Tenable Teams with Deloitte to Secure Fortune 500 Manufacturing Environments

Security of networks and compute platforms will continue to be news for quite some time. After all, Putin didn’t agree to terminate all hacking emanating from Russia (surprise). But according to my firewall statistics, I’m hacked from a large number of geographic sites, and I’m just a blog site! This news came to me. Typical of security news, there are superlatives and claims that I have not been able to verify. The gist is that there is an attempt to bring OT and IT together in a secure network.

Tenable.ot showcased in Deloitte’s Smart Factory at Wichita initiative, providing its industry-leading capabilities for securing today’s modern OT environments

Tenable Inc. the Cyber Exposure company, announced a strategic collaboration with Deloitte to accelerate and secure smart manufacturing across Fortune 500 environments. Tenable and Deloitte have developed and implemented industrial-grade security solutions to help organizations understand, manage, and reduce cyber risk in their manufacturing environments around the world.

According to a smart factory study from Deloitte and Manufacturers Alliance for Productivity and Innovation, eighty-six percent of manufacturers believe smart factories will be the main driver of competitiveness in the next five years. These modern environments represent a massive business opportunity, but they also contribute to an expansive and converged attack surface of legacy information technology (IT) and new operational technology (OT). Increasingly, boards of directors and executives consider OT security a top business priority and risk. As such, smart factories require strategic, risk-based vulnerability management to defend and secure mission- and safety-critical systems. 

Deloitte’s ecosystem for smart manufacturing provides organizations with greater speed, scale and security over their digital transformation initiatives. By deploying Tenable.ot — the industry’s first unified solution for securing IT/OT environments — as part of a secure-by-design model, joint customers benefit from unmatched visibility and control over their converged industrial environments, with advanced threat detection and mitigation to identify weak points before an attack ever occurs.  

“Make no mistake, industrial environments run the global economy. They build, power and protect the world around us. Ensuring these smart factories are secure by design is paramount,” said Renaud Deraison, co-founder and chief technology officer, Tenable. “Strategic cybersecurity must be foundational to all smart factory initiatives. Without it, you’re building on pillars of sand. Securing modern, converged environments requires unified visibility across both IT and OT assets. We’re very excited to collaborate with Deloitte to do just that for customers around the world.”

In addition to the existing deployments around the world, Tenable.ot will also be showcased in Deloitte’s Smart Factory @ Wichita initiative — a 60,000-square-foot immersive experience equipped with the latest smart factory advancements — designed to demonstrate how manufacturers can embrace digital transformation in a secure, scalable way. In the facility opening this fall, joint customers will experience the power of a unified, risk-based view of their IT and OT environments, arming them with the visibility, security and control required to secure Industry 4.0. 

“The Smart Factory at Wichita is designed to explore the full range of innovation with Industry 4.0 technologies and maintaining cybersecurity is a critical piece to the manufacturing life cycle,” said Stephen Laaper, principal, Deloitte Consulting LLP. “With Tenable onboard as a builder sponsor, clients walking through the doors of the Smart Factory will have the ability to experience a secure industrial environment and can take solace in knowing critical organizational data is protected by a top leader in the industry.”

Claroty Secures $140 Million Financial Round

Today must be cybersecurity day. I just wrote about open-source Software Bills of Materials, and now comes a venture funding announcement. Several years ago, a number of new cybersecurity companies sprang up. Most had some sort of tie to former Israeli army security professionals. At any rate, today’s news comes from Claroty which has landed $140 million in its Series D round. As you can tell from the release, the company is overjoyed with the cash infusion. From my perspective given that this market sector is already consolidating, I’d expect an acquisition in another year or so. (Not necessarily a bad thing. Founders are always looking toward an exit these days.)

Series D financial round, co-led by Bessemer Venture Partners and Standard Industries’ investment platform 40 North, breaks record for largest investment in industrial cybersecurity to date.

