OT risk platform allows attack simulations through digital twin – Technologist

OT facilities and production sites don’t have the capability to temporarily shut down operations for CISOs to run simulated attacks since it may take days to stop and then restart operations entirely.

Radiflow has introduced the Cyber Industrial Automated Risk Analysis Platform (CIARA), which allows for a digital twin of multiple facilities to be created on the same UI in order for security and risk teams to execute OT-BAS (Breach & Attack Simulations) in a global enterprise view.  The  new enterprise-level risk management system for OT facilities allow CISOs to view all their sites in one dashboard.

This takes the guesswork out of OT by letting teams anticipate the impact of potential threats via simulations of known attacks from a continuously updated global database. They can then simulate WHAT-IF scenarios of mitigations to decide which course of action would be most suitable in light of the changes in the threat landscape.

While this has been a common practice to prepare for attacks in the IT world through twin-network simulations, it is the first time that an OT environment can benefit from this proven strategy. CIARA offers a first-of-its-kind, non-intrusive breach attack simulator that takes into account the business importance of each site so the CISO can find the most vulnerable points on their industrial automation networks across all their sires, allowing them to practice the most effective mitigation tools.

The ability to configure business importance for each site and benchmark top sites in a central dashboard – while allowing site managers to view their individual risk posture and optimise their security roadmap – is  a major step in securing potential vulnerabilities across multiple facilities. Allowing CISOs to continuously monitor and simulate vulnerabilities, based on recent attacks that have been attempted in their industry or location, has a significant impact on the quality of OT monitoring, without slowing down or stopping critical infrastructure.

“CIARA is now a central environment where CISOs can evaluate proven security techniques against the latest threats without tampering with their existing network”, said Ilan Barda, founder & CEO of Radiflow. “Using the revolutionary all-in-one dashboard to keep an eye on all global operations is a critical step to preventing any cyberattack on vital OT facilities.”

Based in Tel-Aviv, Radiflow work directly with managed security service providers to oversee the discovery and management all relevant data security points. The company’s solution is currently installed in over 5,000 sites worldwide.

Its newest CIARA software release was recognized as a vendor in the Cyber-Physical Systems (CPS) risk management category, which is in the Innovation Trigger of the Gartner® report titled, “Hype Cycle™ for Cyber and IT Risk Management”, 2021. Since its release, CIARA has earned acclaim for its capabilities in providing a data-driven approach to OT Security, especially following multiple major OT attacks, such as on the Colonial Pipeline and JBS.