Data-driven CIARA helps security teams, MSSPs, Auditors, and Consultants proactively manage cyber risk and build resilient operations while complying with risk management directives and regulations like NIS2, IEC 62443, and NIST CSF, and industry best practices.
Features
BREACH & ATTACK SIMULATIONS
Threat-intelligence-based Breach & Attack Simulations on network digital twin
PER-ZONE KEY INDICATORS
Per-zone key indicators for Risk, Threat & Control levels
ROI-OPTIMIZED MITIGATION
ROI-optimized mitigation plan based on user preferences & budget
IMPLEMENTATION
Optimized hardening plan
RICH REPORTS
Customizable reports for risk posture and compliance auditing
COMPLIANCE
NIS2, IEC 62443, NIST CSF, and industry best practices
EFFECTIVE RISK MANAGEMENT FOR TODAY’S CYBER PHYSICAL SYSTEMS (CPS)
CIARA automatically discovers and learns key risk indicators and accurately evaluates security posture and risk per site and overall. It determines how to direct the OT security budget to maximize the effectiveness of threat-mitigation measures.
AUTOMATED, FREQUENT, ACCURATE RISK ASSESSMENTS
CIARA delivers prompt, automatic, accurate, and compliant risk assessments, slashing assessment and audit time. Automatically ingesting relevant data from the network and operations, it assesses risk accurately, rapidly, and unobtrusively. CISOs, MSSPs, auditors, and consultants can run safe risk assessments as frequently as desired to measure security posture and track cyber progress.
UNDERSTANDING RISK ACROSS THE OPERATION
Highly scalable CIARA’s calculations, outputs, and displays are applied across the operation and to each industrial site. With consolidated visibility of the entire operational network, security staff can quickly view overall risk scores and drill down to each region, site, and network for finer granularity. Flexible and customizable dashboards and reports simplify understanding and presentation to stakeholders.
OPTIMIZED SECURITY ROADMAP AND CYBER SPEND
CIARA’s risk-mitigation planner helps security stakeholders prioritize controls to meet risk goals taking into consideration budgetary constraints. By following CIARA’s mitigation roadmap, operators are able to divert expenditure from mitigations which marginally reduce risk – given actual threats to networks, assets, and operations – to those that produce the greatest cybersecurity ROI. When a new attack tactic or vulnerability is published, CIARA can check the potential impact on the network and operation, and direct the security team to undertake effective defense tactics.
ALWAYS CURRENT WITH THE ENVIRONMENT
CIARA provides network visibility tables and reports, displaying all network segments, zones, conduits, assets, asset properties, protocols, links, and vulnerabilities. As the environment changes, data-driven CIARA automatically updates its knowledgebase.
GUIDING THE COMPLIANCE JOURNEY AND CLOSING THE GAPS
CIARA’s value increases over time. As it delivers historical and long-term perspectives, CIARA reveals compliance improvements, deteriorations,
and trends. The outcomes of CIARA’s risk assessments include key indicators for risk, threat, and control levels. CIARA produces a comprehensive hardening plan (ISA/IEC 62443-compliant), prioritized by each mitigation control’s contribution to achieving risk management goals. Best practice and tailored practical playbooks provide step-by-step instructions to help teams mitigate vulnerabilities, demonstrate compliance, and ensure operational resilience.
CIARA AND NIS2
NIS2 requires subject companies to adopt “policies and procedures to assess the effectiveness of cybersecurity risk management measures.” CIARA is a complete OT Risk Management solution that maintains compliance with the new, stringent directive.
HOW IT WORKS
CIARA builds a digital twin of the network. It then employs a Machine Learning-driven, virtual breach-and-attack simulation (OT-VBAS) for assessing risk based on the latest threat intelligence and vulnerabilities. Using multitudes of current data points for network, asset, locale, industry, adversary capabilities, and attack tactics, and more, OT-VBAS simulates a wide array of security controls against relevant known threats, factored against a host of common OT risk scenarios such as loss of availability, loss of control, and loss of data. It calculates the likelihood of attacks and the effectiveness of corresponding risk-mitigation measures – both installed and proposed – per asset and zone, appraising the impact of attacks on a variety of prioritized business processes.
Users can control attack vectors such as source or destination and they can create adversary and loss scenarios. CIARA determines and displays top insights, attack routes, techniques used, and exploitable CVEs.
CIARA’s threat mapping, based on its breach & attack simulation results
CIARA OT-VBAS answers questions like:
How can a specific Advanced Persistent Threat (APT) take control over a certain engineering station?
What is the likely kill chain of an adversary who would attempt to impair safety in the cooling zone?
What are the potential threats and vectors from LockBit ransomware?
What is the likelihood of losing control of a certain PLC?
Security analysts can use CIARA proactively by proposing specific mitigations whereupon it will promptly calculate their contribution to reducing risk.
Inputs
CIARA’s data sources include:
iSID-generated or other digital image of the OT network
CIARA uses geo-location, among many other factors, to calculate risk, threat and control levels
OUTPUTS
The outcomes of CIARA’s simulations are key indicators for risk, threat, and control levels with a comprehensive hardening plan, prioritized by each mitigation control’s contribution to achieving risk management goals. In addition, it produces a variety of rich, granular OT-security reports clearly structured for all types of stakeholders, regulatory bodies, auditors, and other interested parties.
CIARA AND THE RADIFLOW PLATFORM
In a Radiflow platform implementation, CIARA is managed from the iCEN central manager that also automates its ingestion of inputs and periodic/on-demand running of risk assessments per site and overall. Results display on the iCEN console from where deeper investigations can take place.
CIARA can also be implemented as a stand-alone risk-management solution with its own management console.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.