Radiflow Releases First Ever Risk Analysis Platform Based on ISA/IEC Standards

August 17, 2020 by Alessandro Mascellino

Cybersecurity solutions company, Radiflow, released the company’s first risk analysis platform based on the ISA/IEC 62443 framework.

Named CIARA (Cyber Industrial Automated Risk Analysis), the new platform helps industrial automation and control system users to streamline risk reduction planning and compliance  Designed to improve overall cyber risk posture, CIARA offers a number of features and tools for data collection, data-driven analysis, and transparent risk metrics calculation.


Radiflow's Cybersecurity Efforts

Focusing on industrial cyber-security solutions for critical business operations, Radiflow develops innovative solutions for ICS/SCADA networks. These tools enable users to perform a variety of security tasks in order to maintain visibility and control of their OT networks. 

The company's best-known products are its Intelligent Threat Detection tool, capable of passively monitoring the OT network for anomalies, and various Secure Gateways developed to protect OT networks from any deviations from set access policies.

Radiflow was founded by Ilan Barda in 2009 and has since raised a total of $28 million from ST Engineering Ventures Fund and Zohar Zisapel. The Tel Aviv-based company currently protects 3,898 sites worldwide for 97 customers, has 3 Tier-1 Automation Vendors, and 4 international OEMs.


The Cyber Industrial Automated Risk Analysis Platform

CIARA is an artificial intelligence-powered tool capable of asset data collection, data-driven analysis, and transparent risk metrics calculation. The software also provides risk scoring capabilities arranged per zone and business process based on business impact.


Radiflow's CIARA cybersecurity platform. Image courtesy of Radiflow


The new platform was developed as a response to the growing digitization of the production floor, otherwise referred to as Industry 4.0, which has led to a rapid increase in the number of cyber threats in various industries.

According to Radiflow, in this fast-changing environment, risk assessment processes remain the main manual tasks that fail to address the full scope of the problem, leaving companies vulnerable to malicious actors.

With the development of CIARA, Radiflow is now building a next-generation Cyber risk platform intended to aid the CISO, Operation manager, and other risk stakeholders to reduce cyber risk in Industry 4.0 scenarios. This goal is achieved through the pervasive use of advanced analysis algorithms to automate and manage companies' entire cybersecurity risk life cycle.

To ensure its effectiveness against the latest cyber threats, CIARA is continuously updated via the deployment of assets data from the field as well as a threat intelligence feed.

The latter is based on multiple sources including the MITRE ATT&CK knowledgebase, a tool often considered the foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity community.


Based on ISA/IEC Standards

CIARA is a solution that follows the ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC) in 2018. The ISA/IEC 62443 standards have been created to specify security capabilities for control system components. 

In other words, the regulations provide a global framework to locate and mitigate current and future security risks in industrial automation and control systems (IACSs). In addition to the ISA/IEC 62443 standards, the CIARA also meets the EU NIS Directive and elements of NERC CIP Cybersecurity Requirements. Additional support for the NIST Cyber-Security FRAMEWORK is currently under development.


What do you think about CIARA?