Claroty, the industrial cybersecurity company, today announced it has secured $140 million in a Series D financial round. The round marks the largest investment ever made within the industrial cybersecurity sector, establishing Claroty’s market leadership as the world grapples with an uptick in cyber attacks on critical infrastructure in recent months. The new funding will be used to accelerate the company’s expansion into new verticals and regions, as well as to further enhance its best-in-class product portfolio.

The round is co-led by Bessemer Venture Partners’ Century II fund, which is specifically designed for growth-stage market leading companies that will define the next century, and 40 North, the related investment arm of privately held global industrial company Standard Industries. Additional strategic investors include LG, the global innovator in technology and manufacturing, and I Squared Capital’s ISQ Global InfraTech Fund. All previous investors, including Team8 and long-time customers and partners Rockwell Automation, Siemens, and Schneider Electric, have also participated. The round brings the company’s total funding to $235 million.

“Our mission is to drive visibility, continuity, and resiliency in the industrial economy by delivering the most comprehensive solutions that secure all connected devices within the four walls of an industrial site, including all operational technology (OT), Internet of Things (IoT), and industrial IoT (IIoT) assets,” said Yaniv Vardi, CEO of Claroty. “With this new investment from the most prestigious firms in the world, we have the financial runway to execute on our proven product strategy in a hyper-growth market, with a world-class leadership team and a strong ecosystem of partners to take us there.”

There has been a clear and distinct shift since 2020 in the frequency and impact of cyber attacks against organizations that underpin the world’s critical infrastructure and supply chains. According to Cybersecurity Ventures, global ransomware damage costs are predicted to exceed $265 billion by 2031, up from $20 billion in 2021. As these incidents show no signs of slowing, Claroty’s new investment has firmly positioned the company at the forefront of the market with the resources, experience, and capabilities needed to shore up industrial cyber defenses for the future.

Claroty is trusted by the world’s leading organizations to protect their industrial assets, connections, and processes, with deployments in thousands of locations and facilities across all seven continents. For example, the company has worked closely with Pfizer to secure its COVID-19 vaccine supply chain in its race to meet unprecedented global demand. 

The round is the latest in a series of milestones for the company, including: 

  • 133% expected year-over-year (YoY) growth in new annual recurring revenue from 1H 2020 to 1H 2021
  • 110% YoY net new logo growth and 100% customer retention, including Coca-Cola EuroPacific Partners (Australia, Pacific, Indonesia) and IRPC Public Company Limited
  • 80 new employees hired in the Americas, EMEA, and APAC in 2021; on track to grow headcount by nearly 50% by end of year
  • Expanded partner coverage by 50% in 2020 with the addition of Deloitte, KPMG, PwC, CrowdStrike, Atos, Yokogawa, and others to its new FOCUS Partner Program
  • Released Claroty Edge, a new, patent-pending addition to The Claroty Platform and the industry’s first zero-infrastructure industrial cybersecurity solution
  • Named winner of ‘Best IOT/IIOT Security Solution’ in SC Awards Europe 2021
  • With over 120 ICS vulnerability disclosures to date, the Claroty Research Team leads the ICS threat research industry by far, helping Claroty’s strategic partners to deliver more secure products

Claroty will use the funds to meet rapidly accelerating global demand for The Claroty Platform’s visibility, threat detection, risk and vulnerability management, and secure remote access capabilities by expanding into new verticals and regions, growing global headcount, bolstering its commitment to securing IoT devices, and further empowering customers’ journey to the cloud.

“We launched Bessemer’s growth fund to invest specifically in clear market leaders,” said David Cowan, partner at Bessemer Venture Partners. “We are focused on helping the next generation of category-defining companies that have standout product-market fit, scalability, and a strong executive team. Since our first investment in Claroty in 2016, the company has continued to demonstrate that it has the best vision, team, and technology to address the unique challenges in the critical infrastructure security sector.”

