Video: Navigating NIS2: Accelerating IT/OT Security for Resilience | Duration: 2907s | Summary: Navigating NIS2: Accelerating IT/OT Security for Resilience | Chapters: Webinar Welcome (0.475s), NIS2 Compliance Framework (69.86000000000001s), New Chapter (687.3336877064111s), AWS MATM Framework (756.53s), Unified IT-OT Resilience (1837.33s), Modernization Journey (2269.125s), Closing Remarks (2799.0150000000003s)

Transcript for "Navigating NIS2: Accelerating IT/OT Security for Resilience": Let's get started. Hello, everybody. Welcome to today's webinar, navigating NIST two, accelerating IT, OT security and manufacturing, brought to you by Claroty, Splunk, and AWS. With the full enforcement of NIST two directive, a reality, coupled with the ever changing manufacturing landscape, we have forty five minutes pack a packed session that will how the journey to regulatory compliance can and should align with transformational business drivers. Our speakers today will be Gilad Avrashi, director of corporate strategy at Claroty, Ewald Munz, head of manufacturing, automotive, and sustainability EMEA at Splunk, a Cisco company, and Sanjay Mahato, global partner development specialist, manufacturing at Amazon Web Services. My name is John Rabinowitz, VP growth marketing at Claroty, and I will be our moderator today. If time allows, we will hold a q and a session at the end, so feel free to submit your questions in the chat. And with that, I will pass the microphone over to our first speaker, Gilad. Thanks, John, and, hello, everybody. Happy to have everybody, connected to this webinar today. My name is Gilad, as John mentioned. I'm director of corporate strategy and clarity, and happy to cohost this webinar with my colleagues from AWS and Splunk, Sanjay and Ewald. So in the next forty, minutes, forty five minutes, we will talk about the immediate implications of of the NIST two directive and try to provide a framework that can help organizations accelerate, the path to compliance while modernizing their environment. So just keep in mind two tracks here. One, compliance with NIST two, and two would be modernization. Alright. So let's start by stressing that as to is here. Right? We have been talking about this for a few years now, I believe since 2022. But during 2025 and 2026, we've seen, EU countries implementing, implementing it one after another. I think, Germany is the next, to implement it this quarter. And then the implications are are obviously, pretty broad. So we're talking about 29,000 new organizations that were not included under the NIST one umbrella, in in this two. And this comes from, 11 new sectors. So, they grew from seven sectors, industrial sectors to 18. And these sectors, specifically, gonna talk about manufacturing. So, we're talking about automotive, food and bev, medical device manufacturing, electronics, and more. But this too doesn't stop there. It also introduces some new approaches into enforcement, predominantly personal liability of, executives, c levels, and and board members in these companies, but also, increased fines and financial financial, you know, implications for noncompliance, which, you know, can reach €10,000,000 or, 20 2% of global, turnover. So that these are big numbers and big implications. And I want to double click on some of the, you know, important pillars that NIST two introduces. Some of them are new, brand new. Some of them were included, in this one but are expanded. So let's touch upon a few of them that we think are very important in in our context. So, the first one I wanna talk about is management accountability. I spoke about it, half a minute ago. So c levels and executives and and border and border directors are held accountable, in in this too. And if you think about the implications and the impact on organizations, if you think of global or multinational organizations, sorry, with a lot of sites in different in in different, countries, for a senior level to have this visibility, he or she needs, you know, a single source source of truth. Right? You're not gonna look you're not gonna view 200 sites. You need one place to see see it all. And sea levels are expected to be more involved, both from a budget point of view, but also, they want to know what's going on that and that the company is compliant. So that's one. Number two here is rapid reporting. So introducing this time sensitive, requirement. And this is, I think, a theme, if you look at other, regulations across the globe. And in The US, they're about to introduce a similar, time sensitive requirement. And specifically in this too, we're talking about twenty four hours to, initial notice after, a breach or an incident, cybersecurity incident, then seventy two hours for, for for the first reporting. And then they have, up to thirty days, to submit your final reporting. So the impact here is that you need to be very time sensitive. If your environment is not modernized, if it's not automatic, it's very hard to comply with this requirement requirement of twenty four hours, and we're gonna talk about this, in the next few slides. A third pillar here is supply chain security. So companies are held accountable for their supply chain, and they hold accountable their supply chain in turn. And I'm not only talking about, you know, procurement and and, and sourcing of of, of materials. I'm talking about lower tiers, and I'm talking about, remote access. So if you have, automation OEMs, personnel that are connecting into your OT environment using a remote access, connecting to PLCs, HMIs, or workstations, to conduct their maintenance, you are held accountable for what you do there. And if there's a breach, you are accountable for liable for this. The other three here, are are not you. I'll just, say that, for instance, for mobility, handling, organizations are expected, to be, audited and demonstrate that there know their vulnerabilities to disclose vulnerabilities and to demonstrate they're they're mitigating their vulnerabilities. So these are very important aspect. I'll leave you to to read it maybe offline, but let's gonna, continue this journey and and talk about, what we call the compliance paradox. So, it it does not come as a surprise, I guess, that a lot of the organizations are spooked or concerned, about this new change, as I'm sure some some of you might be. From our experience talking to customers and and CSOs across the industry, we identify what we call, the compliance products. So I'll try to explain it now. On the left side, you can see, it's the the necessary requirements. So on the one hand, you have CSOs that you know, this necessary requirements, they triggered this, like, a hold your hostess kinda MO. So if you have air gapped environments, it's tempting to say, let's keep it that way. It's safer and will help me be compliant. I don't wanna complicate stuff with, you know, connecting new, new environments. And, you know, if you talk to these types of CISOs about IT OT convergence and about expanding to, payloads in the cloud, they will say, you know, I can't even manage reporting today with my on prem deployment. Let's, you know, make sure I'm compliant first with this too and then talk about, ITOT convergence. And, on the other hand, you have constant pressure that is, I guess, constantly increasing for management to modernize, to adopt industry five point o, to keep up with the competition. Right? It's not it's not even enough to talk about AI per se. We're we're talking about, you know, agenda AI and the engineering, framework, but also in your OT environment. I think that's the future, and it's it's already here. So if you want to in include AI, if you want to include a JDK AI in your OT environment, you obviously need, connectivity. You need hyper connectivity and cloud integration. And these two kinda, you know, collide. So then the question becomes, are NIST two and industry five zero o on a collision course, where you kinda, you know, trapped in between as a CISO and and and you do nothing and you don't know what to do. So, we are here to tell you that it's it's quite the opposite. So from our point of view, it's not that they're in collision course. We would argue that modernization is a key for an institute compliant, compliance. And it's and in some cases, it's the only way to be compliant, in the institute framework. So think about these three outcomes you try to achieve that might see seem intention with one another. So first, it's like the niche two compliance with all the good stuff of, you know, auditability and and management accountability and the seventy two hour reporting, these new requirements. Then you have the operational throughput that needs to be increased, need to be modernized, I need to include predictive AI and scalability. And beneath everything, you need to make sure that you have an OT and IT security program, that guarantees that, you know, you you you keep secure and you stay out of trouble there. And if you think of each one of them independently, it it might seem kinda contradictory in in in some, in some aspect. But if you try to proactively think how can we do all three together, they intersect in cloud based modernization, which is what we are here to argue. This is the only where way that you can kinda, win it all. So, we we are, you know, by no means naive about the ability of organizations to make these changes overnight. Right? These are all all profit organizations, and as I'm sure your organizations are, you're worried about the bottom line here. And you will not compromise production throughput to to make changes. So in a lot of senses, like, think about it as, we were trying to do, we strive to replace the engine while we're still in flight. Right? And I think all three organizations here, you know, Claroty, Splunk, and AWS, we gave a lot of thought in on building our products and offerings in a way that, you know, will guarantee that the, you know, operations are not interrupted while making the changes and implementing. So these are three, examples of how we do this. The first one is, in what we call asset discovery. So in Claroty, we I think we master the ability to map OT environments, devices, and network with passive discovery, meaning that you are able to get a full inventory of your OT environment