The Radiflow Security Blog

Radiflow launches CIARA, automated risk analysis platform based on ISA/IEC 62443 framework

August 4, 2020

Radiflow today released CIARA (Cyber Industrial Automated Risk Analysis) the first fully automated tool for assets data collection, data-driven analysis and transparent risk metrics calculation including risk scoring per zone and business process based on business impact.

The new platform is a response to the growing digitization of the production floor (Industry 4.0) that has led to rising tide of cyber threats – while risk assessment processes remain manual tasks that fail to address the full scope of the issue.

Serving as a stakeholder decision-support tool, CIARA empowers CISOs and owners of complex ICS environments to increase the effectiveness of their risk-mitigation measures throughout the entire system lifecycle, ­while significantly reducing cybersecurity expenditure.

CIARA employs a fully-automated, data-driven risk assessment algorithm, which calculates the actual monetary/HSE impact of each risk-mitigation measure, using thousands of data points for network, asset, locale, industry, adversary capabilities and attack tactics.

The weighted data is used to run network-wide attack simulations and inter-asset attack vectors. The ultimate result is a comprehensive real-world assessment report, as well as risk prioritization and recommendations for mitigation.

The result is a comprehensive mitigation roadmap (fully ISA/IEC 62443-compliant), prioritized by each mitigation control’s contribution to overall risk reduction, thus maximizing the impact of cybersecurity expenditure.

CIARA’s business-driven approach to risk analysis allows assessing for and setting different target risk levels per business process/network zone