Back

Claroty and Corsha Enhance OT Security for U.S. Federal Agencies

Severity: Medium (Score: 42.0)

Sources: claroty.com, Industrialcyber.Co

Published: 2026-05-26 · Updated: 2026-05-26

Keywords: claroty, corsha, systems, machine, identity, bring, protection

Severity indicators: ot, rat

Summary

Claroty has partnered with Corsha to integrate operational technology (OT) threat detection with machine identity security, aimed at U.S. federal agencies. This collaboration combines Claroty's Continuous Threat Detection (CTD) with Corsha's identity and access control, enhancing security in critical cyber-physical systems (CPS). Both companies have received Authority to Operate (ATO) at various military and federal sites, validating their technologies. The integration addresses the growing complexity of OT and IT convergence, which increases cyber risks from nation-state adversaries and cybercriminals. The solution emphasizes Zero Trust principles, ensuring identity enforcement at every connection point. This partnership aims to provide real-time visibility and automated threat mitigation across mission-critical infrastructure. Key Points: • Claroty and Corsha's integration enhances OT security for U.S. federal agencies. • Both companies have received Authority to Operate at key military sites. • The solution emphasizes Zero Trust principles to mitigate cyber risks.

Detailed Analysis

**Impact** U.S. federal agencies, including military missile defense sites, the Intelligence Community, and the U.S. Air Force Sustainment Center, are affected by this integration. The collaboration enhances security for operational technology (OT) and cyber-physical systems (CPS) across critical infrastructure sectors, including manufacturing and defense logistics. The integration addresses risks from OT/IT convergence, cloud adoption, and remote management, which expand the attack surface and expose mission-critical systems to advanced nation-state and cybercriminal threats. **Technical Details** The integration combines Claroty’s Continuous Threat Detection (CTD) with Corsha’s Machine Identity Provider (mIDP) to enforce identity-based access control for every machine-to-machine connection. It leverages dynamic segmentation to automatically block suspicious traffic and limit lateral movement without manual re-architecture. Real-time threat prevention capabilities stop ransomware propagation and credential misuse by validating machine identities at the connection level. No specific malware, CVEs, or IOCs are mentioned in the articles. **Recommended Response** Defenders should implement continuous, real-time asset visibility and enforce machine identity-based Zero Trust access controls across OT and CPS environments. Deploy dynamic segmentation to automatically isolate suspicious traffic and prevent lateral movement. Monitor for unauthorized machine connections and credential misuse, focusing on machine identity validation at connection points. No specific patches or IOCs are provided; agencies should prioritize integrating identity-based access enforcement and real-time threat detection tools.

Source articles (2)

  • Claroty and Corsha integrate OT threat detection with machine identity security for US ... — Industrialcyber.Co · 2026-05-26
    Cyber-physical systems (CPS) protection company Claroty announced an integration with Corsha , a Machine Identity Provider (mIDP). The collaboration unites Claroty’s Continuous Threat Detection (CTD)…
  • Claroty And Corsha Partner To Bring Holistic Cyber Physical Systems Protection To Federal Operational Environments — claroty.com · 2026-05-26
    New Integration Combines Deep Asset Visibility with Dynamic Machine Identity to Bring Robust Zero-Trust Principles to Mission-Critical OT Security Systems NEW YORK—May 21, 2026— Claroty , the cyber-ph…

Timeline

  • 2026-05-21 — Claroty and Corsha announce partnership: The two companies revealed their integration to enhance OT security for U.S. federal agencies, focusing on Zero Trust principles.
  • 2026-05-26 — Integration details published: Claroty and Corsha's integration details were published, highlighting the importance of continuous threat detection and identity enforcement.

Related entities

  • Ransomware (Attack Type)
  • Supply Chain Attack (Attack Type)
  • Government (Industry)
  • Manufacturing (Industry)
  • T1021 - Remote Services (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed