Claroty’s VRM enhancements empower security teams to quantify CPS risk posture
Claroty announced enhancements to its SaaS platforms’ vulnerability and risk management (VRM) capabilities, further empowering security teams to evaluate and strengthen their organization’s CPS risk posture.
The enhancements comprise a uniquely granular-yet-flexible risk scoring framework, features that enable vulnerability prioritization workflows to be up to 11 times more efficient than industry standards, and support for the evolving Software Bills of Materials (SBOM) landscape.
This release reinforces Claroty’s commitment to tackling the most pressing issues facing CISOs and security teams across critical infrastructure sectors, including:
More CISOs than ever are responsible for assessing CPS risk posture: An estimated 95% of critical infrastructure CISOs are now responsible for securing not only IT but also CPS; of those, 98% must also quantify and account for their organization’s CPS risk posture in the broader risk score shared with executive leadership. Mounting financial and regulatory pressures, as well as shortcomings of go-to risk assessment toolkits, are only exacerbating the challenges of these responsibilities.
Conventional wisdom is at odds with the reality of managing CPS vulnerabilities: Nearly 70% of CPS vulnerabilities disclosed in 2022 received a CVSS v3 severity score of “high” or “critical,” yet less than 8% have been exploited, per Claroty’s State of XIoT Security Report: 2H 2022. This discrepancy raises concerns about the conventional wisdom and solutions that recommend prioritizing remediation based solely on CVSS scores. Security teams following this recommendation are not only often overwhelmed; they may also be misdirecting resources towards vulnerabilities that are the least likely to be exploited, while overlooking the ones that are most likely.
Furthermore, according to The 2023 Gartner Market Guide for CPS Protection Platforms: “The number of vulnerabilities continues to grow at the same time as CPS patching remains very difficult. Most solutions: correlate the outputs from asset discovery with common vulnerability and exposures (CVE)/manufacturer recall databases and third-party vulnerability repositories, prioritize for known exploited vulnerabilities, flag unsecure application usage and default passwords, provide remediation guidance including alternative compensating controls, and provide a ticketing mechanism to track actions.
“More advanced solutions include: a mechanism to prevent IT scanners from touching CPS, provide a contextualized risk score based on asset criticality and likelihood of exploitability, and enhance findings and risk score with real world knowledge of their research teams.”
The new enhancements to xDome and Medigate, Claroty’s SaaS-based solutions for industrial and healthcare organizations, respectively, build upon already-advanced VRM capabilities to now:
Deliver the most transparent and granular way to quantify CPS risk posture: Claroty’s new risk framework is more accurate than ever because it accounts for an expanded range of factors that can increase risk, as well as compensating control improvements that can offset risk. The framework comes pre-configured out-of-the-box, so even customers who are new to CPS security can calculate their risk posture immediately and take prioritized actions to protect their operations.
Further empower customers to tailor CPS risk calculations to their needs: Claroty’s new risk framework allows customers to tailor it to align with their existing GRC processes and risk priorities, and to have greater control of how different factors are weighted in their CPS risk posture assessments – further empowering them to prioritize remediation steps appropriately.
Prioritize vulnerabilities based on exploitation likelihood, asset criticality, and impact: Claroty now automatically assigns all CPS vulnerabilities to priority groups based on the latest indicators from the Known Exploited Vulnerabilities (KEV) catalog and Exploit Prediction Scoring System (EPSS), as well as the criticality and risk of affected assets. As a result, customers can even more effectively – and up to 11 times more efficiently – prioritize the vulnerabilities that threat actors are most likely to weaponize.
Prepare for the CPS risk implications of the evolving SBOM landscape: As recent regulatory developments have made it clear that SBOMs are key to software supply chain risk management, Claroty now enables customers to upload SBOMs, view those uploaded by their peers, and support related workflows moving forward.
“CISOs and security teams face an increasingly uphill battle in mitigating the risk from obsolescent and insecure assets, as well as new vulnerability discoveries. Due to the uniqueness of CPS and critical infrastructure environments, patching everything is often impossible or too complex to execute,” said Grant Geyer, CPO of Claroty.
“These VRM enhancements to the Claroty SaaS portfolio further equip our customers to answer their toughest cybersecurity questions: how to accurately assess risk, and which vulnerabilities to mitigate first based on how likely they are to be exploited in industrial, clinical, or other mission-critical environments,” added Geyer.
The KEV/EPSS, SBOM upload, and risk capabilities are all generally available now. Features enabling SBOM analysis and parsing will be available in Q4 2023.