Claroty, the company specializing in the protection of cyber-physical systems (CPS), has revealed alarming data indicating that 38% of the most risky CPS assets are not detected by traditional vulnerability management approaches. This discovery highlights a significant security gap that could be exploited by cybercriminals. To address this problem, Claroty has launched a comprehensive CPS exposure management solution, specifically designed to help organizations reduce their attack surface by prioritizing the most immediate threats.
Organizations Unaware of Some of Their Riskiest Exposures
Claroty’s research group, Team82, analyzed data from over 20 million operational technology (OT), Internet of Medical Things (IoMT), IoT, and IT assets in CPS environments. The research focused on assets defined as “high-risk”, which have an insecure internet connection and contain at least one Known Exploited Vulnerability (KEV). These high-risk assets are those with a high probability and impact of being exploited, based on factors such as end-of-life status, communication with insecure protocols, known vulnerabilities, weak or default passwords, personal or health data, among others.
Key Findings
– 20% of OT and IoMT devices have CVSSv3.1 scores of 9.0 or higher: This traditional vulnerability management approach is overwhelming and resource-intensive, especially for CPS assets with limited windows to apply patches.
– 1.6% of OT and IoMT devices are defined as “high-risk”: These devices have an insecure internet connection and contain at least one KEV, representing an imminent danger to organizations.
– 38% of ultra-high-risk OT and IoMT devices do not have a CVSS score of 9.0 or higher: These assets go unnoticed by traditional vulnerability management methods, despite being highly exposed to potential attacks.
Amir Preminger, Vice President of Research at Team82, emphasized the importance of these findings: “It is crucial to understand the implications of any number greater than zero when measuring the risk associated with hyper-exposed assets that control critical systems like the power grid or patient care. Organizations must adopt a holistic exposure management approach that focuses on the most immediate threats.”
Closing the Gap with CPS Exposure Management
To meet the evolving needs of sectors such as manufacturing and healthcare, Claroty has introduced a CPS exposure management solution designed to align with Gartner’s CTEM framework. This solution enables organizations to understand their current CPS risk posture, allocate resources more efficiently, and accelerate their path to CPS security maturity.
Key Capabilities
– Inclusion of CPS devices in exposure management programs: Using multiple data collection methods and tailored risk calculations that consider the relative business value of different aspects of the production process.
– Discovery and assessment of CPS vulnerabilities: Identification and profiling of all CPS assets using flexible discovery methods, including Claroty Edge and associated SBOMs.
– Prioritization of support for critical CPS processes: Actionable recommendations that prioritize remediation efforts based on quantified results.
– Secure validation of exposure scenarios: Investigation of exploitability using VEX files and other discovery tactics.
– Optimization of remediation and program mobilization: Integration with leading cybersecurity solutions and IT/OT asset management to streamline risk management processes.
Grant Geyer, Claroty’s Director of Products, noted: “Focusing solely on vulnerabilities does not help organizations focus on what truly matters, leaving true exposures that can jeopardize security and availability.”
Press release from Claroty.