New Claroty & Cisco Integrated Solution for OT Security
September 2018 by Emmanuelle Lamandé
Cisco and Claroty Partner to Provide Deep Visibility and Monitoring for Industrial Control Networks.
This new solution combines Continuous Threat Detection, Claroty’s advanced visibility, and real-time monitoring technology for OT networks, with Cisco Identity Services Engine (ISE) and Firepower–to extend visibility deep into the lowest levels of industrial networks and enabling dynamic, automated, and active threat protection for OT environments. This powerful, integrated solution addresses several important OT network protection use cases including:
Deep Visibility into Industrial Networks – Claroty safely and automatically discovers all assets across industrial networks, including SCADA and DCS environments, without the need for agents. The system monitors SPAN traffic and leverages the advanced industrial network protocol dissectors in the CoreX engine to automatically identify and classify industrial assets. The system identifies detailed configuration information and automatically classifies the different types of industrial assets–from Human Machine Interfaces (HMIs), Programmable Logic Controllers (PLC) and Remote Terminal Units (RTU), which are the backbone of industrial networks, to ancillary devices like Engineering Workstations, Historians and more. The system provides comprehensive details about the assets, the protocols used to communicate, the various assets they are talking to and details about the actual OT conversations taking place.
Automated Policies – this extreme level of visibility into OT networks is not an end goal itself. Through integration with pxGrid, Cisco customers can ingest asset details into ISE and leverage this rich asset data to create new policies that are fine-tuned for industrial networks. This integration also enables ISE to automate policy management– applying preset policies for new assets that appear based on the asset type and other details. For example, ISE can generate policies for PLCs or RTUs that are running firmware with known vulnerabilities (CVEs) or access policies that can be tuned for the different levels of risk posed by devices such as Human Machine Interfaces (HMIs) and Programmable Logic Controllers (PLCs) or Remote Terminal Units (RTUs) which monitor and control industrial processes.
Expanded Threat Protection – with comprehensive information about individual OT assets, plus details about application-level communication patterns using industrial protocols, customers can create or automate the creation of advanced firewall rules. Using Claroty’s virtual zones capability, which automatically creates logical groups of assets (zones) based on the communications patterns between assets, customers have the Firepower rules necessary to implement zone-to-zone micro-segmentation for dramatically enhanced threat protection. This detailed knowledge about industrial assets and their communications patterns also enables customers to adjust Firepower’s threat detection and prevention to meet the unique requirements of each OT environment.
Comprehensive Vulnerability Management – Continuous Threat Detection also pinpoints which industrial assets have known vulnerabilities and the integration enables ISE or Firepower to ingest this data and automatically apply additional protection rules.