IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
#
Ransomware
#
Digital Transformation
#
IoT Security

Video: 10 Minute IT Jams – Who is Claroty?

Fri, 31st Jul 2020
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor

Industrial cyber security is now on the frontlines of the digital era.

The rise of automation and digital transformation in industrial sectors has created new opportunities but, just as importantly, new risks. As more factories, power plants and water utilities connect their operational technology (OT) systems to the cloud and the wider internet, cyber security gaps are becoming increasingly apparent.

This issue was the focus of a recent discussion between Tech Day's editorial team and Yaniv Vardy, the newly appointed chief executive officer of Claroty, a company specialising in OT cyber security for critical infrastructure and industry. Claroty, according to Vardy, works to ensure businesses can protect their industrial operations without suffering operational downtime or needing to expand headcount by dedicating entire teams to cyber security.

"We are the market leader provider of cyber security solutions for operational technology in the industrial space," Vardy said. "We come to really address a huge gap in the market where there's almost no cyber security in the industrial space on the operational technology side."

In simple terms, OT comprises the hardware and software that monitors and controls physical processes, such as manufacturing lines, water systems, or power grids. Many of these systems were designed and installed years ago, with little thought given to modern-day cyber threats.

"Industrial networks were designed with different assets and industrial control systems in place without security in mind," Vardy explained. "The protocols of operational technology are different than IT protocols. Companies are getting more and more advanced with getting the industrial control systems more automated, but security is many times just not there."

Claroty's core mission is to "bridge the gap" and address these deficiencies. The company's platform is divided into two major components: visibility and risk management through its CTD (Continuous Threat Detection) solution, and secure remote access (SRA) for vendors and users who need to connect to industrial networks from afar.

"You cannot really protect what you don't see," Vardy said. "We identify the assets in the industrial networks, we map it, and we make sure the customer sees the different assets in the industrial network. Then we start to provide risk management and vulnerability management with ongoing monitoring."

In an environment where the smallest misconfiguration can have far-reaching consequences, ongoing vigilance is critical. The company's threat detection software provides customers with real-time alerts and incident reports, allowing them to act before attackers can inflict damage.

Claroty's industrial pedigree is bolstered by partnerships and investments from industry leaders, including well-known names such as Schneider, Siemens and Rockwell. "Having these guys being both our customers, partners and investors is really helping us to get our product to the next level and differentiate our offering," Vardy said.

The company's clients represent critical infrastructure sectors - utilities, oil and gas, water, chemicals - as well as the broader manufacturing space. But as Vardy warned, the risk now extends to anyone automating their industrial networks or integrating Internet of Things (IoT) devices.

"If you look at the industrial revolution that started years ago and now with the digital transformation, you see that the industrial space is getting their processes more automated, and their industrial networks smarter," he said. "That means they connect their operational technology to IP-based systems, automated and basically improve productivity - but that creates exposure and risk."

As systems once isolated from the public internet come online, new attack vectors emerge. "These companies have industrial networks that were not designed with security in mind years ago, and now by automating and connecting these networks to the internet and different devices through IoT, that creates a huge risk - especially for critical infrastructure companies."

A further complication, Vardy pointed out, is the historical divide between information technology (IT) and operational technology teams. "Normal CISOs are very focused on the IT space. They are, many times, not too knowledgeable about the OT space. And it's also the other way - the operational engineers are not too knowledgeable about security. There's a huge gap that needs to be resolved with a solution in place."

Ransomware and other cyber attacks targeting OT systems are on the rise, with attackers drawn to sectors such as healthcare, automotive, and transport, which all rely on continuous, fault-free industrial processes. "We see more and more attacks, government to government attacks but also private attacks, with ransomware and the like," Vardy said.

Crucially, the COVID-19 pandemic has accelerated digital transformation and remote working, making systems both more interconnected and more vulnerable. "Companies are just improving their productivity and running their factories more effectively, more efficiently, and obviously they need to be competitive in the market, especially now when they need to protect cash and change priorities. But that means they connect more devices, get more data up in the cloud, and get industrial networks more automated - hence more exposure for attacks."

Looking ahead, he predicts that the trend of increased remote work will not reverse, and with that comes a continuing need for robust OT cyber security. "Going forward, post COVID-19, you'll see more and more customers working remotely and trying to improve productivity, and that will create more exposure and a bigger need for cyber security on the OT space."

For organisations starting on their journey toward OT cyber protection, Vardy suggests that much depends on the company's maturity but typically begins with putting in place a chief information security officer and establishing a security operations centre, as well as using event management systems to monitor activities across their networks.

"When you get Claroty, you get your needs answered on that side, where both within the network and outside the network, we protect from remote access perspective and within the network with ongoing monitoring to first provide the visibility, the risk and vulnerability management, as well as the threat detection and you have the right solutions in place and you know that you are protected," he said.

The need is clear: as operational technology becomes smarter, businesses must ensure that their approach to security evolves in tandem. Concluding the discussion, Vardy captured the urgency facing many organisations: "You cannot really protect what you don't see."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Red Hat debuts Edge Manager for secure device fleet control
Canon Business Services secures all six Microsoft accolades
SAP unveils new Business AI tools & partnerships for growth
ANZ organisations focus on IP & data as cyber threats surge
Nintex unveils Solution Studio to streamline business automation
Top stories
Australia’s renewable energy shift fuels foreign cyber concerns
Red Hat adds AI tools to streamline Linux management & upgrades
Red Hat leads launch of llm-d to scale generative AI in clouds
Red Hat launches enterprise AI inference server for hybrid cloud
Red Hat launches AI assistant to simplify hybrid cloud use