In the last several years, industrial control systems that help enable the modern world have become targets for hackers. On Sept. 13, security vendor Claroty emerged from stealth in a bid to help such systems. Claroty is taking on the challenge of industrial security with a new technology platform and $32 million in funding.
Claroty had been in stealth mode since July 2014, when the company was founded.
The company is using the $32 million in funding—from investors Bessemer Venture Partners, Eric Schmidt’s Innovation Endeavors, Marker LLC, ICV, Red Dot Capital Partners and Mitsui & Co.—to build its technology as well as its sales and go-to-market initiatives.
Claroty was established by the Team8 cyber-security foundry, which is a group led by Nadav Zafrir, former commander of Israel’s Technology and Intelligence Unit 8200. Team8 has a goal of building cyber-security companies that fit into areas where there is an identified gap in security technologies. Claroty is the second company to emerge from the Team8 foundry, following security deception technology vendor Illusive Networks.
“Our platform provides real-time monitoring across all the layers of operational technology networks,” Amir Zilberstein, co-founder and CEO of Claroty, told eWEEK. “That extends from operating systems including Microsoft Windows down to the lowest level, including sensors, pumps and industrial devices that interact with the real world.”
Zilberstein added that Claroty has visibility into traffic traversing the various layers of operational technology networks and is able to provide operators with alerts for potential cyber-security issues. As the types of infrastructure that Claroty aims to serve are mission-critical environments, Claroty’s monitoring takes a passive approach that doesn’t interfere with the normal flow of operations.
The Claroty platform provides visibility across disparate locations, providing operations with a single management platform to monitor an entire organization. Claroty’s visibility capabilities enable operators to identify potential security issues and the proper content in which the issue is occurring, he said.
A core element of the Claroty platform is its deep packet inspection (DPI) that understands all of the various protocols used in industrial networks. The system is used to help build a baseline model for normal operations in an environment.
“The baseline model is fed into our anomaly detection engine that can distinguish between normal behavior and anomalous behavior and can also highlight risky behavior on the network,” Zilberstein said.
In addition, Claroty has a malicious activity model that includes intelligence on known attack vectors and malware. Operators get access to a workflow model that enables collaboration between an organization’s IT and security teams.
Getting access to all the different sources of information in an industrial network can be a challenge. Claroty makes uses of multiple passive methods including connecting to TAP (Test Access Point) ports on existing switches, according to Zilberstein. In addition, given that some legacy industrial systems use serial connections, Claroty has multiple mechanisms to connect in a passive way to serial-attached devices as well, he said.
Identifying potential security issues is only part of the overall platform. Claroty provides tools for incident response and forensics to help alerts to be actionable, Zilberstein said. That said, Zilberstein emphasized that Claroty doesn’t have an automated remediation system.
“We give instructions and advice to operators on what to do to remediate an issue,” he said. “That’s the only way to go in an [operational technology] network because if the system tries to automatically remediate itself, it could harm the network.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.