As the coronavirus pandemic sent office workers home, another class of workers have also seen an increased need to work remotely: plant operators. And just like anyone else accessing information remotely from home, the need to protect against cyberattacks is greater than ever.
That’s according to Claroty, a New York-based industrial cybersecurity provider that is expanding its capabilities, in part, to strengthen security for remote access of plants owned by manufacturers, oil and gas companies, and utilities.
Dave Weinstein, chief security officer at Claroty, told CRN that while many industrial companies had already started to shift to remote access and control capabilities, the pandemic has prompted more companies, particularly in manufacturing, oil and gas, and utilities, to move in that direction.
The problem? The methods many companies are using to remotely access operational technology systems are the same insecure methods that IT organizations used 20 years ago.
“Prior to COVID-19 and to some extent this is just amplified today, organizations on the OT side have been doing remote access in a fairly basic but also risky manner,” said Weinstein, whose company works with industrial vendors like Siemens and Schneider Electric. “You’re talking about sharing passwords, relying on single user accounts, with no real authentication or monitoring in place.”
To that end, the company announced that its Secure Remote Access offering will gain expanded capabilities next month as part of a wider platform update that also brings improvements to its Continuous Threat Detection component, available today. The updates were unveiled Tuesday as 63 percent of U.S. IT security professionals surveyed by Claroty earlier this year expect national infrastructure to suffer a major cyberattack in the next five years.
“We’re thinking about how threat detection is becoming a more necessary, almost required function for organizations as mobility increases,” Weinstein said. “And this is particularly relevant to the COVID-19 scenario, where workforce mobility is accelerating, which is introducing a whole new range of attack vectors, and threat detection is just super important for these organizations.”
Weinstein said the new Secure Remote Access 3.0 and Continuous Threat Detection 4.1 addresses four areas that are important to reducing the risk of cyberattacks against OT infrastructure: visibility, threat detection, vulnerability management, and triage and mitigation.
With the latest version of Secure Remote Access, Claroty’s platform enables not only secure remote access, monitoring, auditing and control but also expanded integration with the platform’s functions, such as network monitoring, threat detection and vulnerability management. This means, for instance, if a remote session exhibits unusual activity, it can be shut down before an attack happens.
“We know attackers are exploiting it in the wild, and it’s consistent with the trends that we’re seeing, which is that attackers are relying on traditional IT hacking techniques [such as spear phishing] in order to gain access to the OT network,” Weinstein said.
One of the other updates to Claroty’s platform is a new hygiene score that analyzes which OT assets and systems are at the greatest risk of an attack based on a real-time database of vulnerabilities. Weinstein said this can help companies prioritize which parts of the plant they should patch up and which processes they can keep running because of a low risk score.
“All this is to help translate this data up to a [chief information security officer] level so that they can understand, is it worth bringing down this part of the plant for X number of hours in order to patch this vulnerability or not?” he said.
Other new capabilities in Claroty’s platform include network micro-segmentation by subnet, real-time vulnerability updates, and a customizable analytics dashboard that provides high-level OT security alerts in layman’s terms for IT professionals, particularly those working in Security Operations Centers.