SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Claroty and CrowdStrike form partnership to protect industrial control system environements
Thu, 26th Nov 2020
FYI, this story is more than a year old

A partnership has been announced between Claroty and CrowdStrike, resulting in an integration between the Claroty Platform and the CrowdStrike Falcon platform.

The integration will deliver visibility into industrial control system (ICS) networks and endpoints, with a one-stop-shop for information technology (IT) and OT asset information directly within The Claroty Platform.

ICS threats can be detected across the IT/OT boundary without the need for added connectivity, signature reconfiguration, or manual updates — resulting in more efficient IT/OT security governance, according to the two partnering companies.

With the great shift to remote working due to COVID-19 restrictions, IT and OT have converged even further, and digital transformation has caused once-isolated OT networks to become interconnected with the rest of the enterprise through the IT network.

These conditions have expanded the attack surface within ICS networks, giving threats such as ransomware clear pathways across the IT/OT boundary.

“In 2020, the top sector being hit with ransomware is manufacturing,” says Rockwell Automation CISO and vice president of global security Dawn Cappelli.

“It is imperative that we secure the converged IT/OT environment, and the integration of Claroty and CrowdStrike brings two of the top security technologies together to do just that.

The integration delivers IT/OT visibility and threat detection for ICS networks through Claroty's OT expertise and monitoring technology, as well as CrowdStrike's IT endpoint telemetry.

“Effectively protecting modern ICS networks requires IT and SOC teams to have a complete inventory of both IT and OT assets, as well as the ability to detect, assess, and mitigate threats and the corresponding risks they face,” says CrowdStrike vice president of worldwide alliances, channels and business development Matthew Polly.

“This integration with Claroty allows our customers to leverage the CrowdStrike Falcon platform to improve the security posture of their OT environments, bridging the gap between IT and OT.

Key capabilities include:

Threat detection

The combined solution marries CrowdStrike's ability to identify targeted and compromised endpoints with Claroty's extensive OT monitoring capabilities. This has resulted in an actionable IT/OT threat signature database for ICS networks.

All signatures can be immediately pushed from the Claroty Platform's Enterprise Management Console (EMC) to all connected sites.

Asset discovery and enrichment

Claroty can automatically identify and enrich IT-oriented ICS assets, such as human machine interfaces (HMIs), historian databases, and engineering workstations (EWs), in which a CrowdStrike agent is installed.

Claroty fetches the IT-specific properties from the asset as well as the unique manufacturer configuration file from CrowdStrike and then parses that file, without needing to connect to the ICS network.

“One of the most impactful benefits of The Claroty Platform is that it can leverage existing IT security infrastructure to protect OT assets and networks,” says Claroty co-founder and chief business development officer Galina Antova.

“This particular integration is uniquely beneficial to Claroty customers because it is the first in which data flows into The Claroty Platform rather than from it, making it a comprehensive repository of both IT and OT asset information.

“We are very proud to join forces with CrowdStrike to make our comprehensive OT security capabilities more accessible to IT and SOC teams, at a time when they are entrusted with protecting OT more than ever before.