TMCnet News
38% of Riskiest Cyber-Physical Systems Overlooked by Traditional Vulnerability Management Approaches, Claroty's Team82 FindsClaroty Launches CPS-native Exposure Management Solution to Reveal and Prioritize Risks Facing Critical Systems NEW YORK and SAN FRANCISCO, May 7, 2024 /PRNewswire/ -- Claroty, the cyber-physical systems (CPS) protection company, today released new proprietary data revealing that 38% of the riskiest CPS assets are overlooked by traditional approaches to vulnerability management, illuminating a major blind spot that is ripe for exploitation by threat actors. To address this blind spot, Claroty is introducing a complete built-for-purpose CPS exposure management solution, empowering organizations to minimize their attack surface by prioritizing the most immediate threats. Organizations Are Blind to Some of Their Riskiest Exposures To understand the scope of exposure and the associated risk facing CPS environments, Claroty's award-winning research group Team82 analyzed data from over 20 million operational technology (OT), connected medical devices (IoMT), IoT, and IT assets in CPS environments. The research focused on assets that are defined as "high risk," have an insecure internet connection, and contain at least one Known Exploited Vulnerability (KEV). Researchers defined "high risk" as having a high likelihood and high impact of being exploited, based on a combination of risk factors such as end-of-life state, communication with insecure protocols, known vulnerabilities, weak or default passwords, PII or PHI data, consequence of failure, and several others. Key findings include:
"It's important to understand the implications of any number higher than zero when measuring the risk associated with hyper-exposed assets used to control systems like the power grid or deliver life-saving patient care," said Amir Preminger, vice president of research for Claroty's Team82. "Organizations must take a holistic approach to exposure management that focuses on the ticking time bombs in their environment, because even if they somehow mastered the impossible task of addressing every single 9.0+ CVSS vulnerability, they'd still miss nearly 40% of the most dangerous threats to their organization." Learn more about Team82's findings in "The CPS Blind Spot" report. Closing the Gap with CPS-native Exposure Management According to Gartner®, "Security leaders always look for improved frameworks and tools for reducing their cybersecurity risks. This includes a shift from a preventative-only approach to more mature, strategy-augmenting-preventative controls with detection and response capabilities. Previous approaches to managing the attack surface are no longer keeping up with digital velocity — in an age where organizations can't fix everything, nor can they be completely sure what vulnerability remediation can be safely postponed. Continuous threat exposure management (CTEM) is a pragmatic and effective systemic approach to continuously refine priorities, walking the tightrope between those two impossible extremes."2 To meet the evolving needs of manufacturing, healthcare, and other critical infrastructure organizations, Claroty is introducing a complete built-for-purpose CPS exposure management solution that Claroty believes aligns to the Gartner CTEM framework. The solution further equips customers to understand their current CPS risk posture, allocate their existing resources to improve it more efficiently and effectively, and ultimately accelerate their journey to CPS security maturity – no matter their starting point. Key capabilities include:
"Taking a vulnerability-focused view alone doesn't help organizations focus on what matters most, leaving true exposures that can put safety and availability at risk," said Grant Geyer, chief product officer at Claroty. "Reducing risk requires an evolution from a traditional vulnerability management program to a more focused and dynamic exposure management program that considers unique CPS asset characteristics and complexities, unique operational and environmental constraints, organizational risk tolerances, and desired outcomes of the CPS cyber risk program." To learn more about Claroty's CPS-native exposure management solution:
About Claroty
Media Contact: View original content to download multimedia:https://www.prnewswire.com/news-releases/38-of-riskiest-cyber-physical-systems-overlooked-by-traditional-vulnerability-management-approaches-clarotys-team82-finds-302137988.html SOURCE Claroty |