Continuous Threat Detection
As the foundation of The Claroty Platform, Continuous Threat Detection (CTD) provides full visibility and fundamental security controls for OT environments.
The CTD Difference
See, protect, and defend your OT environment
CTD leverages unmatched OT protocol coverage and Passive, Active, and AppDB scanning capabilities to deliver complete OT visibility and asset management controls. Claroty is the only vendor to offer visibility into all three variables of risk in OT environments:
- Asset visibility: All devices on OT networks, including serial networks, as well as extensive attributes about each device
- Network Visibility: All OT network sessions and their bandwidth, actions taken, changes made, and other relevant details
- Process visibility: All OT operations and the code section and tag values of all processes related to OT assets
The extensive OT visibility CTD provides enables it to automatically map and virtually segment OT networks into Virtual Zones, which are logical groups of assets that communicate with one other under normal circumstances. Key benefits:
- Cross-zone violations yield real-time alerts that are automatically scored based on risk to help security teams prioritize
- Customers without existing physical or logical segmentation can use Virtual Zones as a cost-effective alternative
- Customers seeking to implement physical or logical segmentation can accelerate such initiatives by using Virtual Zones as the blueprint
- Customers can integrate CTD with their existing firewalls and NAC solutions to proactively enforce policy-based segmentation and mitigate active attacks
CTD’s five detection engines provide full monitoring coverage of OT security and integrity events for efficient and effective threat detection that is further bolstered by real-time threat intelligence updates via The Claroty Cloud. Detection engines include:
- Anomaly Detection, which identifies changes in communication patterns
- Security Behaviors, which identifies adversary techniques used in attacks against IT and OT networks
- Known Threats, which identifies IoCs via SNORT and YARA Rule engines
- Operational Behaviors, which identifies OT operations such as firmware upgrades
- Custom Rules, which identifies user-defined events
- Wisdom of the Crowd enriches known threat alerts with reputational context from across Claroty’s entire customer base, providing users with insights into the validity of an incident in order to guide prioritization decisions and improve live and forensic investigations
CTD compares each asset in an OT environment to an extensive database of insecure protocols, configurations, and other vulnerabilities tracked by Claroty, as well as to the latest CVE data. As a result, customers can better identify, prioritize, and remediate vulnerabilities. Highlights:
- Full-Match Vulnerabilities: The complete OT visibility provided by CTD facilitates easy and accurate identification of full-match vulnerabilities
- Attack Vector Mapping: This feature identifies and analyzes all vulnerabilities and risks in an OT environment to calculate the most likely scenarios in which an attacker could compromise the environment
- Risk-Based Prioritization: All vulnerabilities are scored based on the unique risk they pose, enabling more efficient and effective prioritization

Feature Spotlight
Visit our blog to learn more about specific features of The Claroty Platform
Visit Our Blog

Request a Demo
Contact us to learn more about how CTD can address your organization’s OT security needs.