Claroty launches partner program around industrial control systems cybersecurity

Claroty is interested in working with a select number of partners who are developing a focus on this relatively new space, which brings cybersecurity skills from IT to the context and problems of the OT environment.

Claroty, a startup with roots in the Israel Defense Force’s intelligence apparatus, came out of stealth last year with a focus on combining the skillsets of operational and information technologies to protect industrial control systems. They have now formalized their first partner program, designed to further empower a select number of partners – from both the OT and IT sides of the house – who have already made some degree of investment in developing the skillsets needed for this space.

“Claroty started up in 2014, and really got going in 2015,” said Patrick McBride, Claroty’s CMO. “It was an incubation project of the Israeli Defense Force’s Unit 8200, which is deeply focused on intelligence and decryption. The plan was to develop five companies over five years, to solve some of the hardest problems in cybersecurity, and we were the second of these companies. We were extremely well funded [USD $32 million], and came out of stealth in June 2017.”

Claroty – as their name implies – is focused on operational technology rather than IT,

“The sole mission of the company is to protect the industrial control systems that run our world,” McBride said. “This includes critical infrastructure such as electrical, water works, waste water treatment, and transportation, but also process manufacturing like oil and gas. All of those things have historically been run by airgapped control systems. It used to be much harder to attack an airgapped system, but the Stuxnet virus got on to airgapped Iranian uranium enrichment systems, and more recently WannaCry and NoPetya both also hit a lot of automated systems. Convergence has made these kinds of systems more vulnerable, especially since they were designed mainly for resilience and safety rather than security. Some of these plants were built 15-20 years ago, before the dawning of the internet, and are very vulnerable. We provide them with security through visibility and monitoring for those control systems networks.”

Claroty is not the first company to do this, but McBride said that they bring some unique capabilities to the table.

Patrick McBride, Claroty’s CMO

“We have a unique DNA, and come with an attacker’s perspective,” McBride said. “We have done an open analysis of the protocols that run on industrial networks. OT networks have different kind of control systems, and the protocols can be unique not just to industrial systems, but to each vendor, like Siemens, Rockwell, and Emerson. We have broken those open with the deep packet inspection techniques, to provide specific directories for each of those protocols, Doing the heavy lifting of dissecting those protocols allows us to find anomalous behavior in those networks.”

Some of these OT companies, Rockwell Automation and Schneider Electric, are Claroty strategic partners, and are now members of the newly announced partner program. IT companies with a presence in OT and the Internet of Things who are also in the program are KPMG Argentina, Dimension Data/NTT Security, Kudelski Security, Leidos, Optiv, and OYLO.

“In terms of our balance between OT and IT, we are all over the map,” McBride said. “Among the IT companies, the overall skill level in this area is still very low. Now it’s not necessary to get everyone at Optiv, for example, understanding what we do. We need key account managers with industrial customers to walk us in there, and we will teach them more of the skills along the way. They have to have some skills in that area. But we would expect it would be around three of 500 engineers who will have it. We know we have to grow that skill base.”

The skills side is more developed on the OT side of the house.

“Companies like Rockwell Automation and Schneider Electric know control systems very well, and have come up to speed  on cybersecurity over the last five to seven years,” McBride stated.

Claroty intended to come out of the gate with a channel as part of a hybrid model, but the relative lack of skills in the channel in North America at that time meant that they started here direct.

“We started hybrid in the rest of the world, but the fact that this is a very new market, and you need very defined skills meant that we started direct in the U.S., even though the goal in the beginning was to go out with a channel model,” McBride stated. “We do want to lean hard to the channel. They have the reach into a huge number of companies that we will never have the resources to address.”

The channel program is geared to providing the support for a select number of partners to build up their skills and practices in this area.

“We are definitely looking for a few good men, and not a lot of partners,” McBride said. “This space is heating up very quickly, and we are seeing companies like PWC and KPMG and Accenture showing interest. But they have to make an investment and skill themselves up to a degree to work with us effectively. We have had to turn away some partners who haven’t yet made the investment. They could just walk us in to the customer, but we would prefer to have partners with some people who can also work with us in implementation, even if we have to skill them up more.”

The Claroty Vision program formalizes the ad-hoc relationships through which Claroty had been managing its partners.

“In structure, it is very similar to IT channel programs,” McBride said. For a program that is select in the number of partners it takes, and which intends to stay that way, there are a lot of tiers – Elite, Premier, Authorized, and Referral.

“The top tier partners are those with deep consulting expertise who can do full projects around the transformation from analog,” McBride said.

The program’s features include many components familiar to IT partner programs, such as increased margin, deal registration, an online demo environment, and co-marketing activities, with benefits scaling by tier. The program also heavily emphasizes product and sales training to enable partners to more quickly identify opportunities and accelerate their sales cycle.

McBride stressed that for partners prepared to invest in the necessary skills, this is an exploding market, made ever more remarkable by the fact that demand is consistently high across all geos.

“I’ve never seen a situation where the demand has bloomed globally simultaneously like this,” he said. “Our pipeline is growing evenly across all the regions. This is not something that is unique in technology, but I think that it certainly is in cybersecurity.”