without actually, interfering with the, with the network and with the production, guaranteeing there are no, operational interruptions. Next, and I think that's that's very interesting enabled by by AI and and and modern technologies here, is that you're able to, to to create shadow edge infrastructure. Think of digital twins, and kind of replicate your PLC logic, build a new architecture around it while your old architecture is still operating. And then once you tested it and you stress tested it, you can while your your old environment still works, in a click of a button, you can move to your new environment. And I think try to think if you if you try to do this without without AI and any cloud. Yeah. With this, Sanjay, I'll let you take the lead here. I think that I saw Sanjay some for some reason dropped, and I'm trying to see what happened to his if something happened to his connection. So I don't know if one of you can can take this until we until we get him back online and can carry. on. Great. Yep. Yep. I'll I'll I'll take this one. It won't please, interfere if you if you, feel the need to. So let's talk about this this triad, this, you know, three way solution here with Claroty, AWS, and and Splunk. So for Claroty, we're talking about proactive protection. So the the risk reduction engine of this triad. Alright? Splunk represents here the unified I ITOT resilience and orchestration hub, with advanced analytics that it will we'll talk about later. And then with AWS, that's the modernization platform on which everything is built but also is enabled by OT security. And we're gonna talk about it as well in the next slides. So I'll I'll try to present AWS here, in in the next couple of slides, until Sanjay is back. So, AWS introduced a concept called MATM or MADM, depends on which part part of the globe you come from, manufacturing applications and technology modernization, which is about how you take your OT environment, and modernize it by moving payloads that are, on on your on prem, on your, layer two, layer three, if you will, environment in OT and putting them on the cloud to allow scalability and to allow, you know, AI and modern technologies, that are only available on on the cloud. The basic layer here is the OT security layer. Right? I'm gonna talk about it in the next few slides, but think about visibility and threat detection is the very basic stuff, that we're talking about, but also real time analytics brought to you by by Splunk, which I was gonna talk about, and zero trust third party access that I mentioned earlier in in a different context. So that's that's the basic clear layer. On top of this, there's a suite of solutions that Amazon Web Services offers, on on top of, the Amazon Web Services cloud, obviously. So think about your classic payloads, SCADA, your your your MES, QMS, you know, asset management, and CMMS. These are all payloads that can be migrated to the clouds to the cloud, and this opens an abundance of possibilities. And and I spoke about some of them earlier. So for instance, you know, digital twins and AI payloads to be kinda, you know, interacting with these classic, classic systems. So the idea here is cohost, is rehost, replatform, and refactor. Right? On top of these, we have the industrial data fabric and the digital, composed outcomes. These two layers, are more what you do with the data. Again, there's suite of, of solutions that Amazon Web Services, can can offer here, including, you know, GenAI and, Agendik AI, Graph DB modeling. So kinda including the engineering in the cycle of of operations, to increase scale and throughput, and, you know, a shorter life cycle between engineering and and production. So that's that. Do we have Sanjay back? Or I'll just keep on going. Keep going. Alright. So, the idea of of AWS MATM within, the framework of Splunk, Claroty, and and AWS, you can think of AWS as both the enabler enabler and the enabled. So the enabler part of it, I think it's it's pretty clear. So we have the AWS cloud as a platform, which enables us, to deploy, you know, our solutions as as Splunk and Claroty, but also other solutions that you saw you've seen earlier. But if you think about it from the other way around, so the the the flip point of it the flip of it is that you can't really have modernized, environment. Or you can't really include cloud on your OT environment if you're not secured. So, you know, cloud solutions and AWS is enabled by, comprehensive, and and good OT security program. So that's the point of, of these slides. Right. So let's talk OT security, and double down double down on this. Right? So your your job zero before you even think about the good stuff I I talked about earlier, getting your OT payloads on the cloud, or before you even start thinking about risk reduction, you need to go back to the old and very accurate cliche. You can't protect what you can't see. And and this is the very basic layer that, Claroty provides you. So and and we think about it in three different layer or three different pillars here. The first one, and I spoke about it a bit earlier, I'm gonna expand about it, is is safe visibility. So