Kentron News

Industrial Control Network Security


Posted on Friday, August 31, 2018
The CLAROTY PLATFORM for OT Security Despite best efforts to protect our industrial Control Systems and networks from unplanned disruption or downtime, there is always the chance that cyber risks from many sources can still impact production networks and the bottom line. There is considerable benefit to catching cyber threats, employee or vendor errors, and supply chain cyber risks early – before interference with normal operations, regardless of who is responsible for OT security – the IT security team or the Operations Technology (OT) and production teams. The Claroty Platform is an integrated solution suite that has been designed for industrial control networks and system to catch threats and anomalies early in the threat cycle, delivering ICS security protection, control, detection and response. The Platform provides extreme visibility into industrial protocols, communications, IP and non-IP addressed assets, and even connected I/O. Extreme Visibility Delivers Business Value - Unlike a vendor-specific solution which has a limited view, Claroty supports full visibility across the entire industrial network regardless of the equipment manufacturers and protocols in place. This visibility will assist in discovering operator assets, truing up inventory and configuration data, and identifies ICS security gaps with guidance on what to do. This minimizes unplanned downtime and helps control engineers speed response when something goes wrong. Do No Harm – The last thing any operator wants is to introduce disruption, latency or downtime to production activities. Claroty’s Platform does no harm – will not impact ICS in any way due to a passive method for analysis and baselining of the industrial network and systems. Claroty passively observes and analyzes traffic in the control network, and deeply inspects the protocols and messages that occur between devices on the network. After learning these baseline communications, Claroty accurately knows what traffic and user behaviors characterize the industrial network and systems. This is called the communication baseline. This capability also delivers context from within the industrial environment when assessing potential cyber threats. Real-Time Alerts - If anomalies are detected then early notification is given to the network operations team via communication alerts (Syslog, email, text, SNMP). The threat threshold for these individual alarms can be set in advance by the control network engineers. Therefore, the Claroty Platform offers a real time overview of any changes to the baseline expectations of the control network, allowing those responsible to look at the potential threat (or simple change completed or updating error without notification in some cases), along with context from their own environment to help determine corrective action, if required. Again, Claroty’s Platform is a passive network analyser offering awareness of industrial network changes while allowing daily communication traffic and production operations to continue undisrupted. The Claroty Platform was created and designed by a group of elite Israeli military cyber intelligence security forces, tailored specifically to the requirements of Industrial Control Network Engineers, passively discovering industrial assets, support for a growing list of standard and proprietary industrial control network protocols, deeply inspecting messages using these protocols, securing remote access and bringing it all together in a centralized management console for the ease of operations teams. This system is by Control Engineers – for Control Engineers, and supported by technical resource familiar with control networks and their requirements. Claroty is available for web based demonstrations and on-site ‘proof of concept’ testing after technical discussion to establish the system specifics and associated needs. If you want to learn more, contact Kentron Systems by phone (403-208-5770) or via the Internet www.kentron.ca or www.claroty.com.