Share this article on:
Claroty has announced an expansion of its security solutions with the introduction of additional vulnerability and risk management (VRM) capabilities.
The company, which offers cyber physical systems (CPS) protection solutions and security across the extended internet of things (XIoT), has expanded the VRM capabilities of its software-as-a-service (SaaS) platforms, in recognition of the strain faced by chief information security officers (CISOs) in today’s world.
For instance, research conducted by Fortinet has found that CISOs are becoming responsible for managing an increasing amount of an organisation’s cyber security, including operational technology (OT) security and CPS, with an estimated 95 per cent of critical infrastructure CISOs now responsible for securing CPS as well as information technology (IT).
Of those, 98 per cent are required to quantify and account for their organisation’s CPS risk posture.
On top of this, the conventional wisdom around the management of CPS vulnerabilities is confused, with almost 70 per cent of all CPS vulnerabilities disclosed last year receiving a CVSS v3 severity score of high or critical, but under 8 per cent of those have been exploited.
Security teams are then overloaded as a result, with conventional wisdom and solutions being based totally on CVSS scores. It also means that CISOs and their resources are pulled away from very real issues that may appear in vulnerabilities with lower scores but with greater appeal to threat actors as a result.
In light of this, Claroty has announced the implementation of VRM capabilities within its Medigate and xDome SaaS-based solutions.
“CISOs and security teams face an increasingly uphill battle in mitigating the risk from obsolescent and insecure assets, as well as new vulnerability discoveries. Due to the uniqueness of CPS and critical infrastructure environments, patching everything is often impossible or too complex to execute,” said Claroty chief product officer Grant Geyer.
“These VRM enhancements to the Claroty SaaS portfolio further equip our customers to answer their toughest cyber security questions: how to accurately assess risk and which vulnerabilities to mitigate first based on how likely they are to be exploited in industrial, clinical, or other mission-critical environments.”
The new enhancements will “deliver the most transparent and granular way to quantify CPS risk posture”, with a new framework that accounts for an expanded range of factors that can increase risk, as well as compensating control improvements that can offset risk.
For new customers, this framework comes preconfigured, allowing for quick and easy calculation of an organisation’s risk posture.
Customers also get increased flexibility and control, allowing them to tailor CPS risk calculations to their needs.
“As highlighted in the SOCI Act in Australia, understanding an organisation’s attack surface and its vulnerabilities starts with knowing what’s on the network, the risk posture of each asset and the options available to remediate,” said the chief executive of Claroty healthcare distributor Wavelink, Ilan Rubin.
“The Medigate by Claroty platform is a key building block that complements Wavelink’s health, mobility, and security offerings, and the platform’s new VRM enhancements will help our partners and end customers achieve these objectives more efficiently and effectively.”
More information on Claroty and its new VRM enhancements can be found on the Claroty website.