we spoke of the passive, passive discovery and how Claroty can, help you discover, your your OT assets within your OT environment, without interrupting the the operational, process. But it goes way beyond this. Claroty can work with you based on the restrictions and limitations in your specific sites and work around, getting the right collection methods. So we use more than one collection method. So the idea is to be as comprehensive as possible, working with the customer, but also to be as deep as possible. So we utilize, deep packet inspection and other enrichment tools to be more, more accurate and more enriched on the data. So it's not enough for us to state what that this is a PLC and what is the Rockwell model of it. What we want to know, what the firmware is, what the operational system is, and so on. So that's the first pillar of it. The second pillar of it is, eliminating the the alias gap here. And it might come as a surprise, to to some of you, but we we discovered that 76% of cyber physical security assets, use names that differ from from official records. So for instance, you can see here the example on the right, you have a Rockwell, LPLC model here. You might find it listed as a Rockwell PLC, or you might find the the full model, but you don't know what the firmware is. It might seem like a nuance, but think about it from, exposure management or vulnerability management point of view. The last thing you want is to go ahead and report on vulnerability to the authorities and your mitigation plan where this vulnerability is not even relevant for your device because it's a different version. And think about the vice versa. Right? So it's very important to be very accurate on what are the, versions. And Claroty developed what we call the CPS library, which helps, do this using, using AI. So that's the second pillar. And the third pillar is the business context. And if you're an OT engineer, you immediately understand what I'm talking about. For us, it's not enough to say it's a PLC and what the model is. We need to know what is the device purpose within the manufacturing within within the plant floor. So in this case, like, the the raw material we're receiving, this helps mitigate the risk based on impact. Right? If it's a critical POC because it's part of the critical line, it needs to be handled differently. So that's like, these are, like, the three pillars of visibility. Okay. So we established that that with Claroty, you get the basic and critical layer of visibility. But the question is, then what outcomes are you trying to, to achieve with your OT security program? And Gilad's so sorry to interrupt, but we do Sanjay did make it back. So. Sanjay wanna Gilad's been doing a great job carrying through the the slides. But, yeah, I just wanted to let every let you know, Gilad, that Sanjay made it back. Thanks, Jon. Sanjay, I'll I'll maybe give you the mic and go back to, to this. I I explained it, but, Oh, yeah. just. a different So and my my apologies for that. So thank you for that. So, really, I think from an AWS standpoint, we are excited to work with Splunk and Claroty on this go to market sales pick. So my name is, Sanjay Mahato, and I think, you know, from the interesting aspect that we see with compliance is, you know, when you really look at modernization perspective, so do we really treat compliance as a burden, or do we really see this as a catalyst for transformation? And I think this is where the MATM, which is your manufacturing application and technology modernization, provides us, a secure and a scalable, you know, modernization framework for us to really help in terms of what it means for us to really look at it from the workloads in the shop floor. So they typically the OT systems and how do we really take care of them as we modernize them in the cloud could also be through hybrid cloud architecture. Now when you really look at, OD workloads, typically, these are your legacy monolithic applications, which could be twenty years or old. So the likes of historians, the MES, the enterprise asset management, Now typically, most of them are running on premises, often on outdated operating systems with no API integration, no cloud integration. And this is where if you really look at it from the perspective of what the industrial executives are looking at more from modern AI and machine learning workloads, I think, typically, these legacy systems cannot handle the data volume, the velocity, and the variety that we seek in terms of what it means for us to transform in the cloud. The fact that they also lack, comprehensive audit trails and security controls that is expected of Nishtu. So this is where the journey that we are together with Splunk and Claroty is more in terms of how do we really drive data from the edge to the cloud, and then we still need to make sure that there are critical foundation elements that we must establish first. So if you really look at this from that perspective, starting at that bottom layer, I think it is very important for us to really talk about how do we instrument, you know, the OT security from the shuffle perspective. In a sense