Over the past couple of years, industrial control system cybersecurity supplier Claroty has signed a number of partnerships with automation technology suppliers, including Schneider Electric, Rockwell Automation and Siemens.
Claroty has since announced two additional partnerships—one with Cisco and one with Belden.
As part of Cisco’s pxGrid Ecosystem (a platform that allows multiple security products to share data and work together), Cisco will combine Claroty’s Continuous Threat Detection technology for real-time operational technology (OT) network monitoring and visibility with Cisco’s Identity Services Engine (ISE) for automated threat detection and response, as well as its Firepower firewall technology to enable automated and active threat protection for OT environments.
Specifically addressing the automated aspects of the combined technologies, Cisco said, “Through integration with pxGrid, Cisco customers can easily ingest asset details into ISE… to create new policies…for industrial networks. This integration also enables ISE to automate policy management—applying preset policies for new assets that appear based on the asset type and other details. For example, ISE can generate policies for PLCs or RTUs that are running firmware with known vulnerabilities or access policies that can be tuned for the different levels of risk posed by devices such as HMIs [human machine interfaces], PLCs [programmable logic controllers] or RTUs [remote terminal units].”
Claroty’s Continuous Threat Detection pinpoints which industrial assets have known vulnerabilities, enabling ISE or Firepower to ingest this data and automatically apply additional protection rules, Cisco said.
The strategic partnership between Claroty and Belden’s Tripwire brand will focus on “integrated top-floor to shop-floor cybersecurity solutions that address all aspects of an industrial cybersecurity strategy, providing complete visibility to all assets so that protective countermeasures can be implemented to ensure the reliability and integrity of the industrial process,” said Belden.
A key technological aspect of the partnership is that it will extend Tripwire’s automated asset discovery reach into industrial assets such as PLCs, RTUs and distributed control systems. The combination of technologies from Tripwire and Claroty will reportedly provide visibility and threat monitoring across IP and non-IP segments within industrial control system networks.
“Tripwire solutions provide complete visibility into device configuration and operational state. When we combine that with Claroty’s passive threat detection visibility capabilities, we are able to better equip our customers to proactively and swiftly detect and respond to threats that would detrimentally impact the industrial process,” said Galina Antova, co-founder and chief business development officer, Claroty.
According to the two companies, using Claroty’s virtual zones capability, which automatically creates logical groups of industrial assets based on the communications patterns between assets, customers can implement virtual segmentation to create advanced ICS protocol-specific deep packet inspection rules for Belden firewalls, a requirement for simplified micro-segmentation.