Inside Claroty’s Exposure Management Capabilities for Cyber-Physical Systems
Learn More
SPA FRE ITA POR 日本語 简体中文 繁體中文 한국어
Request a Demo Free Trial
Claroty Toggle Search

Blog / 1 min read

CISO Series: OT Vulnerability Prioritization

Galina Antova
/ May 18th, 2020

When it comes to administering security patches for security flaws within your operational technology (OT) environment, risk should be your north star guiding all decisions. As I discussed at length in a previous blog, visibility is the foundation of OT vulnerability management, but that's just the first step.

Once you have pinpointed which common vulnerabilities and exposures (CVEs) are present on which OT assets, you must evaluate the likelihood and potential impact of exploitation for each CVE and set your priorities accordingly. In doing so, however, you will need to overcome some fundamental challenges related to OT vulnerability patch prioritization:

Patching OT Assets is Costly and Disruptive

The costs of administering security patches is particularly high in the realm of OT security, which does not benefit from the wealth of automated patch management solutions available for IT environments. Oftentimes, OT patches must be tested on individual devices—demanding substantial employee hours and system downtime. This severely limits patching capacity in an OT context, so teams must be able to accurately discern which vulnerabilities pose the greatest risk and focus their efforts accordingly. In many cases, patching is simply not an option due to uptime and availability requirements, so compensating technical controls must be put in place as an alternative.

Vulnerability Risk Depends on Situational Factors

The extent to which a particular vulnerability poses risk to an OT environment varies on a case-by-case basis. Unique network characteristics can influence the likelihood and potential impact of a vulnerability being exploited, but assessing these factors is a complex, nuanced, and technically demanding endeavor. As such, many OT security solutions simply define a vulnerability's risk based on its CVE criticality score, which does not take situational context into account.

The newly enhanced Claroty Platform addresses these challenges with its risk scoring capabilities, assessing the level of risk a particular vulnerability poses with your OT environment based on the unique context and specific circumstances. Risk scoring is complemented by Claroty's Attack Vector Mapping feature, which identifies and visualizes which vulnerabilities pose the greatest risk to which critical assets. With the latest Claroty Platform 4.1 enhancements, users can now see potential attack vectors ranked by level of risk pose, providing users with a clear sense of their priorities for taking the most effective course of action. Users can also leverage Claroty's Hygiene Score to assess the security of their OT environment on a holistic level over time, with the ability to discover how vulnerabilities, security controls, threats, and other variables affect their overall posture.

Stay in the know

Get the Claroty Newsletter

Share
LinkedIn Twitter Facebook

Featured Articles

Resource Library

Interested in learning about Claroty's Cybersecurity Solutions?

Request a Demo
Claroty
LinkedIn Twitter YouTube Facebook