that when you really look at what it means for us to drive security in the cloud, So this is where we really partner with, the likes of, our Claroty with their Claroty x tone to help establish those. But at the same time, then you really look at it from an AWS perspective. Right? So there are these foundational services that AWS provides starting with identity access management, the VPC, encryption, the isolation, the card duty, etcetera. And this is what it really makes, it possible for AWS and our partner systems to really talk about, you know, how do you really make these systems, you know, mitigate the vulnerability and you remove the attack surface that we talk about. So if you in a sense, MTM is all about how do you really unlock and unify the IT and the OT data as you traverse as the data traverses from the edge to the cloud? And this is where the, you know, the magic happens, if I can call it this way, is the moment you are able to unlock that data and you then talk about what's that critical layer where you are then able to, you know, ingest that data, contextualize the data, that becomes the the unifying layer. So that's what we call as the the industrial data hub. And this is where so just to give you an example, if you look at typically, you know, SAP ERP systems. So as we talk about inventory data, customer order data, and we bring them to the cloud. And at the same time, if you think about from a shop flow perspective, for machine data, real time machine data, process, parameters, the quality data, That's where we can really talk about how do you really bring unify that data, talk about, you know, contextualizing that data to then create knowledge data graphs, databases for that matter. How can you then reason with the data to talk about simulations on digital twins and then creating those automated data, pipelines that help you bring that IT and the OT together. So this is all, possible with the METM framework, and typically, this would not could not have been achieved with the legacy infrastructure. And this is why we believe that, you know, having the ability for us to then create that, you know, ability for us to contextualize data and transform that helps us reach a digitally composed outcome that we talk about. So in a sense, I think the the aspect is that we cannot skip any layers here. The OT security foundation is all about securing and modernizing applications, but at the same time talking about what it means for us to create an industrial data fabric and composing, outcomes which is very relevant and making us competitively advantageous in the industry. So with that, if you can just move to the next slide, please, Ewald. Yeah. So this is, interesting because if you now really look at it, right, so what it means is MATM is just not the enabler, but we are also getting enabled in the in the process. So just to give you a sense of what it means. Right? So typically with the fact that, you know, with industrial AI and the OT and the IT convergence, It is important that when you look at it from an OT perspective that prioritizes, confidentiality, whereas from an OT perspective that prioritizes availability, I think to really talk about, you know, as these systems are converging, how do you really identify which are the attack surfaces that you really need to mitigate? And that is what we are talking about from this, you know, the multilayered perspective. So starting at the foundation is where we believe, you know, the AWS foundational security layer. The secure substrate is very, very important because then it talks about, you know, what are those the foundational AWS services that we need to consume to really talk about to create that initial, that modern security, foundation. This is where, the important then is as you go up, you will then have to really talk about what it means from a customer standpoint or from an, system integrator standpoint for us to then enable some of those, shared responsibility, which is intense talking about, creating that, you know, for from a monitoring and a logging perspective, from a landing zone perspective. And that helps us then to talk about what it means for the partner solutions to then enable those, specific OT specific visibility, which, presently the IT tools miss. So in a sense, I think, you know, having the asset visibility, the making sure that we talk about threat detection, the vulnerability management. So that is something which is where Claroty x stone typically really is is of, important to us. But there comes the essence of Splunk being that resilience orchestration, how because that helps unify the IT and the OT together. And this is where if you really look at your, enterprise systems with SAP, you know, when we consume data into Splunk, and at the same time when, when you really look at with, what OD data from Claroty, if you can inject into Splunk, that helps us to then talk about what it means for us to reason with that data, for us to respond to incident, for us to then really talk about reducing the noise, in a sense that how do we really talk about reducing the false positive that exists in the OT environment. And