Claroty adds business-centred risk tools to xDome platform
The Claroty xDome platform now features Device Purpose and Risk Benchmarking, additions that enable users to assess how the risks within their CPS environment are influenced by the function of each device, such as those deployed across production lines, building floors, or hospital wings. These functionalities are intended to help organisations prioritise risk reduction by evaluating potential impacts on critical business outcomes and facilitate greater collaboration between CPS personnel and other business units.
Research from Gartner highlights the shifting focus in this area. According to the firm, "Organisations are becoming aware of their blind spots. Asset-intensive organisations increasingly realise that CPS environments are value creation centres. A manufacturing company makes money by producing goods, for instance. Once largely 'out of sight, out of mind,' boards and C-suite executives increasingly want to know how their CPS production and mission-critical environments are protected."
Historically, the CPS protection sector has concentrated on an asset-centric approach, offering detailed visibility into individual assets and their respective risks. Although developing a comprehensive asset inventory is considered a core component of any cybersecurity programme, Claroty points out that an exclusive focus on assets might inadvertently prompt security teams to invest resources in protecting devices whose compromise would have minimal or no direct business impact.
The company notes the need for organisations to align remediation efforts with the business importance of each asset, whether it relates to critical public services or the company's largest revenue-generating systems. Claroty emphasises scenarios such as a security analyst and operational technology (OT) engineer evaluating two identical devices, where understanding each device's business function is crucial for determining which to address first.
The Device Purpose and Risk Benchmarking features in Claroty xDome aim to enable this shift from asset-centricity to impact-driven risk mitigation. These tools furnish maintenance teams with the business context necessary to avoid process disruption, operational downtime, and financial loss. Integrating business context with technical risk profiles creates a shared framework for dialogue between security teams and CPS operators, and also links their activities with broader organisational Business Impact Analysis initiatives.
Yoram Gronich, Chief Product Officer at Claroty, commented on recent challenges facing the sector, stating: "The security of critical infrastructures are under growing scrutiny as adversaries increasingly target these systems of the greatest criticality. The teams managing these environments are facing mounting pressure from multiple fronts in their organisations and need tools that exponentially make their jobs easier so they can focus on protecting the mission-critical infrastructures that sustain societal operations - that means having the business context to meaningfully reduce risk."
Among the key features of Device Purpose, users can categorise assets according to a hierarchical model and taxonomy aligned with their specific industry sector. The setup allows refinement from an established baseline that includes business impact scoring. This, in turn, enables measurement of how device-level and overall risk scores are affected when assets are reprioritised based on business importance.
Risk Benchmarking, the second core capability, gives organisations the ability to compare their CPS risk environment against those of similar organisations. With these analytics, users can observe how protection measures for their most critical assets stack up against industry peers, and track the effectiveness of risk mitigation strategies across a range of risk factors and multiple network segments over time.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
an hour ago
- Techday NZ
Gartner highlights key AI & innovation trends for APAC governments
Gartner has outlined the top technology trends expected to influence government approaches to citizen services and artificial intelligence (AI) in the Asia-Pacific (APAC) region for 2025. The research identifies three key trends: the implementation of AI agents for citizen service delivery, the use of digital innovation labs with controlled data environments, and a governance-driven approach to AI adoption across government operations. AI agents AI agents are emerging as a tool for governments to enhance digital service delivery. According to Gartner, these agents operate autonomously or semi-autonomously, using AI to sense, decide, act and achieve goals within digital or physical environments. The initial focus for these agents in APAC governments will be on processing applications and entitlements against relevant regulations, such as for building applications. There is growing interest in deploying AI agents to interpret legislation and regulatory frameworks. "The use and orchestration of multiple AI agents will expand as the technology matures and governments grow more confident in building, buying, and governing them," said Dean Lacheca, VP Analyst at Gartner. "Transparency and public trust will ultimately shape adoption, so it's important to establish clear governance, ethical guardrails and accountability for autonomy, potential failure, security and data privacy." This emphasis on governance and public trust is seen as critical to broader acceptance of AI agent technology, ensuring systems are accountable while managing security and data privacy concerns. Innovation labs To address the challenges in government innovation posed by data restrictions and procurement