Security startup Claroty announced an expansion of its Industrial Control System (ICS) Continuous Threat Detection platform on June 26, providing operators with new secure remote access capabilities. The new ICS security capabilities debut as attacks against power grids and other infrastructure emerge, including the recent disclosure about the Industroyer attack that shut down the Ukraine power grid in December 2016.
Claroty emerged from stealth in September 2016, with the promise of helping ICS operators to gain visibility into the threats their systems face.
“What we have been doing since we launched is look at other areas where we can provide additional value to our customers, giving them everything they need to secure the Industrial Control System domain,” Galina Antova, co-founder of Claroty, told eWEEK.
With the new update, Claroty is now providing a secure remote access capability. Antova said that what Claroty realized is that even though operators have the ability to monitor the network for threats with Claroty’s technology, there was still a need to control how employees and partners connect to ICS networks.
“Really what we’re doing is building a platform that allows our customers to control, manage and have visibility into ICS networks without having to worry about disrupting existing processes,” Antova said.
The Secure Remote Access capability provides a workflow for ICS operators, that enables them to define the access policies both for devices and staff to be remotely connected. The system also provides full auditing for the remote ICS network access.
The idea of remote access is not entirely new for ICS systems. Antova said that many ICS vendors today have remote access capabilities to help provide maintenance and upkeep functionality. By providing Secure Remote Access, Antova said that Claroty is also helping to secure ICS systems from human errors that can occur while performing system maintenance. Anotova said that remote access is often one of the main attack vectors that Claroty has seen for hackers attempting to gain unauthorized remote access to an ICS network.
“We provide one integrated workflow that provides customers the ability to manage everything that is attempting to connect from outside into the ICS network,” Antova said.
Another common area across all domains of IT, where attacks occur is at the password layer. To that end, Claroty is introducing a new capability called Password Vaulting, that aims to help secure passwords and eliminate the risk of shared or re-used passwords. Antova explained that on ICS systems there are typically multiple sets of passwords for different operations. She added that it’s not considered to be a best practise to give out those operations passwords to third party contractors, or staff that don’t need full access.
“The Password Vaulting feature allow organizations to abstract the authorization, providing a third-party the ability to get into a system without needed the actual password,” Antova said. “It’s basically an abstraction layer.”
Crash Override
Earlier this month, a new report detailed an ICS attack against the Ukrainian power grid in December 2016, dubbed Industroyer/Crash Override. The attack was not the first and likely will not be the last against power grids and ICS infrastructure. On June 20, security firm Kaspersky Lab issued a study that reported that 54 percent of ICS companies experienced at least one cyber-attack in the past 12 months.
Antova said that the Industroyer attack and those like it, help to drive attention and more importantly budgets, toward ICS system security.
“The main news that is driving faster adoption is that ICS operators realize they have many attackers to worry about,” Antova said. “Nation-state hacker tools are available to anyone with an agenda these days.”