that is something which is, of paramount importance from a niche to compliance standpoint because all of those are auditable. All of those are comprehensive, and all of those meet those, typical article 21, 23, and the 20, which is a risk management, the incident handling, and then your governance requirement that together these three, solutions provide. So in a sense, if you really look at the outcome so typically, you know, if you have an SAP system, which is modernized on the cloud on SAP with your S4HANA, on the EC two and then kind of talking to cloud analytics with your shop floor, data going through in IoT green wise into a data lake helping drive creative, maintenance. This is where the beauty of the the data from the in the enterprise ERP from your enterprise systems to what your OT are consuming really provides you that sequential validated and outcome driven, you know, a sense which none of the other solutions could otherwise just provide, in isolation. So all in all, we really believe, this is really compounding the effect of what the convergence together with the beauty of the security platform that is enabled through these three, solutions could help us achieve, from the compliance, but also provide us a competitive edge. So with that, I handed over back to you, Gilad. Sorry for the trouble, but hopefully that helps. Thank you. Thank you, Sanjay. Thank you very much. And and just to re reorient, everybody. So so Sanjay spoke about, the MAT framework and the AWS platform here. I started to talk about, OT security and how to, kinda define an OT security program that is effective. We started off by talking about job zero, how to gain visibility. And then we start and then we went on to talk about, okay, once you have visibility, what outcomes are you, trying to achieve with an OT security program? And and it varies between, organizations. We have customers who have, focused on one of those, outcomes, one out of five. Some of them all of them, really depends on what you're looking to achieve, and we'll have a case study later that, focuses on one of them. So what are these outcomes? The first one is visibility and insights. So visibility insights, it includes the basic layer of, visibility, but also using the, you know, deep enrichment for each one of the, CPS assets in your OG environment. You are able to reduce risk from this stage. So think about end of life information for each one of the assets. This in itself helps you to reduce risk by being, very strict on, you know, firmware versions and so on. Next, we talk about the three main pillars of of cybersecurity, of OT security, threat detection. So, you know, establish a real time monitoring and efficient threat response. This really corresponds with what is expected from an an S2. Next is exposure exposure management. So think about, vulnerabilities, and risks and how to mitigate them on a on an asset level, on a network level. So from the asset level, how do you introduce the the the journey in which you introduce compensating controls to mitigate risks and and vulnerabilities in your environment. And then network protection would be focus focus on the network architecture and how you build an architecture and change your network, to mitigate risks, this way. Think about reducing the blast radius by, you know, introducing a network segmentation program, into your environment. So these are the three main risk reduction pillars. And then on top of this, and we have customers who are focused on on this mainly, reporting. Right? And really corresponds, with with NIST two and unexpected. So Claroty's xDome, can help you, you know, produce the the the audits and compliance reports, but also, do some custom reporting for your executives, as they are now cannibal and liable. So this is like the complete offering and the complete, OT OT security tools that Xdome brings to the table, but it it does not adhere. If you leverage, the, Xdome or the Claroty to Splunk, integration, you can get a lot more than this, and I will let you take it from here. Yeah. Thank you, Gilad. So my name is Ewald from Splunk. Happy to be part of this three party approach, Claroty, AWS, and Splunk. So, Gilad just mentioned Claroty as protecting the base, basically, the eyes and ears of the industrial environment. Sanjay mentioned AWS as the modernization engine via the cloud. And, basically, it now all comes together at Splunk with the unified IT and OT resilience at the so called, AgenTek SOC, security operation center. So please let me explain this now step by step. So starting, at the bottom and you heard this word, I think a lot already in this webinar, visibility. It all starts with visibility visibility. In this case, unifying the data with the so called Cisco data fabric. This is basically an AI driven architecture for unifying and managing data basically from edge to the cloud. And once you have this visibility, you move on to advanced analytics via our so called Splunk Enterprise Security solution. You have there all kinds of, let's say, automation orchestration features And ultimately, once you have reached this stage, you start to scale. You