Introducing The CrowdStrike-Claroty Joint Solution
By Grant Geyer | November 19, 2020
As digital transformation initiatives spanning IT and OT environments create new cyber risk vectors in industrial enterprises and critical infrastructure organizations, shared context is more crucial than ever for maintaining a strong security posture. Effectively protecting these once-segregated environments now requires bridging the gap between the unique security needs and cultural differences of IT and OT. Giving our customers more venues for achieving these synergies is largely what motivated our new partnership with cloud-delivered endpoint protection leader CrowdStrike.
Announced today, The CrowdStrike-Claroty Joint Solution fuses The Claroty Platform’s unmatched OT asset discovery and threat detection capabilities with CrowdStrike Falcon’s leading endpoint telemetry and vast install base to deliver full-spectrum IT/OT visibility and threat detection coverage for industrial networks. Highlights include:
Extensive IT/OT visibility and a single source of truth for all IT and OT asset information, directly within The Claroty Platform
Enhanced detection capabilities for threats that cross the IT/OT boundary
Increased ROI of customers’ existing investments in The Claroty Platform and CrowdStrike Falcon
Use Case 1: Asset Discovery & Enrichment
By combining both endpoint and network sources, the solution enables Claroty to automatically identify and enrich IT-oriented industrial assets such as human-machine interfaces (HMIs), historians, and engineering workstations (EWs) on which a CrowdStrike agent is installed. Claroty does this by fetching these assets’ configuration files from CrowdStrike Falcon and parsing those files via Claroty AppDB to obtain in-depth information about each asset without having to directly connect to the industrial network.
All of this information populates directly within The Claroty Platform. As a result, users not only gain a single source of truth for their IT/OT assets — but also even greater visibility into their isolated OT environments. This extensive caliber of visibility serves as a solid and crucial foundation for superior threat detection and vulnerability management capabilities.
Use Case 2: Threat Detection
The CrowdStrike-Claroty Joint Solution also includes the combined databases of both proprietary and open-source YARA and Snort signatures from Claroty and CrowdStrike, thereby empowering users with the industry’s largest IT/OT threat signature database. All signatures can be automatically executed in a user’s environment via The Claroty Platform without manual reconfiguration, as well as pushed to all connected sites in just one click. This enables users to leverage their existing tools to seamlessly enhance and scale their detection capabilities, minimize false positives, and surface even more potentially malicious events across their organization’s entire industrial environment.