See All Nexus 2024 Sessions
Claroty Nexus Logo
Topics:
See all in Cyber Resilience See all in Articles
See all in Videos
See all in Podcasts

Articles

Recent articles

nexus_sbom-practical.jpg
Vulnerability Management
Risk Management

Putting SBOMs to Practical Use

George V. Hulme
Healthcare delivery organizations using open-source software experience a balance of development advantages and security tradeoffs. Visibility, oversight, and tracking the use of OSS is critical to reducing risks it introduces. SBOMs, meanwhile, can be an advantage, in particular with regard to vulnerability management.
Cyber Resilience
Healthcare
Vulnerability Management
Risk Management

Understanding the Risks of Open Source Software in Healthcare

George V. Hulme
Expert Don C. Weber writes that safety devices are within scope for cybersecurity risk assessments. This includes conducting high-level risk assessments to assemble documentation for specific Systems-under-Consideration (SuC) of the safety solution, performing a vulnerability assessment of the SuC, feeding the results into the detailed risk assessment to allow the risk management team to identify and address residual risks.
Operational Technology
Operational Resilience
Vulnerability Management

Architecting Safety Using Cybersecurity Requirements and Assessments

Don C. Weber
nexus_fda-mdms.jpg
Healthcare
Vulnerability Management
Risk Management

FDA Sets Sights on Medical Device Vulnerability Management

George V. Hulme
Understanding the nuances of OT cybersecurity vulnerabilities becomes imperative for IT cybersecurity teams to develop comprehensive defense strategies that safeguard both IT and OT environments.
Operational Technology
Operational Resilience
Vulnerability Management
Risk Management

What IT Cybersecurity Teams Need to Know about OT Vulnerabilities (Part 1)

Dan Ricci
nexus_pipeline.jpg
Risk Management
Vulnerability Management
Zero Trust
Operational Technology

A Strategic Necessity: Compensating Controls in ICS, OT

George V. Hulme
nexus_ot-patching.jpg
Operational Technology
Vulnerability Management
Operational Resilience

OT Patch Management Truths

George V. Hulme
nexus_firmware-in-med-devices.jpg
Healthcare
Vulnerability Management

Hardening Medical Devices’ Soft and Risky Security Underbelly: Firmware

George V. Hulme
nexus_medical-device-sec-improvments.jpg
Healthcare
Vulnerability Management

Recapping Recent Strides in Medical Device Cybersecurity

George V. Hulme
nexus_ics-vulns-matter.jpg
Operational Technology
Vulnerability Management

Why ICS Vulnerabilities Do Matter

Dan Ricci
Assessing known medical device vulnerabilities and patches in order to minimize operational disruption and lessen negative impacts to patient care is a must in connected healthcare organizations.
Healthcare
Vulnerability Management

Considerations for Medical Device Vulnerability Remediation

Skip Sorrels
Take a pragmatic approach to patching operational technology environments; doing so addresses OT's unique vulnerability management challenges.
Industrial
Vulnerability Management
Operational Technology

‘One Does Not Simply Patch OT’

Dan Ricci

Latest on Nexus Podcast

See all episodes
The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.
In this episode of the Nexus Podcast, Alethe Denis, a senior security consultant at Bishop Fox, joins to discuss the ongoing effectiveness of open-source intelligence analysis and social engineering tactics as a precursor to larger intrusions against critical infrastructure.
Cyber Resilience
Healthcare
Industrial
Risk Management

Nexus Podcast: Alethe Denis on Social Engineering, Red-Teaming
On this episode of the Nexus Podcast, Alon Dankner of the Technion Institute in Israel explains his research into the Siemens S7 protocol and PLCs. A vulnerability uncovered during research allows an attacker to expose and steal private cryptographic keys by leveraging a severe vulnerability and configuration error.
Operational Technology

Nexus Podcast: Alon Dankner on Extracting Private Crypto Keys from PLCs
In this episode of the Nexus Podcast, Claroty Team82 researcher Noam Moshe explains the challenges involved in gathering attack forensic artifacts from OT devices, in this case, Unitronics PLCs that were exploited in 2023 in attacks against water facilities in the U.S. and Israel.
Operational Technology
Industrial

Nexus Podcast: Noam Moshe on Extracting Forensic Data from Unitronics PLCs