you start to scale with all kind of risk scoring, with the out of the box features. And in this context, I think it's a good example if you speak about, the very high number of, false alerts in OT environment. I think Gilad also mentioned this before. So we have customers, they tell us they have sometimes up to 2,000 false alerts per day. And obviously, it's humanly not possible to deal to deal with this kind of, higher amounts of false alerts every day. So we have a a feature called risk based alerting, which basically significantly reduces this high number of false alerts to really dose alerts that are important to a to a plant manager. So basically, with this agentic sock, it's hyper connectivity leveraged into real time security, orchestration, and automation. So really, really a proactive strategic move for unified IT and OT resilience. So please let me now dive a little bit deeper into the visibility especially how Splunk and Claroty work together. Next slide, please. So if you'll see here the classic, Pardo model, the level zero to to five on the left hand side, more the the IT zone. On the right hand side, more the the IT zones. So specifically, the the IT zones, click, please. The IT zone, this is covered by Splunk with our solution called the Splunk Enterprise Security. And moving now deeper to the OT zone, this is now partially covered by an so called add on, the Splunk OT security add on. So with this add on, we're diving down deeper up to level two, and the the remaining parts of the OT zones are covered by by clarity. And Claroty is a very important data source for Splunk. So we simply ingest Claroty as a data source via an integration app on our so called Splunk base. It's basically the app store of Splunk. It's a free of charge app for, for Splunk customers. So with this integration of Claroty and Splunk Enterprise Security plus the Splunk OT Security add on, customers have basically full visibility from level zero to five. Yeah. So zero to five full visibility across IT and OT environments. So, so how does how does this now translate into resolving the compliance paradox? Gilad mentioned at the very beginning, there's this compliance paradox. On the one hand side, there is, let's say, strict these two regulations. On the other hand side, there are set up these requirements for, modernization and, cloud requirements. And we suggest here a dedicated, five step, approach. Obviously, this can't be done overnight, so it's a distinctive step by step. And clearly, the first step is to really understand, it needs to in detail, yeah, to to plan for it, to appoint, and these two officer, to make, let's say, dedicated plans for it. And then the foundation, as I mentioned before, is again visibility. Yes. Really real time visibility across IT and OT, environments. And once you have this visibility, you can start to to correlate different kind of data sources, correlate IT with OT data sources for for guided insights. And once you have reached this stage, of course, then you can do more strategic levels. For example, as Sanjay mentioned, modernize your manufacturing environment with the so called MATM approach. Yeah. And ultimately, unified ITOT resilience to really scale with AI, with the orchestration, automation, and all kind of advanced, security analytics. So, ultimately, modernization is the catalyst for a so called risk reduction journey. So does this sound too theoretical? No. Of course not. Gilad has a nice customer example how this has been done, in real life. Over to you, Gilad. Thank you, Ewald, Ewald. And I think this is a is a good example of this journey that you all just, just just described. So this is a customer a shared customer of of Splunk already in AWS. Unfortunately, we cannot name, but, we think it's a very, interesting use case, that we want to share with you today. So this is a global industrial manufacturing conglomerate. They have, different sites of different manufacturing, site types over 80 countries across the world. So, huge operation. And their their starting point was very limited visibility. The reason being that, you know, as a large company, as it happens, tends to happen a lot with these large, level companies, You grow over time, and you grow through m and a's. So you may have sites with, you know, PLCs running straight from the nineteen nineties, and you have modern sites, on the other end of the spectrum. And they struggled with, you know, creating a visibility across the board, and this is how they, came to us with an outcome in mind of visibility and and reporting across all their sites. And they initially implemented Claroty's, on prem, solution, CTD, with the idea of, you know, getting this comprehensive visibility, which which they have. Since they have a lot of sites, they deploy this on prem in each site, with the central management on the AWS cloud. And they established a single source of truth and reporting. But once they've done this, they their appetite grew. And so the next step was to utilize and leverage, the integration with Splunk, which was, you know, very streamlined and straightforward then to utilize the integration. And