“David Winter and I are passionate about investing in high-potential companies, especially those focused on building the industrial future,” said David Millstone, co-CEO of Standard Industries and co-CIO of 40 North. “Cybersecurity is a crucial component of that effort, and Claroty has proven itself as the most experienced, innovative, and visionary company in this industry. We look forward to working with its top-notch team to secure the new industrial revolution.”

About Claroty

Claroty is the industrial cybersecurity company. Trusted by the world’s largest enterprises, Claroty helps customers reveal, protect, and manage their OT, IoT, and IIoT assets. The company’s comprehensive platform connects seamlessly with customers’ existing infrastructure and programs while providing a full range of industrial cybersecurity controls for visibility, threat detection, risk and vulnerability management, and secure remote access—all with a significantly reduced total cost of ownership. Claroty is backed and adopted by leading industrial automation vendors, with an expansive partner ecosystem and award-winning research team. The company is headquartered in New York City and has a presence in Europe, Asia-Pacific, and Latin America, and deployments on all seven continents. 

Linux Foundation Launches Research, Training, and Tools to Advance Adoption of Software Bill of Materials

My latest podcast topic contains thoughts on open source. This announcement from The Linux Foundation merges open source with the latest concerns about cybersecurity with several product launches regarding the Software Bill of Materials (SBOM). The industry continues to take small steps toward security. When a community gathers to work on a solution, it’s a big help.

Home to the industry’s most supported open standard for exchanging information about what is in software – SPDX – the Linux Foundation brings its complete resources to bear to support private and public sector supply chain security 

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced new industry research, a new training course, and new software tools to accelerate the adoption of Software Bill of Materials (SBOMs). 

President Biden’s recent Executive Order on Improving the Nation’s Cybersecurity referenced the importance of SBOMs in protecting and securing the software supply chain.

The de-facto industry standard, and most widely used approach today, is called Software Package Data Exchange (SPDX). SPDX evolved organically over the last ten years to suit the software industry, covering issues like license compliance, security, and more. The community consists of hundreds of people from hundreds of companies, and the standard itself is the most robust, mature, and adopted SBOM in the market today. 

“As the architects of today’s digital infrastructure, the open-source community is in a position to advance the understanding and adoption of SBOMs across the public and private sectors,” said Mike Dolan, Senior Vice President and General Manager Linux Foundation Projects. “The rise in cybersecurity threats is driving a necessity that the open-source community anticipated many years ago to standardize on how we share what is in our software. The time has never been more pressing to surface new data and offer additional resources that help increase understanding about how to generate and adopt SBOMs.” 

An SBOM is an account of the components contained in a piece of software. It can be used to ensure developers understand what software is being shared throughout the supply chain and in their projects or products and supports the systematic review of each component’s licenses to clarify what obligations apply to the distribution of the supplied software.

SBOM Readiness Survey

Linux Foundation Research is conducting the SBOM Readiness Survey. It will examine obstacles to adoption for SBOMs and future actions required to overcome them related to the security of software supply chains. The recent US Executive Order on Cybersecurity emphasizes SBOMs, and this survey will help identify industry gaps in SBOM application. Survey questions address tooling, security measures, and industries leading in producing and consuming SBOMs, among other topics. For more information about the survey and to participate, please visit {Hilary blog}. 

New Course: Generating a Software Bill of Materials

The Linux Foundation is also announcing a free, online training course, Generating a Software Bill of Materials (LFC192). This course provides foundational knowledge about the options and the tools available for generating SBOMs and how to use them to improve the ability to respond to cybersecurity needs. It is designed for directors, product managers, open-source program office staff, security professionals, and developers in organizations building software. Participants will walk away with the ability to identify the minimum elements for an SBOM, how they can be assembled, and an understanding of some of the open-source tooling available to support the generation and consumption of an SBOM.

