Claroty Broadens OT Security to Include IoT Devices with New Threat Detection Release

Claroty has long positioned itself as the specialist in industrial protocols, with its team “born and raised in the world of Modbus, Profibus and DeviceNet,” according to CEO Dave Weinstein.

“We think in S7 and dream in DNP3. We go beyond Ethernet/IP into the realms of the most arcane Fieldbus and serial protocols,” Weinstein said, highlighting the company’s deep expertise.

In its latest offering, Claroty is extending its focus to the growing segment of non‑traditional networked devices – what the firm calls “IoT” – and integrating them into its Continuous Threat Detection OT security platform.

“For us, IoT in an OT context means everything that is not a traditional OT device or a classic IT device,” Weinstein explained. “It’s the hidden layer that sits between the two worlds.”

Version 3.5 of the Continuous Threat Detection software now delivers enhanced visibility into this IoT layer and introduces new functionality that helps security teams filter out false alarms.

“As a former CISO and CTO, I’ve seen teams drowning in alerts that turn out to be false positives,” Weinstein said. “We spend countless hours chasing noise that doesn’t matter.”

Because IT security professionals are often unfamiliar with the traffic signatures of OT and IoT devices, the triage process can be frustrating. Claroty’s alert algorithm is designed to surface only those events that represent genuine security or operational risk, rather than every minor network change.

“Most vendors simply flag every alteration on a machine‑to‑machine network,” Weinstein noted. “While that might sound logical, in practice it overwhelms security teams.”

To improve accuracy, Claroty has built a machine‑learning engine that learns from historical data. “We could call it AI, but the term carries different expectations than what we’re actually doing,” he said.

IoT devices expand the attack surface of industrial networks, and yet many organizations struggle to know exactly how many such devices exist on their premises. Weinstein illustrated this with a common scenario:

“We visit a manufacturing plant, ask for their asset inventory, and find a manually‑filled list. Then we monitor traffic and discover an order of magnitude more devices than the inventory reports.”

While several competitors promise network visibility, Claroty differentiates itself with strong industry backing. Since its inception, the company has raised roughly $100 million in venture capital and forged partnerships with three of the leading industrial automation vendors: Siemens, Rockwell Automation and Schneider Electric.

These partners not only invest in Claroty but also serve as channel partners, helping the company bring its tailored OT security solutions to a broad global market.

Claroty’s customer base spans more than a dozen industries across more than 20 countries. The latest software release is aimed at deepening the value delivered to existing customers rather than chasing new ones.

“Our focus remains on expanding the capabilities for the customers we already serve,” Weinstein said. “We’re committed to evolving our platform within the core verticals where we have proven expertise.”