once they they've done this and try to and then started to use the analytics provided by by Splunk, they were able to start building a security strategy and a security program that could actually scale up. And then the next step was when you, you know, start started to think about scaling up, this is way where they understood that if they're gonna expand more and more sites, they need to be on cloud fully. So they migrated, to, Claroty's Claroty's ExDome, which is our, SaaS or or cloud solution over at AWS. And they started to leverage it, for enhanced scalability. It actually reduced their total cost of ownership, and they actually used they ended up using, Xdome and still are using Xdome, and the integration was Splunk over AWS. And I think this is a good example of how this journey looks like, when you know what you're looking to achieve in the end. So just to give you an idea, I'm not gonna go into each and everyone in detail, just to give you an idea of how this architectural change might look. So starting with a typical OT environment for a manufacturing company, like, seen familiar for for some of you, based on that Purdue model here. So it's all deployed on-site. Right? You might have some island islands managed by automation on your level one, level two. Sorry. Managed by automation OEMs, Nova one level two. And you might have unmanaged devices. You might have, like, four g connections breaking your Purdue model. But, basically, it's it's on premise. And when you want to modernize it, so this is how you should think about it. So you can see here that we added the Claroty Collector on level two here. But other than this on premise instant because you need visibility, a lot of the payloads actually move to the cloud. You have Claroty and Splunk deployed here on cloud on virtual level, 3.5 or or your I d m z. And some of the payloads, your monolithic payloads that Sanjay mentioned earlier when talking about the MATM are actually here in the cloud. So this is one option to have to deploy it. I think the it's important part of it is while you introduce cloud payloads, you don't break the Purdue model. And this is very, very important for for CSOs. So lastly, before we wrap up, we wanted to leave you with kind of a maturity model, which might help you to kinda place your organization. So I'll I'll start by saying that most of the organizations that we see are on stage one and two, and it it's it's not a surprise, actually, when you think about it because, otherwise, they won't come to us. Level one here is, what we call the reactive. So think about the monolithic on prem deployment. We talked about it several times during this webinar. This is your, your your your ground zero. This is where you start from. Level two is what we call the instrumented. So you might have hybrid connectivity. You might have some visibility. In in this stage, we we've we've seen a lot of companies in the past, kinda utilizing their IT security tools to gain some visibility. And I think, as Ewald mentioned, it's it's not enough. You need to gain full visibility. You need, OT specialized tools. I know there was a question about this earlier as well. And, you know, we we we rarely see companies, organizations that are fully level one. Usually, you see, you know, some sites that are level one, some sites that are level two. Bottom line here is that they are not crossing the threshold to be NIST two compliant. The you cross the threshold once you go to level three, which we call the modernized level, where you have cloud adoption. Your security is OT specialized with deep packet inspection, and you have analytics and real time SIM. So that's, I think, the the the gold standard today for an S2 compliance and modernized. And thinking about, you know, excelling and being an industry leader, level four is the, what we call, the autonomous level, where you have services, such as, you know, a service plus NGAI. You have predicted in zero test security, which we can expand, maybe in the future, and your analytics operational resilience, provided. So here's where you introduce your heavy AI payloads, and you are fully automated. So think of where you're you place your organization on this maturity model. With this, I'd like to thank everybody, for attending, today's webinar. We are going to be all three of us actually are going to be in Hanover next week. You can meet us, at the Claroty, booth on the AWS booth. This is Hall 15, send it d 76. We are going to have a fireside chat on April 20. That's next Monday, 02:30, local time. Thank you very, very much, and we'd be happy to answer him some questions if we have time and and questions. Yes. So we we are at time, Gilad, so I I do wanna be mindful of of everybody's calendar. There were a couple of questions that were answered, in real time, but, if anybody did submit a question and we did not have time to get to it, we will respond. And as mentioned in the chat, this was this session was recorded, and the recorded session will be sent to all registered attendees. So thank you very much for your time today, and, have a good afternoon. Thank you. Thanks, Thank. you. Thank you.