Threat Intelligence

The CPS Threat Intelligence Challenge

CPS environments are different from traditional enterprise IT and require CPS-specific threat intelligence to be effective. A successful CPS security program should have an oversized focus on leveraging threat intelligence to proactively reduce the attack surface area of the environments in which they exist. However, the following challenges prevail:

CPS Assets Have a Low Tolerance for Interruption

Unlike typical IT environments, CPS environments comprise a wide variety of asset types, across vast geographies, and operate in business critical processes with low tolerance for interruption. Implementing and updating traditional threat intelligence measures can require downtime, which can be highly disruptive and costly.

CPS Security Skills Gap

CPS assets have very different security requirements than IT environments which require expertise from specialized cybersecurity professionals who understand both cybersecurity and CPS intricacies. However, there is a shortage of specialists with the knowledge to establish and maintain a threat intelligence program specific to CPS.

Integration of Existing IT Programs

Successful CPS threat intelligence programs must be integrated with your organization’s overall cybersecurity strategy. However, since most CPS use proprietary protocols and legacy systems, they are simply incompatible with traditional IT solutions – further complicating the integration process.

How Claroty Tackles the Threat Intelligence Challenge

At Claroty, we understand that in-depth knowledge of CPS assets and the threats that can exploit them is critical. That's why we’ve developed threat intelligence capabilities that are purpose-built for the risks specific to CPS.

Cyber Risk Reduction

Claroty xDome provides contextualized insights by grouping Threat Intelligence around incidents, enabling your Threat and Vulnerability Management team the ability to analyze the impact on your environment and guide them on the next investigation steps. This is facilitated through the Threat Center, a dashboard updated daily by our Team82 cybersecurity analysts. The Threat Center assesses potential impact on your environments and helps narrow down assets that need investigation — expediting mitigation and accelerating restoration to normal operations.

Check out more of our risk reduction capabilities

Proactive Risk Mitigation

While the Threat Center focuses on known threats, Claroty Exposure Scenarios address potential risks exploited by threat actors. Claroty xDome Threat Intelligence provides Exposure Scenarios that address potential risks exploited by threat actors. These Exposure Scenarios provide a set of rules to help mitigate devices exposed to specific scenarios. Acting as a clearinghouse, it offers actionable recommendations for reducing inherent risks, allowing security teams to act before incidents impact their environment.

Gain deeper insight into how we optimize threat alerting

Alignment to NIST Cybersecurity Framework

Claroty Threat Intelligence includes purpose-built, timely features to reduce CPS risk at each stage of the NIST Cyber Security Framework:

Identify & Protect: Claroty supports NIST’s Identify and Protect functions by providing deep insights into known threats via the Threat Center, which is continuously updated and categorized by region, industry, and severity.

Detect: Claroty Threat Intelligence supports the Detect function by releasing network signatures to help detect attackers in your environment based on the TTPs that they are known to use.

Recover & Respond: We support the functions Recover and Respond with compromise scoping — to help you fully understand the breadth and depth of a breach so you can contain compromise and recover operations quickly.

Learn more about NIST alignment