Claroty possesses the right executive team, the right technology, at the right time to leverage the burgeoning, yet underserved critical infrastructure protection market.
This represents the third time that vendors have attempted to tackle industrial control system (ICS) cybersecurity challenges: first with legacy IT security products, and then with IT point solutions retrofitted for ICS environments.
Neither approach addressed core ICS cybersecurity issues, did not work in the very different ICS environment, and did not foster the necessary dialogue between OT and IT teams that is essential for effective OT security – a market which Gartner predicts will double by 2020.
Exiting stealth in September with $32 million in venture capital from marquee investors including Bessemer Venture Partners and Eric Schmidt’s Innovation Endeavors, Claroty enters the market as the most substantially funded ICS cybersecurity startup.
The company boasts one of the deepest teams in both IT and OT security, with executives hailing from world-renowned organizations including Siemens, IBM, Waterfall Security, Palo Alto Networks, iSIGHT Partners (FireEye), ICS2 and Industrial Defender. And its flagship offering, the Claroty Platform, was born from this combined ICS, SCADA and cybersecurity expertise.
Already differentiating itself from the competition, Claroty had achieved several significant customer milestones well before its official company launch.
To date, Claroty has secured multiple seven-figure deals, and the Claroty Platform has been implemented in complex enterprise-class production environments for more than 11 months.
But it’s worth revisiting some history to truly understand how Claroty came into being and why it’s uniquely positioned for success.
Since the disclosure of Stuxnet more than six years ago, critical infrastructure vulnerability reports have exploded, and many security events – both new and old – have been classified as cyberattacks.
From the Ukraine Power grid to a German steel mill and even a dam in upstate New York, examples of critical infrastructure compromises are growing every day – and in some cases being discovered or revealed years after the fact.
While “cyberwar” and nation-state attacks grab headlines, there are many other threats to OT infrastructures that are often overlooked and can be just as damaging – from competitive sabotage, to IP theft or espionage, and even human errors that can severely impact systems and the critical production processes they support.
This increasing risk is driving the need for deeper insight and specialized products for OT security.
Traditionally, OT systems – ICS, SCADA and other critical networks – were architected with safety and resilience as the key goals.
Security was not typically a primary design principle or objective.
Today, to meet business objectives, OT systems are rapidly being connected with IT systems like ERP or data analytics – providing another attack vector and eliminating the “air gap” that long existed between the two systems.
Compounding matters, historically, there has been very little collaboration between IT security and OT groups.
Since these teams use different systems there was no “common operational picture” of the OT environment.
And while OT staffs may have a window into segments of these complex, multivendor environments, traditional ICS vendor tools did not offer visibility across the entire OT environment, and were neither available nor useful to IT security.
Claroty was founded not just to bridge the gap between OT and IT, but with a mission to secure and optimize the industrial control networks that run the world.
While many legacy cybersecurity companies claim they can apply traditional IT security to OT systems, the reality is that everything about OT – from protocols to staff – is different and requires technology specifically designed for the mission.
Introduced last month, the Claroty Platform is the most comprehensive cybersecurity platform purpose-built for OT networks.
Built from the ground up with an unprecedented ability to safely monitor ICS, SCADA and other critical OT networks, the Claroty Platform uncovers previously hidden issues and alerts cybersecurity teams and system operators to malicious attacks and process integrity issues that may impact industrial operations.
Importantly, Claroty generates alerts that are context-rich, summarizing multiple associated events into a single robust notification that tells the whole story and enables rapid investigation and response.
Available now, the Claroty Platform is supported by more than 45 experts, including an elite management team and an unrivaled ICS security research organization that comprises the “top 1% of the 1%” from a special Israeli Defense Force cyberunit.
The features that distinguish the Claroty Platform from other products include:
- In contrast to tools that only cover control system assets in Level 3 and 4 of the Purdue Enterprise Reference Architecture, the Claroty Platform provides unmatched visibility into assets and communications across each level of the OT environment – from the lowest layers where sensors, actuators, pumps and other devices are controlled and monitored by specialized hardware, up to the layers that run on commodity hardware and operating systems (Windows, Unix, etc.).
- Notably, it is the only product that unveils hidden interfaces and dependencies between OT and IT assets.
- Claroty inspects the largest number of industrial control protocols, with support for both open and proprietary protocols from vendors including Siemens, Rockwell Automation/Allen Bradley, Yokogawa, Emerson, GE, Schneider Electric, Mitsubishi, Honeywell, ABB and more.
- Claroty constantly monitors all communication within an industrial control network, in contrast to other tools that use periodic queries that can easily miss significant network events or important changes to critical assets.
Superior Anomaly Detection
- With this extreme visibility, Claroty is able to create high-fidelity models and employ advanced behavioral algorithms to detect potential attacks and noteworthy changes that can adversely impact operations – including a variety of security attacks and environmental changes that could harm system integrity or damage industrial processes.
‘Do No Harm’ Passive Monitoring Approach
- Unlike other tools that use “active” queries – which can miss important events or potentially break OT equipment – or simply have blind spots at the lower OT layers, Claroty employs “passive” deep packet inspection (DPI) that is safe for all devices within OT environments.
- Claroty is optimized for complex, real-world OT networks that often have constrained bandwidth or even unreliable network links. The system also features an enterprise console that consolidates information from multiple geographically distributed sites.
Underscoring Claroty’s early customer success, a CISO from a global Fortune 100 organization explains his engagement with the company: “We are using Claroty to add security monitoring to our control systems around the world – an important part of our business where security was not previously thought of or architected in.”
“We selected Claroty to give us greater visibility into the shop floor environment – both the assets that are there and the activities taking place. Equipped with this additional visibility we are able to increase productivity and make process improvements in addition to enhance security.”
Market research analysts are also lauding Claroty’s approach.
In April, Claroty was named a “Cool Vendor” in Gartner’s “Cool Vendors in Smart City Application Solutions, 2016.”
The firm noted that what makes the company cool is the Claroty Platform, “which detects suspicious and/or anomalous system activity within industrial environments in real-time for rapid mitigation, a requirement for most event-driven industrial systems.”
To learn more, please visit https://www.claroty.com