I spent three days talking with tech companies at RSA Conference 2024 in San Francisco this May. While every company I spoke with is doing interesting things in security and networking, here are four I plan to keep an eye on.
Claroty – https://claroty.com/
NetRise – https://www.netrise.io/
Netography – https://netography.com/
Zero Networks – https://zeronetworks.com/
Claroty
What:
Claroty provides software to discover, identify, track, and protect industrial control systems, operational technonology (OT), medical devices, and other Internet of Things (IoT) systems.
Why:
There’s a universe of network-connected devices—sensors, industrial controls, medical products—that bridge the gap between the digital and physical realms. These devices have risks; many run outdated software and are hard to patch. They may be deployed with default passwords. They might be invisible to IT security teams because traditional network scans can cause some devices to fail. Attacks that compromise these devices can result in power outages, oil or chemical spills, disrupted manufacturing processes, degraded healthcare delivery, and so on.
Traditionally, Operational Technology (OT) has been a separate discipline from IT. There’s a growing movement to converge the IT and OT worlds so that both disciplines can better understand and manage risks to the organization.
How:
Claroty offers both active and passive discovery and identification of devices. Software can be deployed directly onto assets that will support an agent to get visibility into the asset type, software version, firmware, etc. Network traffic can be redirected by a SPAN port or traffic mirroring. Claroty can examine this traffic to “fingerprint” devices based on the traffic it sends, protocols in use, and so on. Claroty can also import device details from configuration backup files, or from other asset-tracking products such as ServiceNow.
Claroty can also identify communication paths that devices use, track protocol use, and map known vulnerabilities and exploits to devices it has discovered. Claroty can help customers prioritize which devices to remediate, and suggest protection mechanisms such as network segmentation to isolate vulnerable devices.
NetRise
What:
NetRise is a supply chain risk management platform that focuses on compiled code, such as firmware. NetRise analyzes device software, including firmware, for vulnerabilities. It also looks for risks such as hard-coded passwords, the presence of certificates and/or keys, and misconfigurations.
Why:
Compromised firmware can lead to device takeover. Traditional vulnerability scanners may not be able to discern the firmware on a device. And organizations may be operating IoT or industrial control devices that don’t get scanned by vulnerability detection tools. The result is an incomplete picture of device risk.
How:
NetRise provides and reviews Software Bills of Materials (SBOMs) for IoT and OT devices as well as networking equipment such as routers and switches to help companies understand what software components are in these devices and what risks that software might present to the organization.
NetRise gathers product software and firmware from manufacturers, examines all the components to create an SBOM, and examines this software for vulnerabilities and misconfigurations. It also tracks known vulnerabilities via public databases.
The NetRise platform can provide risk scores for devices or software components within devices, and can suggest remediations. It can also help companies monitor whether a device’s software or firmware may be introducing compliance risks. Note that NetRise doesn’t perform asset discovery or inventory management. It works with existing discovery and management tools to understand what devices are present within the organization and then creates SBOMs and risk scores based on what’s listed in the discovery or management tools’ databases.
Netography
What:
Netography is a network observability and zero trust offering delivered via SaaS. It discovers and monitors application and device communications on customer networks, and can alert operators if unwanted or anomalous connections are being made. It can also help organizations identify where gaps exist in segmentation policies and validate that configuration and rule changes to segment traffic are having the intended effect.
Why:
The network is a rich source of information that can help organizations spot communications that may be an indicator of a compromise.
How:
Netography collects flow records and DNS logs from on-prem networks including the data center and campus, and from flow records from virtual networks in the public cloud. It can add context to these sources by pulling in device information from third-party agents such as Crowdstrike via API calls.
All this data goes into the company’s cloud platform. The data is analyzed and used to build a model of all the communications going on in the networks being monitored. Customers use this model to see which devices and applications are communicating, and whether that communication should be allowed.
Netography doesn’t block or alter communication paths; customers have to configure their own network devices or put firewall rules in place. However, customers can use Netography’s model to test changes before putting them into production to see if they have the intended outcome. For more details, see my write-up of Netography.
Zero Networks
What:
Zero Networks provides microsegmentation and zero trust for networks.
Why:
Segmentation and microsegmentation can help harden networks against attackers who have established a presence inside an organization. In addition, segmentation rules may generate alerts, logs, or anomalies that indicate suspicious behavior, such as an attacker trying to map the network or compromise additional devices. Organizations can use these alerts to investigate.
How:
Customers deploy a virtual appliance from Zero Networks that learns how devices connect on the network. Using this information, it can create or suggest segmentation policies. These policies are then enforced by using host firewalls that are available on Windows machines, or via IP Tables on Linux machines. Because Zero Networks relies on the host firewall capabilities built into these two operating systems, customers don’t have to deploy third-party agents.
Zero Networks says it also integrates with identity management systems such as Okta to enforce multi-factor authentication on common admin ports and protocols such as RDP and SSH.
