Claroty Continuous Threat Detection (CTD) Meets the Cloud

By Larry O'Brien

Company and Product News

Claroty announced that it is embracing the cloud.  Effective immediate, Continuous Threat Detection (CTD) Version 3.9 is available on a limited basis not only via the existing deployment formats, but also with public or private cloud option.

Two of CTD’s features:

Cloud + Claroty Threat Intelligence (CTI)

The value of threat intelligence decreases with every passing second, which is why speed and precision matter.  The cloud correlates behaviors across all connected customers, detecting industry-specific threats, tactics, and trends as they evolve.  By aggregating and analyzing anonymized customer data, CTD blends vendor-agnostic visibility with real-time and actionable threat intelligence, including updates to Yara signatures, SNORT rules, vulnerabilities and other proprietary indicators of compromise sourced from Team82 (Claroty’s research arm).  Instead of waiting for a version upgrade or the next update, CTD continuously pushes adaptive information, including data enrichment and the latest threat intelligence to customers' Enterprise Management Consoles (EMC) via a secure SSL channel.

Cloud + Virtual Zones+

Claroty’s Virtual Zones+ leverages CTD's deep packet inspection engine to transform OT and IoT communications into an intuitive, user-friendly view.  It automatically groups together and visualizes network assets with similar behaviors and attributes.  Once grouped, CTD identifies the relationship between the logical groups and automatically generates granular communication policies.  The policies assign permission levels to each zone, along with a specific level of trust to help end users understand the risk posed by every logical connection between the zones.

And the cloud...

The cloud revolutionizes this visualization by crowdsourcing data from Claroty’s customer base.  System users can benchmark their existing assets' communications and the policies governing them against those of Claroty's other customers with similar cloud-based deployments.  Instead of combing through hundreds of communication patterns looking for misconfigurations, or to manually assigning permission levels, Claroty customers can benefit from a real-time cloud-based reputational awareness engine feeding information directly from the field.  The database is continuously populated with anonymized customer policy rules, delivering a reputation that describes the recurrence rate of a specific rule among other cloud policies.  If a particular baseline or policy is common or universal across CTD’s monitored sites, the customers will know about it.  Likewise, the same is true if it is rare or unusual. 

CTD version 3.9 includes best-of-class security and privacy standards, including GDPR compliance.  Data shared with the cloud is secured in transit and at rest, and fully scrubbed of identifying information to preserve customers’ anonymity.

While CTD version 3.9 is a Limited Availability release, it is a precursor to a major General Availability (GA) announcement coming later in the year. 

Engage with ARC Advisory Group