September 20, 2018 - Claroty recently announced an integration partnership with Cisco. Cisco customers can now bring their OT networks up to the same protection standard as their business networks with an integrated solution from Claroty.
The solution combines Continuous Threat Detection, Claroty’s visibility, and real-time monitoring technology for OT networks, with Cisco Identity Services Engine (ISE) and Firepower–to extend visibility into the lowest levels of industrial networks and enabling automated, and active threat protection for OT environments. This integrated solution addresses several important OT network protection use cases including:
- Deep Visibility into Industrial Networks– Claroty automatically discovers all assets across industrial networks, including SCADA and DCS environments, without the need for agents.
- Automated Policies– this level of visibility into OT networks is not an end goal itself.
- Expanded Threat Protection– with information about individual OT assets, plus details about application-level communication patterns using industrial protocols, customers can create or automate the creation of advanced firewall rules.
- Comprehensive Vulnerability Management– Continuous Threat Detection also pinpoints which industrial assets have known vulnerabilities and the integration enables ISE or Firepower to ingest this data and automatically apply additional protection rules.
The system monitors SPAN traffic and leverages the advanced industrial network protocol dissectors in the CoreX engine to automatically identify and classify industrial assets.
The system identifies detailed configuration information and automatically classifies the different types of industrial assets–from Human Machine Interfaces (HMIs), Programmable Logic Controllers (PLC) and Remote Terminal Units (RTU), which are the backbone of industrial networks, to ancillary devices like Engineering Workstations, Historians and more.
The system provides details about the assets, the protocols used to communicate, the various assets they are talking to and details about the actual OT conversations taking place.
Through integration with pxGrid, Cisco customers can ingest asset details into ISE and leverage this asset data to create new policies that are fine-tuned for industrial networks.
This integration also enables ISE to automate policy management– applying preset policies for new assets that appear based on the asset type and other details.
For example, ISE can generate policies for PLCs or RTUs that are running firmware with known vulnerabilities (CVEs) or access policies that can be tuned for the different levels of risk posed by devices such as Human Machine Interfaces (HMIs) and Programmable Logic Controllers (PLCs) or Remote Terminal Units (RTUs) which monitor and control industrial processes.
Using Claroty’s virtual zones capability, which automatically creates logical groups of assets (zones) based on the communications patterns between assets, customers have the Firepower rules necessary to implement zone-to-zone micro-segmentation for threat protection.
This knowledge about industrial assets and their communications patterns also enables customers to adjust Firepower’s threat detection and prevention to meet the requirements of each OT environment.