New Tools: SBOM Generator

Also announced today is the availability of the SPDX SBOM generator, which uses a command-line interface (CLI) to generate SBOM information, including components, licenses, copyrights, and security references of your software using SPDX v2.2 specification and aligning with the current known minimum elements from NTIA. Currently, the CLI supports GoMod (go), Cargo (Rust), Composer (PHP), DotNet (.NET), Maven (Java), NPM (Node.js), Yarn (Node.js), PIP (Python), Pipenv (Python), and Gems (Ruby). It is easily embeddable in automated processes. It is easy to embed in automated processes such as continuous integration (CI) pipelines and is available for Windows, MacOS, and Linux.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open-source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration.

Industrial Controls Market Partnership of Process Automation and Cybersecurity

Partnerships remain crucial for success in today’s industrial market. This seems especially true for cybersecurity firms who need ways into integrating security into operational technology. This is the story of one such partnership.

Horizon Controls Group, a global digital process automation solutions and consultancy company, has announced a formal agreement with Verve Industrial, a leader in operational technology and industrial control systems (OT/ICS) cyber security technology and consulting solutions. This partnership allows both companies to expand collaboratively into new areas of highly sophisticated service and technology delivery engagements with manufacturing and research organizations in pharmaceutical, biopharmaceutical, and other life sciences. 

The increased publicity and attention to the unprecedented achievements of the pharmaceutical industry during the global pandemic have significantly increased the potential cyber-related threats to this critical infrastructure. While energy and other utilities such as water treatment have historically been targets of advanced persistent threats (APTs) from highly resourced, nation-state, or terrorist-backed organizations, the value of the pharmaceutical sector is increasingly apparent and, in many cases, lags the security posture that has developed in these other industries. 

Verve Industrial’s OT/ICS cyber security products and support services were selected by Horizon Controls Group as a powerful, targeted, and holistic solution to manage the sprawling ecosystem of myriad automation applications employed at any given pharmaceutical facility. 

“Horizon Controls Group provides consultation, design, execution, and support for the full project life cycle of automation process control systems (PCS), building automation systems (BAS), manufacturing execution systems (MES), and process historians, using industry standards and best practices,” said Youssef El-Bahtimy, Automation Information & Systems Manager at Horizon Controls Group. “Our team integrates data integrity, resiliency, manageability, and security principles into every project, not as an afterthought, bolt-on, or cost adder, but in a proactive quality by design (QbD) manner.”

El-Bahtimy continued: “We believe this is the new standard for a modern systems integrator, and a key differentiator to becoming more than just a service provider – being the trusted adviser that our clients require. We see the Verve Security Center (VSC) and the expertise of Verve Industrial’s team as an invaluable and versatile way to solve the challenges posed by the unique security, situational awareness, and manageability environment of the OT space.” 

“We are quite excited to join forces with Horizon Controls Group,” said Rick Kaun, VP of Solutions at Verve Industrial. “Their ‘trusted adviser’ status within their client base combined with their deep OT systems control abilities are a perfect match for the power and insight provided by our industry-leading VSC platform.”

About Horizon Controls Group
Horizon Controls Group is a full-service digital process automation company offering solutions including engineering design, systems integration, cyber security, and customized training. With corporate headquarters in Blue Bell, Pennsylvania, its European subsidiary is based in Cork, Ireland.

About Verve Industrial
Verve Industrial Protection has ensured reliable and secure industrial control systems for 25 years. Its principal offering, the Verve Security Center, is a unique, vendor-agnostic OT endpoint management platform that provides IT-OT asset inventory, vulnerability management, and the ability to remediate threats and vulnerabilities from its orchestration platform. Verve Industrial’s Design-4-Defense professional services support clients in ensuring their OT environments are designed and operated in a secure manner.

Claroty Unveils Zero-Infrastructure Cybersecurity Solution to Protect Industrial Enterprises

Finally, a cybersecurity news release that doesn’t try to jump on the latest cyber breach bandwagon. Interesting advance for cyber security.

