required to save minutes in situations where seconds count.
Claroty Threat Detection Engines
Anomaly Detection
Security Behaviors
Known Threats
Operational Behaviors
Custom Rules
Powered by the latest threat intelligence, Claroty continuously monitors for both known and unknown threats, automatically weeding out false positives, linking related alerts into a chain of events, and providing clear directions on how to mitigate threats before they impact operations.
Contextual Alert Risk Scoring:
A single metric produced by a unique algorithm to provide context around the circumstances that trigger each alert.
Root Cause Analysis:
All events related to the same attack or incident are grouped into a single alert to provide a consolidated view of the chain of events, as well as a root-cause analysis.
Remote Session Monitoring & Auditing:
OT remote sessions can be monitored live and full-length recordings can be easily audited.
Connect
Interconnectivity across enterprises has resulted in the rise of converged IT/OT industrial networks with complex and expanded attack surfaces. The Claroty Platform removes the barriers that have long limited industrial networks from being securely and effectively connected to what enables the rest of the business, resulting in more efficient operations and a lowered total cost of ownership through integration synergies
Integration Ecosystem
Claroty maintains a broad range of IT security tools such as SIEM, SOAR, and CMDB solutions, simplifying system management and reducing the industrial cybersecurity learning curve.
API Explorer
Built on the Swagger framework, the API Explorer empowers users to harness the vast amount of network information provided by CTD to build custom feeds like asset reports, alert feeds, and system status reports outside of the Claroty environment.
Claroty Edge & CTD.Live
The instant visibility into assets and network risks provided by Edge paired with the cloud-based report-building capabilities of CTD.Live help to connect an organization’s cybersecurity program with its governance, enterprise-wide risk, and compliance programs.
