Success Stories: Managing OT Risk & Preserving Integrity with Claroty Secure Remote Access
By Michal Erel | October 22, 2020
In early 2020, enterprises worldwide faced the unanticipated challenge of quickly pivoting to remote operations at the onset of the COVID-19 pandemic. For many, this was a wake-up call that shed a spotlight on their organization’s lack of secure remote access capabilities, particularly with regards to operational technology (OT).
Many security decision makers quickly identified the need for a solution that would enable OT personnel to monitor connections, enforce privileged access control, and meet auditing and compliance requirements while working from home. However, when it comes to secure remote access, OT has some unique requirements and challenges that differentiate it from IT.
VPN- and gateway-based remote access remain popular for IT use cases, and while many of these solutions have improved with next-generation software-defined perimeter (SDP) features, they are ill-suited to OT environments due to their limited access controls and lack of monitoring and auditing capabilities. Furthermore, traditional VPNs and gateways inadvertently expand an organization’s attack surface and present adversaries with a potential point of entry via stolen credentials or internet-facing vulnerabilities.
Secure-by-Design Remote Access for OT
Understanding the specific requirements of OT environments and the limitations of existing VPN, gateway, SDP offerings on the market, Claroty set out to create a secure remote access solution for OT that offers the highest security measures with efficiency and operability in mind. In fact, Claroty Secure Remote Access (SRA) is the industry’s only solution that is purpose-built for OT and fully integrated as a native component of a comprehensive OT security platform.
Claroty SRA was designed with the following security infrastructure principles in mind:
Data at Rest: Password vault data for user access and asset data is stored and encrypted in the Claroty database using AES-256 and hashed using SHA-256.
Data in Transit: SRA splits data in transit between two encrypted tunnels in a manner that reduces the attack surface by removing direct connectivity between remote users and OT assets.
In addition, Claroty SRA’s myriad features support adherence to OT security best practices, including architecting according to the Purdue Model, applying the principle of least privilege, and using role-based access control, password-vaulting, and GDPR-compliant auditing/forensics.