In-brief: Claroty, an Israel-based start-up emerged from stealth mode on Tuesday, unveiling a new platform that it claims will help owners of industrial control systems detect threats and attacks by sophisticated adversaries.
Claroty, an Israel-based start-up emerged from stealth mode on Tuesday, unveiling a new platform that it claims will help owners of industrial control systems detect threats and attacks by sophisticated adversaries.
The company, which traces its roots to elite information security units within the Israeli military, said it has garnered some $32 million in funding to do what other technology firms have struggled to accomplish: monitor the behavior of diverse and often aging industrial control networks for signs of compromise.
“This platform was designed to find insights and bad things on both the operational and the security sides of the track,” said Patrick McBride, Claroty’s Chief Marketing Officer in a conversation with The Security Ledger.
McBride said the company, which is based in Tel Aviv, has 43 employees and has signed “multiple, seven figure” deals for its technology.
Claroty, whose name suggests its focus on “OT” or operational technology, is the latest among a number of other start-ups to target the industrial control space that services industries as varied as mining, energy, healthcare and manufacturing. Other ICS and SCADA focused start-ups include Indegy, SCADAFence and CyberX.
Sophisticated and unsophisticated attacks on industrial control networks are on the rise. Researchers at FireEye’s iSight unit said that there has been a 49% increase in the number of ICS vulnerability disclosures from 2014 to 2015 with 33% of those “zero-day” or previously unknown and unreported vulnerabilities.
[Read more Security Ledger coverage of industrial control system security.]
The industrial control space has long been dominated by a few, large multi nationals such as Siemens, GE, Rockwell Automation, Honeywell and Schneider Electric, but security awareness and practices have lagged.
Claroty emerged from Team8, a cybersecurity foundry. The company also has assembled an impressive roster of investors who have backed its vision for providing a “common picture” for operational technology and information technology. The company has backing from Bessemer Venture Partners and Innovation Endeavors.
“Big Data has huge benefits for analytics and for spotting big new attack vectors,” said David Cowan of Bessemer Ventures. “IT security teams sit in corporate headquarters and operational technology teams sit at the plant,” Cowan said. “The Ops guys aren’t open to infosec and vice versa.” Claroty claims to solve that by modeling a wide range of industrial control system and SCADA platforms and protocols, including older, legacy systems.
Claroty claims to support both open and proprietary protocols from vendors including Siemens, Rockwell Automation/Allen Bradley, Yokogawa, Emerson, GE, Schneider Electric, Mitsubishi, Honeywell,ABB and more. The technology sits out of band and passively monitors traffic on ICS networks and then uses deep packet inspection and specialized data analysis algorithms to detect potential attacks and noteworthy changes that can adversely impact operations – including a variety of security attacks and environmental changes that could harm system integrity or damage industrial processes.
“Out of that, we can build a baseline model that tells us what is normal and what is not,” said McBride.
Attacks targeting critical infrastructure have moved from theoretical to actual. In December, 2015 a cyber attack attributed to hacking groups with ties to the government of Russia caused blackouts for several hours in the Ivano-Frankivsk region of Ukraine. In all, 30 substations were disconnected from the grid in the attack, affecting some 80,000 customers.
Cyberware aside, there are other, more subtle threats to critical infrastructures that can be overlooked, but also damaging including sabotage or the theft of valuable intellectual property, Claroty notes.