Radiflow launches CIARA as first risk analysis platform based on ISA/IEC 62443 framework
Cyber Industrial Automated Risk Analysis (CIARA) helps industrial automation and control system users to dramatically streamline risk reduction planning and compliance for improved cyber risk posture
Tel Aviv, Israel August 4th, 2020 – Radiflow, a leading provider of cybersecurity solutions for industrial automation networks, today announced the launch of CIARA, a major new platform offering Cyber Industrial Automated Risk Analysis (CIARA). The solution helps meet emerging best practice around risk modelling and management using the ISA/IEC 62443 series of standards.
CIARA is the first fully automated tool for assets data collection, data-driven analysis and transparent risk metrics calculation including risk scoring per zone and business process based on business impact. The new platform is a response to the growing digitization of the production floor (Industry 4.0) that has led to rising tide of cyber threats – while risk assessment processes remain manual tasks that fail to address the full scope of the issue.
CIARA is a next-generation Cyber risk platform intended to support the CISO, Operation manager and other risk stakeholders that act to reduce cyber risk in Industry 4.0 environments using advanced analysis algorithms to automate and manage the entire cybersecurity risk life cycle.
The solution adheres to the ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC), which provides framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs). In addition the CIARA reports assists the operators to meet regulations including the EU NIS Directive and elements of NERC CIP Cybersecurity Requirements with additional support for the NIST Cyber-Security Framework under development.
“Risk assessment is currently a complex and time-consuming process that for the most part revolves around spreadsheets and subject matter expertise which is cumbersome and prone to human error,” said Rani Kehat, Radiflow BVP Business Development. “Worse still, the threat landscape is changing continuously which means a yearly or bi-yearly risk assessment quickly becomes out of date – leading to a false sense of security. With CIARA, industrial organizations can now perform continuous assessment of their cyber-security risks and base cybersecurity expenditure planning in direct correlation to the potential loss, backed up with quantitative data.”
Yehonatan Kfir, CTO at Radiflow, also highlight the complexity that CIARA helps to overcome, “CIARA automates the process of examining hundreds of the most commonly used security controls, against simulation of hundreds of cyber threat types while modelling against dozens of features for the digital network models including protocols, vulnerability, firmware versions, topology, device type and many others. These risk assessments are then factored against common OT risk scenarios including loss of availability, loss of control, damage to property and other. The result is a matrix of potentially tens of thousands of permutations that can’t be analysed by humans while CIARA is able to evaluate it and provide comprehensive reports in a few minutes.”
CIARA is continually updated with assets data from the field and a threat intelligence feed that is based on multiple sources including the MITRE ATT&CK™ knowledge-base of adversary capabilities, tactics and techniques.
Visibility and planning
Ilan Barda, CEO for Radiflow, commented: “For many of our customers that are the new to the area of ICS/SCADA Cyber Security, CIARA dramatically speeds up the risk management process by utilising the methodology and structure of ISA/IEC 62443 – a standard that is likely to become a mandated requirement in the future.”
“There is also significant budgetary pressure in the post COVID-19 business environment, and planning capabilities to help better assign scarce resources are another driving force for the adoption of better risk assessment processes,” Barda adds.
CIARA has been BETA tested successfully by several existing Radiflow customers and partners including a top 5 global consultancy firm and is now available for new customers with an easy demo offering
Radiflow develops trusted industrial cybersecurity solutions for critical business operations. The company offers a complete portfolio of game-changing solutions for ICS/SCADA networks that empowers users to maintain visibility and control of their OT networks, including an Intelligent Threat Detection tool that passively monitors the OT network for anomalies as well as Secure Gateways that protect OT networks from any deviations from set access policies. Radiflow’s team consists of professionals from diverse backgrounds from cyber-experts from elite military units and automation experts from global industrial vendors and operators. Radiflow solutions have been successfully deployed in over 4,000 sites by major utilities and industrial enterprises worldwide and have been validated by leading research labs. For more information, please visit www.radiflow.com and follow the company on LinkedIn.
The Message Machine
+44 (0) 7887 682943