New Claroty Edge and enhanced Continuous Threat Detection give customers faster, easier, more-flexible paths to achieve wide range of industrial cybersecurity objectives

Claroty has announced Claroty Edge, a patent-pending addition to The Claroty Platform that delivers 100% visibility into industrial networks in minutes without requiring network changes, utilizing sensors, or having any physical footprint. Combined with enhancements to its Continuous Threat Detection (CTD) solution – including CTD.Live, a SaaS-based deployment option, and new features for scalable deployments – Claroty now offers a complete portfolio of solutions that meet enterprises wherever they are on their industrial cybersecurity journey.

“Network security in operational technology (OT) and industrial Internet of Things (IIoT) environments means security products that can speak and understand the many proprietary industrial protocols and provide both security operations center staff with increased visibility of the full operations and OT personnel with actionable information,” said Romain Fouchereau, research manager, European Security at IDC. “The ability to perform comprehensive network monitoring without needing to invest in extra sensors or other supporting components can help maintain system resiliency, especially in large, highly distributed organizations.”

As there’s no such thing as a one-size-fits-all industrial network, organizations require cybersecurity solutions that can evolve with their objectives, without burdening their infrastructure or personnel with unnecessary hardware, complex configurations, lengthy deployments, or steep learning curves. The new and enhanced Claroty Platform achieves this by giving customers faster, easier, more-flexible paths to achieve the industrial cybersecurity objectives that are most important to them.

“The recent cyber incidents with Colonial Pipeline and the Oldsmar, Florida water supply have underscored the need for asset owners and operators to mature their cybersecurity programs and make ‘eyes wide open’ decisions about the risks to their critical and vulnerable assets,” said Grant Geyer, chief product officer of Claroty. “Cyber risks to industrial control systems have consequences not only for the organization, but also for public safety and the global supply chain, so every industrial enterprise has an obligation to start their cybersecurity journey. With Claroty’s enhanced platform, organizations can take advantage of the capabilities that are right for their needs today, and can evolve as the threat landscape changes and their cybersecurity programs mature.”

Key Features and Functions

With these new additions and enhancements, The Claroty Platform has evolved to reveal, detect, protect, and connect any deployment structure, at any scale, in rapid time:

  • Claroty Edge is the industry’s first zero-infrastructure industrial cybersecurity solution, functioning as a highly flexible edge-data collector to deliver 100% visibility in minutes, with a simple, easy setup and absolutely no network footprint. It equips customers to discover a complete OT, IoT, and IIoT global asset inventory, as well as identify and manage the vulnerabilities and risks affecting those assets.

Claroty Edge is an optimal entry-point for those who are just beginning their industrial cybersecurity journey, as well as an exemplary scalable solution for those expanding their existing coverage to air-gapped, remote, smaller, or differently prioritized sites.

Beyond this, customers can leverage it to conduct audit requests and report compliance for industrial networks, M&A due diligence on target third-party environments, and faster and more effective incident response.

  • CTD.Live is a SaaS-based deployment option for enterprises embracing the cloud as a core component of their industrial cybersecurity strategy. It is uniquely suited to support robust digital transformation initiatives because it is fast, scalable, and ensures CTD’s visibility and threat detection capabilities are always up to date. CTD.Live also reduces total cost of ownership by eliminating certain hardware requirements and extending inventory, risk and vulnerability, and monitoring coverage to newly added assets automatically as customer networks expand.
  • CTD version 4.3 provides greater flexibility in how critical asset, alert, and risk data can be accessed, managed, and manipulated, both directly within CTD and via integrations with third-party SIEM providers. It includes new options for segmentation via Virtual Zones, enabling customers to further customize and fine-tune their segmentation and alerting policies for stronger, more accurate detection of risky communications and other indicators of malicious activity.
  • Secure Remote Access (SRA): The scalability of all of these capabilities increases by combining CTD.Live with Claroty’s SRA solution, which provides internal and third-party personnel with frictionless, reliable, and highly secure access to industrial networks. Customers can also use Claroty Edge to blueprint and optimize SRA deployments, thereby reducing the time and resources required for full implementation.