policies, a growing number of APAC governments are establishing digital innovation labs with data "sandboxes." These controlled environments enable human-centred innovation using a blend of open, synthetic, and protected data. Such labs protect personal and sensitive information while allowing for experimentation and development of new services. Examples highlighted by Gartner include the Maritime and Port Authority of Singapore's lab for technology testing, and Taiwan's digital identity wallet sandbox program. In Australia, similar innovation spaces are being developed in partnership with educational institutions at the federal and state government levels. Gartner recommends that government CIOs establish a clear rationale for investing in these labs by validating the essential outcomes. This assessment can help determine whether investment should be across the entire government or focused on a specific department or agency's mission. AI governance As governments adopt AI to improve efficiency and citizen experience, Gartner notes the rising importance of establishing frameworks for AI governance. These frameworks are intended to balance risk, cost, and value while maintaining operational oversight. Gartner forecasts that by 2028, at least 80% of governments will have their adoption and ongoing monitoring of AI independently audited. This is part of an effort to ensure responsible use, cost control, and alignment with regulatory requirements. "Governments must have oversight over AI technologies to identify and mitigate risks, and ensure alignment with regulatory requirements and governance standards," said Lacheca. "As many APAC governments pursue sovereign AI agendas, these guardrails will ensure future AI adoption remains transparent, accountable and adaptable to change." According to Gartner, the development of sovereign AI agendas across APAC reflects both regulatory demands and a desire to maintain public confidence, ensuring that future AI use in citizen services is transparent and adaptable. Dean Lacheca, who is based in Brisbane, is available for further comment on these trends and their implications for the Australian market, including recommendations from the Gartner report on government trends in the region. Gartner's analysis provides insights for government CIOs making investment and strategy decisions related to service delivery innovation and AI agenda setting over the next year.
Techday NZ
6 days ago
- Techday NZ
Upwind named CNADR company of the year & praised by analysts
Upwind has been recognised by Frost & Sullivan and Gartner in 2025, including being named Company of the Year in the CNADR sector and cited across several analyst reports. Frost & Sullivan awarded Upwind the 2025 Company of the Year title in the Global Cloud-Native Application Detection & Response (CNADR) market, highlighting the company's growth and approach to cloud-native security. At the same time, Upwind featured in Gartner's 2025 Market Guide for Cloud-Native Application Protection Platforms (CNAPP) and was listed as a sample vendor on three of Gartner's 2025 Hype Cycles related to workload and network security, container technologies, and platform engineering. Analyst assessments Upwind was featured in the Hype Cycle for Workload and Network Security, the Hype Cycle for Container Technologies, and the Hype Cycle for Platform Engineering for 2025, all under the CNAPP category. In these reports, CNAPP is identified by Gartner as a technology with a "High Benefit Rating" expected to reach mainstream adoption within two to five years, citing rising demand for consolidated cloud-native security solutions across Kubernetes and multicloud environments. Gartner's 2025 Market Guide for CNAPP includes Upwind among the representative vendors in a sector that, according to the guide, is consolidating security capabilities to provide full-lifecycle protection, from development to runtime in modern multicloud landscapes. The guide notes that CNAPPs are geared to deliver integrated protection across dynamic, container-based application environments. "Upwind's real-time insights and support have enhanced our cloud security operations," said Sardorbek Pulatov, VP Engineering & Security at Vestiaire Collective. "Upwind saves us a significant amount of time, helping our team focus on the truly critical alerts while disregarding low-priority findings. With Upwind, we are able to identify any vulnerabilities and can prioritise them for remediation - helping us operate more efficiently and securely." Gartner also noted in its Market Guide for CNAPP that, "by 2029, 40% of enterprises that successfully implement zero trust within cloud service provider environments will rely on the advanced visibility and control capabilities offered by CNAPP solutions". Additionally, Upwind reports a customer rating of 4.9 out of 5 on Gartner Peer Insights for CNAPP, based on verified reviews. Frost & Sullivan's report flagged Upwind's rapid annual growth of over 4,000 percent year-on-year and its success in integrating previously disparate tools into a single platform, noting its efforts in runtime intelligence in particular. Technical approach and platform features Upwind's cloud security platform is designed using a Runtime-first approach. The company states that its architecture, which incorporates a lightweight eBPF-based sensor, enables full-stack visibility and real-time threat response without adding operational overhead for development teams. A key feature of the Upwind platform is the "Threat Stories" capability, which connects runtime signals, configuration data, audit logs, and identity information in a unified dashboard. This allows security teams to trace threats directly to the source code or deployment pipeline responsible for introducing