Our Investment in Claroty: The Leading Security Provider for Cyber-Physical Systems
Enterprises spend millions of dollars every year on cybersecurity products (endpoint, firewalls, etc.), services (MSSP, MDR, etc.), and in-house security talent to secure their IT assets and data. In contrast, companies have historically held the belief that their cyber-physical systems were secure by being “air-gapped” from the internet, and therefore spending little (or nothing) on securing them. Cyber-physical systems (“CPS”) consist of equipment and software that monitor and control physical processes across various sectors including healthcare, manufacturing, energy, and the public sector (power grids, water treatment plants, etc.). For instance, under this “air-gapped” security framework, the CPS of a manufacturing plant would be considered secure so long as physical access to the facility was properly managed.
Unfortunately, the belief that these systems are secure is a fallacy, and unlike breaches of IT assets, failure to adequately secure a hospital system or water treatment plant’s assets poses a direct threat to human lives. In 2021, a hacker gained access to a Florida water treatment system and attempted to increase the levels of sodium hydroxide, putting an entire community at risk of being poisoned. Luckily, it was caught before entering the public water supply, but this attack serves as a frightening example of the risks associated with a cybersecurity breach of critical infrastructure.
Dan Williams, Partner at Delta-v
It comes as no surprise that organizations are showing an increased focus on protecting their CPS assets in light of the rise in critical infrastructure attacks (e.g. Colonial Pipeline, Industroyer 2), geopolitical tensions (e.g. Ukraine, Israel, Russia, China), and regulatory pressures (e.g. IEC 62443, NIST SP 800-82). In the last few weeks, the White House issued a new Executive Order calling for improvements to the cybersecurity posture of our nation’s port infrastructure. Last fall, NATO countries underwent a cyber defense exercise to test preparedness for attacks on critical infrastructure and operational technology (“OT”) assets (a subset of CPS).
Yaniv Vardi, CEO of Claroty
Over the last several years at Delta-v, we’ve built a thesis in CPS security as a nascent (but vital) subsector of the cybersecurity landscape. While the macro need for CPS security solutions is compelling, the problem is a fundamentally challenging one as OT assets differ from many IT assets in that they often don’t run an operating system and cannot support the compute and memory requirements of traditional IT security products like endpoint agents. Unlike modern IT standardization around Windows, iOS, and Linux, OT environments are composed of a myriad of types of devices spanning multiple decades that speak unique proprietary protocols. This creates a challenge, but also a new opportunity, for a new wave of cybersecurity vendors to solve.
In line with our thesis, we are excited to announce our growth investment in Claroty as the lead equity investor in their $100 million strategic growth financing. Claroty has demonstrated a unique ability to address organizations’ most pressing critical infrastructure security needs, and we believe Claroty’s platform approach to CPS protection is strongly aligned with where the market is headed for years to come. We are excited to join such an important mission and look forward to supporting Claroty’s continued growth and success alongside the management team and investor syndicate.
Read the Wall Street Journal coverage here: Cyber Defense Company Claroty Secures $100M in Funding