“We needed an OT tool that complements Claroty CTD’s real-time monitoring to reveal the unreachable blind spots in Pfizer’s main manufacturing environments. With Claroty Edge, we attained this faster than ever imagined,” said Jim LaBonty, head of global automation engineering at Pfizer. “Its unique offering and approach deliver a complete, detailed inventory of all OT and IoT assets in both integrated and standalone networks, in a matter of minutes and with a few clicks. This would have otherwise taken several weeks. Claroty Edge takes the heavy lifting out of managing the plethora of OT assets in production and empowers us to better secure our production environments.”

Claroty Edge is generally available now, while CTD.Live and CTD 4.3 will be available in July 2021. To learn more about The Claroty Platform, pleaserequest a demo.

RSA Security Conference And Security Thoughts

The first few weeks of May were Security weeks at The Manufacturing Connection. In preparation for the May 17-20 RSA Security Conference, I interviewed Ron Brash, Director of Cyber Security Insights at Verve Industrial. This was supposed to be an introduction to his talk at the security conference, so I didn’t take detailed notes. Unfortunately, 10 days later I discovered that my pass to the conference was “insecure”, and I could only view keynotes. I was blocked out of Brash’s presentation (which I’m sure was very good).

Verve Industrial

We talked about how control engineers and vendors were historically lazy about security. If anyone thought about it at all, they figured that not being connected outside was sufficient protection. (Although I might add as a side note a customer story. I sold a certain prominent brand of PLCs in the mid-90s. My top customer was a major automotive engine plant, who, unfortunately, used a rival PLC. However, I thought I might have an opening when I walked into the control engineering area of the office and saw everyone gathered around a PC. It seems that an update from my rival contained malware. It infected all the PCs. So, even in the early days there were security holes.)

Brash noted that the advent of IIoT to the Cloud punched a hole in the supposed safety gap opening up a potential security intrusion path.

He also talked about the need for a good asset inventory, as well as, a solid management of change program.

Following are some notes from his blog:

Imagine for a moment flawless code.  Picture the most technologically complex system operating without issue.  Conjure a single, silver-bullet solution that will save humankind from itself. Hard to imagine, right?

Thanks to the way devices are designed, engineered, developed, maintained, and sold, embedded systems, like any other enterprise computing product, will be flawed.  While there have been major improvements in code analysis, fundamental software design problems continue to slip through into production. Most programmers remain woefully inept at making good security decisions in the development stage and profit-motivated vendors have little appetite to address that shortcoming.

If you’re now panicking at the scope of embedded systems insecurity, take heart.  Not all devices are easily exploitable or they are exploitable only under certain conditions largely affected by how you deploy and configure them.

One key to addressing the challenge is to get ahead of the embedded security problem before it gets a foothold in the organization. Owners must insist on robust security during procurement, design of solutions, and throughout cybersecurity factory acceptance and site testing. This way, OEMs and vendors will learn they cannot continue unchallenged.  Trust, but always verify.

As a community, we should not let poorly secured products gain traction in the market. We must demand security as a necessary feature.  Software engineers and developers take note – even if you are a cog in the machine, we are all affected; especially when embedded devices become integral to the systems responsible for our lights, our water, our health, our daily lives.

RSA Security Conference

Twice this month I have heard the famous World War II airplane analysis cited as an example. It seems that the Allies were losing a large number of bombers flying over Germany. So, the generals commissioned a study. The analysts studied the planes returning from their bombing runs plotting where all the bullet holes were. The thought was to add additional armor to those areas to protect the plane.

Then someone with a broader vision noted an obvious fact—all of these planes made it back. All the bullets had struck nonessential areas of the plane. What needed additional protection were the other areas.

The first keynote pointed out these important thoughts:

  • Use a risk-based approach—Protect the areas with the greatest risk
  • Zero trust
  • Segment networks
  • Prepare for chaos

This was followed by three points:

  • Security risk feature out of focus—prioritize
  • Legacy systems slowing us down, need for thought diversity
  • Security is not a solo sport

Or, as Angela Weinman of VMWare summarized:

  • Zoom Out
  • Throw Out
  • Reach Out