Schneider, Claroty Team to Boost Network Visibility

Wednesday, August 9, 2017 @ 12:08 PM gHale

By Gregory Hale
As visibility into critical automation processes becomes more vital, security providers are teaming to present a stronger, unified solution to manufacturers.

That is what makes this week’s partnership pact between Schneider Electric and startup network visibility provider, Claroty, an interesting move.

DigiCert Deals for Symantec Cert Business
Honeywell Closes Nextnine Deal
Rapid7 Deals for Security Automation Firm
Honeywell Plans Cyber Center in Singapore

Forget about the industry’s movement toward the Industrial Internet of Things (IIoT) because that is way off into the future, but with control systems becoming more connected, and with security in the sector still in its nascent stages, the potential for more incidents – internal and external – continue to ratchet up.

“Identifying the communications going on could help ward off an attack,” said David Doggett, senior director cybersecurity for industry business at Schneider Electric. “Controlling the links is key to that. It lets you know why people are using commands. At some point attacks are getting through, so monitoring the attack is a big part. It is a layer of security on our new products and a significant piece on the older products.”

Under the terms of the pact, Claroty will market its real-time OT/ICS network monitoring and detection solution to Schneider Electric’s customers through the company’s Collaborative Automation Partner Program (CAPP).

Claroty, which officially came out of stealth mode just about a year ago, protects industrial control systems by continuously monitoring networks for cyber threats. With secure remote access, users can employ policies to control remote employee and third-party access to critical systems, and record the sessions.

Claroty’s threat detection creates a detailed inventory of industrial network assets, identifies misconfigurations, monitors traffic between assets, and finds anomalies that may indicate the presence of a bad guy. Alerts provide plant and security personnel with insights so they can investigate, respond and recover.

“We can help teams with several hygiene vulnerabilities,” said Claroty’s Patrick McBride. “Operators can use reliable and up to date asset inventory where they don’t have a good picture across their multivendor environment.”

For Schneider, the partnership adds a stronger visibility aspect to its end-to-end cybersecurity offerings by protecting its connected products and edge control offerings within the company’s EcoStruxure architecture. EcoStruxure is Schneider Electric’s IoT-enabled, open and interoperable system architecture and platform. The EcoStruxure architecture enables scalable design and operation of connected systems with cybersecurity built in at every layer. 

“We can help see some configuration issues that can have an impact on performance of the network,” McBride said. “We can see configuration issues ahead of time. (A user may) think they have a secure perimeter, but they find they have something out there talking, but not protected.”

Schneider and Claroty conducted rigorous testing to validate solution interoperability, after which Claroty became a member of the CAPP program. Schneider’s CAPP program allows the industry giant to integrate technologies developed by its partner ecosystem into its own offerings. 

Claroty’s solution can get down into industrial network protocols without adversely impacting the system. This allows users to safely identify anomalies while protecting industrial networks. Traditional IT security software often uses active queries or requires a footprint on the network, which can ultimately disrupt operations. Like other network monitoring firms, Claroty uses a passive-monitoring approach to safely inspect traffic without the risk of disruption.

“We have a separate research team that is analyzing the old protocols,” McBride said. “We made that commitment to ICS a long time ago.”

No matter how the manufacturing automation industry looks at it, the need for cybersecure ICS environment is becoming more vital each passing day. That is why seeing and understanding what a user has on the network is paramount for any manufacturer.

“People are realizing they need to do more about security,” Doggett said. “It is a C-level discussion now, not talking about IT systems, but about control systems.”

Leave a Reply

You must be logged in to post a comment.