Guidance for Securing Operational Technology (OT) Assets with Claroty xDome on AWS
Implement a cybersecurity approach to secure OT, Internet of Things (IoT), and Industrial Internet of Things (IIoT) assets
Overview
How it works
These technical details feature an architecture diagram to illustrate how to effectively use this solution. The architecture diagram shows the key components and their interactions, providing an overview of the architecture's structure and functionality step-by-step.
Well-Architected Pillars
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
Operational Excellence
ElastiCache simplifies deploying, operating, and scaling an in-memory cache in the cloud. ElastiCache is a managed service, so AWS takes care of the operational aspects of running Redis, including hardware provisioning, software patching, horizontal and vertical scaling, upgrading engine versions, automatic backup, and monitoring.
Read the Operational Excellence whitepaperSecurity
Security Hub provides you with a centralized location to view and manage security alerts, findings, and recommendations across multiple AWS accounts and services. Security Hub in this Guidance provides managed threat intelligence based on analysis from AWS and third-party sources to identify known bad actors.
Read the Security whitepaperReliability
Amazon RDS automatically performs backups of the database to Amazon S3. This includes daily snapshots and transaction logs captured every 5 minutes, which aids in disaster recovery. This Guidance also uses multi-Availability Zone (AZ) Amazon RDS database instances to provide automated failover to a standby replica in another AZ. This minimizes downtime if there are AZ failures.
Read the Reliability whitepaperPerformance Efficiency
Amazon EKS provides Amazon CloudWatch metrics for monitoring overall cluster health, resource utilization, application performance, and bottlenecks. Amazon EKS integrates tightly with Amazon S3 and Amazon RDS in addition to caching, networking, security, and monitoring services. This integration can help you meet workload requirements around scaling, traffic management, and data access patterns.
Read the Performance Efficiency whitepaperCost Optimization
A data lake powered by Amazon S3 provides a highly durable and inexpensive way to store large amounts of log, packet capture, and forensic data from the Guidance over long periods of time at lower costs. Additionally, analyzing storage metrics and access patterns can help you better understand your resource usage so you can make informed decisions about optimizing frequently accessed "hot" data versus using less expensive “cold” data archives.
Read the Cost Optimization whitepaperSustainability
Amazon RDS makes it easy to right size database instance types and storage based on actual utilization data—this helps you prevent overprovisioning. Additionally, Amazon S3 provides highly durable storage, reducing how often the Guidance must replicate data for redundancy.
Read the Sustainability whitepaperDisclaimer
Did you find what you were looking for today?
Let us know so we can improve the quality of the content on our pages