Claroty VRM enhancements enable security teams to quantify CPS risk posture

Claroty announced enhancements to the Vulnerability and Risk Management (VRM) capabilities of its SaaS platforms, enabling security teams to assess and strengthen their organization’s CPS risk posture.

Enhancements include a granular and flexible risk scoring framework, features that enable vulnerability prioritization workflows to be up to 11 times more efficient than industry standards, and support for responsible for the evolution of the software nomenclature (SBOM) landscape.

This release reinforces Claroty’s commitment to solving the most pressing issues facing CISOs and security teams in critical infrastructure sectors, including:

More and more CISOs are responsible for assessing the risk posture of the CPS: It is estimated that 95% of critical infrastructure CISOs are now responsible for securing not only IT but also CPS; of these, 98% must also quantify and factor their organization’s CPS risk position into the broader risk score shared with management. Increasing financial and regulatory pressures, as well as gaps in risk assessment toolkits, only exacerbate the challenges associated with these responsibilities.

Received ideas contradict the reality of CPS vulnerability management: Nearly 70% of CPS vulnerabilities disclosed in 2022 received a “high” or “critical” CVSS v3 severity score, but less than 8% were exploited, according to Claroty’s State of XIoT Security Report: 2S 2022. This gap raises concerns about conventional wisdom and solutions that recommend prioritizing remediation based solely on CVSS scores. Security teams that follow this recommendation are not only often overwhelmed; they may also divert resources to vulnerabilities least likely to be exploited, while neglecting those most likely to be exploited.

Additionally, according to the Gartner Market Guide 2023 for CPS Protection Platforms: “The number of vulnerabilities continues to increase while CPS patching remains very difficult. Most solutions: Correlate asset discovery results with manufacturers’ Common Vulnerabilities and Exposures (CVE)/recall databases and third-party vulnerability repositories, prioritize known exploited vulnerabilities, report the use of insecure applications and default passwords, provide remediation guidance, including alternative compensation controls, and provide a ticketing mechanism to track actions.

“More advanced solutions include: a mechanism to prevent computer scanners from touching CPS, provide a contextualized risk score based on asset criticality and exploitability probability, and improve outcomes and risk score through knowledge of the real world of their research teams. »

New enhancements to xDome and Medigate, Claroty’s SaaS solutions for industrial and healthcare organizations respectively, build on already advanced VRM capabilities to:

Deliver the most transparent and accurate way to quantify CPS risk posture: Claroty’s new risk framework is more accurate than ever because it considers a broader range of factors that can increase risk, as well as offsetting control improvements that can offset the risk. The framework is preconfigured and ready to use, so even customers new to CPS security can immediately calculate their risk level and take prioritized actions to protect their operations.

Further enable customers to tailor CPS risk calculations to their needs: Claroty’s new risk framework allows customers to adapt it to align with their existing GRC processes and risk priorities, and have greater control over how different factors are weighted in their posture assessments CPS risk assessment, allowing them to prioritize remediation steps appropriately.

Prioritize vulnerabilities based on likelihood of exploitation, asset criticality, and impact: Claroty now automatically assigns all CPS vulnerabilities to priority groups based on the latest indicators from the Known Exploited Vulnerabilities (KEV) catalog and the Exploit Prediction Scoring System (EPSS), as well as the criticality and risk of the affected assets. As a result, customers can even more effectively – and up to 11 times more effectively – prioritize the vulnerabilities that malicious actors are most likely to exploit as a weapon.

Prepare for CPS Risk Implications of the Changing SBOM Landscape: While recent regulatory developments have made it clear that SBOMs are critical to software supply chain risk management, Claroty now allows customers to upload SBOMs, view those uploaded by their peers, and support associated workflows in the future.

“CISOs and security teams face an increasingly uphill battle to mitigate risks related to outdated and insecure assets, as well as the discovery of new vulnerabilities. Due to the unique nature of CPS environments and critical infrastructure, it is often impossible or too complex to update everything. » Grant GeyerCPO of Claroty.

“These VRM enhancements to the Claroty SaaS portfolio allow our customers to answer their toughest cybersecurity questions: how to accurately assess risk and which vulnerabilities to mitigate first based on the likelihood they will be exploited in the framework of industrial, clinical or other missions. critical environments,” Geyer added.

KEV/EPSS, SBOM and risk features are all available now. Features enabling SBOM analysis and analysis will be available in Q4 2023.