SPEAK WITH AN EXPERT

Case Study – Manufacturing

Unifying OT security monitoring and reducing alert noise with Claroty and CyberProof

DOWNLOAD THE PDF

About the client

The client is a global industrial manufacturer operating complex operational technology (OT) environments across Europe, the Americas, and Asia-Pacific. These environments support critical mechanical systems that require continuous monitoring and operational reliability.

To strengthen security visibility, the organization deployed Claroty sensors that collect network telemetry and forward it to the Claroty Enterprise Management Console (EMC). The data is then integrated with Microsoft Sentinel and correlated with other tools, including Microsoft Defender, enabling centralized security monitoring and investigation.

The client’s challenge

The client sought to strengthen monitoring of its operational technologyΒ  environment:

Key challenges included:

  • Fragmented OT telemetry and visibility: No centralized way to aggregate and analyze data from OT network traffic across the environment.
  • Limited correlation between OT and IT security data: Lack of integration with the organization’s broader security monitoring environment.
  • Manual alert analysis requirements: Alerts generated by Claroty required analyst review to determine risk and priority.
  • Unclear escalation workflows: Once alerts were validated, analysts needed a consistent process for forwarding cases to the client.

Benefits

  • Complete OT telemetry visibility: Four Claroty sensors provide centralized monitoring of industrial network activity.
  • Cross-platform threat correlation: Claroty alerts are integrated into Microsoft Sentinel and correlated with other tools such as Microsoft Defender.
  • Faster alert investigation: Centralized telemetry and SOC workflows accelerate analyst review and severity classification by 25%.
  • Reduced alert noise: Analyst triage and tuning help prioritize meaningful alerts, leading to a 40% reduction in alert investigations.

Our solution

Four Claroty sensors were deployed to capture OT network traffic, which now analyze industrial network activity through Claroty’s Continuous Threat Detection (CTD) capabilities. The data is then forwarded to the Claroty EMC where it is aggregated and centrally managed.

From the EMC, OT telemetry is forwarded to Microsoft Sentinel, allowing security data from Claroty to be correlated with additional security tools, including Microsoft Defender and other monitoring sources. This integration enables analysts to review OT alerts alongside other security signals within the same investigation environment.

Flowchart showing the structure of a SOC team with IT and OT experts, analytics layers, security tools, Google SecOps, and data flows between components in a manufacturing environment.

CyberProof analysts provide L1, L2 and SOC services to the customer, monitoring alerts generated by Claroty and reviewing the associated activity to determine the level of severity and potential risk. By refining alert configurations to align with operational priorities, the client receives a reduced number of false positives, and enhances incident triage. Validated cases are escalated to the client for further analysis or remediation.

Results

By integrating Claroty telemetry with Microsoft Sentinel and applying analyst-driven investigation workflows, the client established a centralized process for monitoring OT activity, correlating alerts across multiple security sources, and escalating incidents when further action is required.

Speak with an expert

Explore how CyberProof can help you with manufacturing visibility in hybrid and cloud-native environments.

SPEAK WITH AN EXPERT