Continuous Threat Detection

Segmentation is an essential industrial cybersecurity control, but traditional means of segmenting industrial networks are prohibitively costly, time-intensive, and typically require considerable downtime. CTD’s Virtual Zones feature changes this. Here’s how:

• CTD uses AI to segment your entire network into Virtual Zones, which are policy-defined groups of assets that communicate with one other under normal circumstances.
• If you lack physical or logical segmentation, you can use Virtual Zones as a cost-effective, efficient alternative that offers comparable capabilities at a fraction of the cost.
• If you are seeking to implement physical or logical segmentation due to regulatory requirements or other purposes, you can significantly accelerate these initiatives by using Virtual Zones as the blueprint.
• Malicious or otherwise abnormal activity that violates Virtual Zones policies will immediately trigger an alert that is contextualized and scored based on risk to support prioritization and response efforts.
• You can easily integrate CTD with your existing firewalls and NAC solutions to proactively enforce Virtual Zones policies and automatically mitigate active attacks.

Unpatched vulnerabilities and other security weaknesses are uniquely prevalent in industrial networks due to their visibility limitations, tendency to rely on legacy systems, and limited windows when patching can occur. These characteristics create a considerable amount of inherent risk that can be difficult to grasp, much less manage. Here’s how CTD can help:

• CTD compares the granular details of each industrial asset to an extensive database of insecure protocols, misconfigurations, and vulnerabilities tracked by Claroty, as well as to the latest CVE data from The NVD, to rapidly pinpoint your network’s vulnerabilities with unmatched precision.
• Vulnerability alerts triggered by CTD are automatically contextualized and scored based on the unique risk they pose to your specific network, enabling you to more easily and effectively prioritize and remediate or otherwise compensate for those that matter most.
• CTD’s Attack Vector Mapping feature uses AI to analyze all vulnerabilities and corresponding risks in your network to determine the likeliest paths through which an attacker could compromise it. This information further enhances your ability to focus on the vulnerabilities that matter most.
• The CTD Enterprise Management Console (EMC) includes Global Custom Attributes, a feature that enables you to enrich assets across all sites with custom-defined attributes such as business criticality, asset owner, and other context to drive prioritization and remediation efforts.
• All of CTD’s risk and vulnerability management capabilities are backed by the award-winning Claroty Research Team. As the market leader in industrial vulnerability disclosures, the team was the first to develop, release—and make immediately available to Claroty customers—signatures for the notorious Ripple20, Wibu, and the threat actors that target these vulnerabilities.

No industrial network is immune to threats, so being able to detect and respond to them quickly and effectively when they surface is imperative. It is also difficult due to the unique specifications of industrial networks and the threats that target them. CTD empowers you with a resilient threat detection model that circumvents these challenges. Here’s how:

• CTD monitors your network for all five signs of potential threats, which include:
  • 1. Early indicators of attack, such as abnormal DNS scans or failed login attempts
  • 2. The presence of known threat signatures via the latest Snort and YARA rules, including proprietary ones developed by The Claroty Research Team
  • 3. Behavioral anomalies associated with zero-day attacks, such as atypical communication between assets
  • 4. Engineering operations associated with advanced persistent threat (APT) activity, such as unexpected process value changes
  • 5. Any activity or indicator that meets your custom-defined criteria
• CTD automatically weeds out false positives and consolidates all interrelated events into a single alert. Not only does this help optimize your prioritization and response, but it also reduces alert fatigue and gives you more time to focus on the threats that matter most.
• Powered by The Claroty Cloud, CTD’s Wisdom of the Crowd feature enriches alerts with reputational context culled from similar events observed across Claroty’s vast customer base. This rapid insight into the validity of an incident can help further optimize your prioritization and response efforts.
• CTD is fully integrated with Secure Remote Access (SRA) to form our platform, which means you can detect and respond to incidents related to SRA users’ activity directly from the EMC. If a remote user makes an unauthorized change, you will have the option to monitor and disconnect that user’s session.
• Since these capabilities are all fueled by the renowned Claroty Research Team, you will always have the latest threat signatures and remediation guidance both at your fingertips and built-in to your industrial network’s defenses.