Claroty
Introduction
Claroty is a supplier of OT cybersecurity solutions focused on industrial automation, critical infrastructure and Cyber-Physical Systems. The platform provides functionality for asset discovery, network monitoring, threat detection, risk management and secure remote access within industrial environments.
Claroty is used in:
- production environments
- energy infrastructure
- water treatment
- oil and gas
- pharmaceuticals
- building management systems
- transport sector
- healthcare
In modern IT OT Convergence architectures, Claroty helps organisations gain visibility and control over complex OT and ICS networks.
The platform specifically targets industrial protocols, legacy systems and operational continuity, where minimal disruption of production processes is essential.
ποΈ Positioning in OT security
Claroty positions itself primarily within:
- Asset Discovery
- Asset Inventory
- Monitoring
- IDS
- risk management
- remote access security
- exposure management
Unlike traditional IT security tools, Claroty takes OT-specific requirements into account such as:
- real-time communication
- legacy protocols
- high availability
- limited maintenance windows
- safety requirements
- deterministic networks
The platform is therefore specifically designed for industrial environments where standard IT scanning often causes operational risks.
π Claroty architecture
A Claroty implementation typically consists of several components.
Key elements:
| Component | Function |
|---|---|
| CTD Platform | monitoring and detection |
| sensors | network visibility |
| management console | central management |
| secure remote access | external access |
| analytics engine | risk analysis |
The solution is typically integrated within:
- OT Network
- Control Network
- Supervisory Network
- IDMZ
- SOC environments
Claroty is generally placed at higher layers of the Purdue Model so that real-time control traffic is not disrupted.
π Asset Discovery
One of Clarotyβs core capabilities is Asset Discovery.
The platform automatically identifies:
- PLC
- HMI
- industrial switches
- SCADA servers
- engineering workstations
- sensors
- IoT devices
- network components
Key data collected:
| Data | Example |
|---|---|
| manufacturer | Siemens, ABB |
| firmware version | device lifecycle |
| protocol use | Modbus, OPC UA |
| network relations | communication paths |
| vulnerabilities | known CVEs |
This is essential because many organisations lack a complete overview of their OT assets.
π‘ Passive monitoring
Claroty primarily uses passive monitoring to analyse OT networks safely.
This means:
- no active scans
- minimal disruption
- real-time network visibility
- protocol analysis via SPAN/TAP
Supported protocols include:
Passive monitoring is crucial in industrial environments where active scanning can lead to:
- PLC faults
- network disruption
- crashes
- safety risks
- production stops
π§ Deep Packet Inspection
Claroty uses extensive DPI techniques for industrial protocols.
This allows systems to:
- analyse OT commands
- detect protocol anomalies
- recognise configuration changes
- flag unauthorised communication
Detection examples:
| Detection | Risk |
|---|---|
| firmware upload | sabotage |
| unknown engineering station | unauthorised access |
| new PLC | rogue device |
| protocol anomalies | attack or fault |
DPI in OT requires deep protocol understanding due to vendor-specific implementations.
β οΈ Threat detection
Claroty detects OT-related threats and anomalies.
Key detection areas:
- Malware
- Ransomware
- lateral movement
- protocol abuse
- unauthorised engineering access
- configuration changes
- anomalous network flows
Detections are often mapped to:
- MITRE ATT&CK for ICS
- threat intelligence
- behavioural analysis
- anomaly detection
The platform supports integrations with:
π Secure Remote Access
Claroty also offers secure remote access functionality for vendors and engineers.
Key functions:
| Functionality | Purpose |
|---|---|
| MFA | strong authentication |
| session recording | auditing |
| least privilege | restricted access |
| approval workflows | controlled access |
| logging | compliance |
Remote access is an important focus area in OT because vendors often need access to:
- PLC
- SCADA systems
- engineering stations
- industrial networks
Insufficiently secured remote access is a major risk in industrial environments.
π Claroty in industrial environments
Claroty is often deployed in environments with:
- legacy systems
- mixed vendor landscapes
- limited documentation
- insufficient segmentation
- critical production processes
Typical assets:
| Asset type | Examples |
|---|---|
| PLCs | Siemens, Rockwell |
| DCS | ABB, Honeywell |
| HMI | SCADA platforms |
| network equipment | industrial switches |
| OT servers | Historian, engineering |
The platform helps organisations expose hidden dependencies.
π‘οΈ Vulnerability management
Claroty supports OT-specific Vulnerability Management.
Key challenges within OT:
- limited patching options
- legacy systems
- vendor dependencies
- operational downtime
- safety validation
Claroty therefore focuses not only on patching but also on:
- compensating controls
- network segmentation
- exposure reduction
- risk scoring
This better matches OT reality than classic IT patching strategies.
π©οΈ Cloud and XIoT
Claroty uses the term XIoT for extensive connected environments.
This includes:
- ICS
- IoT devices
- building management systems
- medical equipment
- industrial networks
More and more organisations connect OT systems to:
- cloud analytics
- remote operations
- AI platforms
- predictive maintenance
This increases the need for continuous OT monitoring.
β‘ Performance and network impact
In OT environments, network stability is crucial.
Claroty is designed to:
- cause minimal network load
- operate passively
- deliver real-time insight
- analyse OT protocols safely
Important considerations:
| Aspect | Importance |
|---|---|
| Latency | real-time behaviour |
| jitter | process stability |
| packet loss | communication loss |
| SPAN capacity | monitoring quality |
Incorrectly designed monitoring architectures can themselves cause operational problems.
π Integration with SOC and IT security
Claroty often integrates with existing IT security platforms.
Examples:
This creates better insight into:
- IT/OT relationships
- lateral movement
- supply-chain risks
- attack chains
The integration supports joint collaboration between:
- OT engineering
- SOC teams
- IT security
- operations
π§ͺ Practical example: water treatment plant
A water treatment plant implements Claroty for OT visibility.
Architecture
| Layer | Component |
|---|---|
| Level 0 | sensors and pumps |
| Level 1 | PLCs |
| Level 2 | SCADA |
| Level 3 | Historian |
| Level 3.5 | Claroty monitoring |
| Level 4 | SOC/SIEM |
Functionality
Claroty detects:
- new assets
- unauthorised laptops
- firmware changes
- suspicious network flows
- remote access activity
Security challenges
Key risks:
- legacy PLCs
- insufficient segmentation
- shared accounts
- vendor remote access
- limited patching options
Architectures are therefore designed according to:
π Lifecycle Management
Claroty supports organisations in Lifecycle Management of OT assets.
Key insights:
- end-of-life systems
- firmware ageing
- unsupported assets
- vulnerabilities
- configuration changes
This helps organisations with:
- risk assessments
- migration planning
- compliance
- investment decisions
βοΈ Relevant standards
Claroty is often used within compliance and security programmes based on:
| Standard | Relevance |
|---|---|
| IEC 62443 | OT security |
| NIST SP 800-82 | ICS security |
| NIST CSF | cybersecurity governance |
| ISO 27001 | information security |
| NIS2 | critical infrastructure |
| ISA-95 | IT/OT integration |
π Role in IT/OT convergence
Claroty plays an important role in modern OT security architectures.
Key trends:
- growing IT/OT integration
- cloud connectivity
- remote operations
- AI analytics
- converged SOCs
- XIoT security
Benefits:
- better OT visibility
- risk reduction
- faster detection
- improved compliance
- better asset management
Challenges:
- complexity
- legacy infrastructure
- scalability
- false positives
- vendor diversity
Claroty is thus an important platform for modern OT cybersecurity and industrial visibility.