Claroty, a industrial control systems cybersecurity company, announced on Monday that it raised $60 million in Series B funding from a diverse group of investors, including venture firms, ICS vendors and industrial asset owners and operators. The funding brings the company’s total investment to date to $93 million.
The funding round was led by Temasek, a Signaporean holding company. Notably, three different ICS vendors came together to participate in the round in some way. Aster capital (an investment company born out of Schneider Electric), Next47 (a venture firm backed by Siemens) and Rockwell automation pitched in, along with Envision Ventures, Tekfen and Claroty’s original investors.
Patrick McBride, Claroty’s chief marketing officer, said in an interview that the coming together of these investors is a “ringing endorsement” of Claroty’s offerings.
“Getting Siemens and Rockwell and Schneider to do anything together? These guys beat each other up in the marketplace every day, but they thought so highly of the tech that … they invested in us,” McBride said.
Claroty offers a platform that continuously monitors OT networks for vulnerabilities and threats. The platform also provides customers with a secure remote access capability. Industrial asset operators often need to manage their OT systems from off-site, and a remote access capability needs to be secure in order to prevent malicious actors from meddling with the connection.
“It gives the CISO and his team visibility into an industrial network in the same way they spent the last decade or so trying to get visibility and monitoring into their IT network,” McBride said.
The company sprouted in 2014 from Team8, an Israeli startup foundry, and is now headquartered in New York City. It boasts customers on six continents in industrial markets like oil and gas, water, manufacturing, electric utilities and others.
McBride said that a “perfect storm” is brewing in ICS security as industrial facilities become more connected and adversaries look for different ways to inflict physical and financial damage.
In years past, McBride said, security wasn’t a huge consideration for the industrial sector, since IT and OT networks were largely segregated from each other. But things are different now.
“There’s just really, really compelling business reasons to pull a lot of the the plant networks and make them accessible over on the business side,” McBride said. “So you’ve got a very vulnerable environment like these plant networks that are now being rapidly connected to the IT or the business networks, and you’ve got threat actors, bad guys, who are looking to go after these things.”
Stakeholders are now undoubtedly more watchful on cyberthreats to critical infrastructure. The Department of Homeland Security, the Department of Energy, lawmakers and regulators have been stepping up their game in coordinating with industry to promote things like information sharing and supply chain risk assessments.
The threats are real – the energy grid and oil and gas refineries are being targeted on the regular. And global ransomware attacks like WannaCry and NotPetya had spillover effects on several sectors that cost companies billions of dollars.
“This is the stuff that runs our lives,” McBride said. “If I’m a company and I can’t produce what I’m supposed to be producing because it went down because of a cyberattack, it’s a bad day.