vulnerabilities. "Security can't be bolted on after deployment. It has to be built in continuously, contextually, and with developers at the center," said Amiram Shachar, CEO and Co-Founder of Upwind. "To us, this wave of analyst recognition validates the strength of our vision, our product, and most importantly, our team. Upwind's momentum is driven by real customer adoption, technical innovation, and word-of-mouth from the people who use and love our platform. We're not building for the exit; we're building for impact. We're focused on solving real, complex problems for the teams building and securing the cloud. That's why engineers, platform teams, and SOCs are choosing Upwind to simplify, scale, and unify cloud-native security at the speed of modern development." Market context and future trends With the rising adoption of cloud-native technologies, industry analysts have pointed to a shift among organisations from fragmented toolchains toward more integrated platforms that offer visibility throughout the application lifecycle. Gartner's reports state that CNAPP platforms are becoming a preferred model for managing the security of dynamic cloud environments, particularly as companies increase their investments in DevSecOps, platform engineering, and generative AI systems. Frost & Sullivan described Upwind as impactful for its capability to merge detection, response, and protection services into a singular platform. The report credits Upwind with consolidating functions such as ADR (Application Detection and Response), CDR (Cloud Detection and Response), CWPP (Cloud Workload Protection Platforms), and CSPM (Cloud Security Posture Management), thereby supporting operational efficiency for customers.
Techday NZ
7 days ago
- Techday NZ
Red Hat named leader in 2025 Gartner Magic Quadrant for containers
Red Hat has been named a Leader in the 2025 Gartner Magic Quadrant for Container Management for the third year in a row, following an evaluation of 15 vendors. This ongoing recognition highlights both the role of Red Hat OpenShift in enterprise container strategies and the company's approach to hybrid cloud environments. The Gartner Magic Quadrant recognised OpenShift for its Completeness of Vision and Ability to Execute. Red Hat OpenShift provides a platform for container management that supports operational consistency and standardisation among organisations implementing cloud-native approaches. The platform is designed to standardise, automate, and scale container projects across various settings including data centres, multiple cloud environments, and edge deployments. Red Hat credits this acknowledgment to OpenShift's integrated security features, advanced management capabilities, and emphasis on developer productivity. These characteristics are seen as benefits for IT teams seeking to modernise applications and improve delivery of business value. The Gartner Magic Quadrant for Container Management is based on specific criteria that examine each vendor's completeness of vision and ability to execute. According to Gartner, Leaders are those who execute effectively against their current vision and are positioned well for future developments. Red Hat has previously received similar recognition, having been named a Leader in Gartner's 2025 Magic Quadrant for Cloud-Native Application Platforms. Company comments "We believe being recognised as a Leader for the third consecutive year in the Gartner Magic Quadrant for Container Management validates Red Hat OpenShift's role as a cornerstone for modern IT strategies. Our platform empowers enterprises to standardise, automate and scale their container initiatives across any footprint, from the datacenter to multiple cloud environments, providing the flexibility and control needed to meet evolving business demands." This was stated by Mike Barrett, Vice President & General Manager, Hybrid Cloud Platforms at Red Hat. The company states that OpenShift is suitable for organisations that require deployment capabilities across different infrastructures, including both private data centres and public clouds, as well as edge locations. Security and operational management are integrated into the platform to help developers and IT operations teams manage their workloads efficiently. The report from Gartner provides analysis of multiple vendors offering container management solutions, with an emphasis on their strategic direction and capability to deliver support for modern container workloads. Gartner's methodology identifies Leaders as vendors who are successful in both the vision and execution aspects of the market. The Gartner Magic Quadrant is frequently referenced by IT professionals and procurement teams seeking independent assessments of technology vendors. The evaluation of Red Hat OpenShift considered its ability to help enterprises with complex IT requirements and support their migration to cloud-native architectures. Red Hat continues to position OpenShift as a platform for standardising container operations, both on-premises and in cloud environments. Its feature set includes automation, policy enforcement, and monitoring, all built on a foundation powered by Kubernetes. The recognition by Gartner further builds on Red Hat's presence in the enterprise IT market, where container management is seen as a key capability for organisations pursuing digital transformation and modernisation of software delivery practices. The ability to operate workload across multiple environments is monitored closely by businesses managing diverse infrastructure estates. Gartner's commentary on container management vendors does not constitute an endorsement, but serves as one of several independent reference points for organisations considering their options in the market.
