Large organizations utilize a variety of technologies and solutions to create cyber resiliency, an important part of the best practice known as Defense in Depth. But, using disparate systems can actually result in increased security exposure and risks, and slower response to threats.
A few years ago, Cisco began working with the best and brightest minds around the world to address this issue. This led to the creation of their security technology program, which included an open platform for collaboration called the Cisco Security Technology Alliance (CSTA).
Nozomi Networks has integrated its ICS security solution with the CSTA to deliver comprehensive operational visibility and cyber security across IT/OT networks. Together, we provide real-time monitoring and threat detection that streamlines security policy management & enforcement, and speeds incident response.
Nozomi Networks Integrates with Cisco Security Policy Platform and Devices
The CSTA provides an environment for leading security solution providers like us to integrate with Cisco APIs and SDKs across the Cisco security portfolio.
Nozomi Networks kicked off our membership in CSTA with security integration for Cisco’s Identity Services Engine (ISE).
The Identity Services Engine (ISE) is a security policy management platform that helps organizations manage users and devices on business networks. Sharing contextual usage data amongst IT systems and solutions makes it much easier to enforce policies for resource access, and more.
Unified IT / ICS Security Policy Management, Monitoring and Incident Response
Today, enterprise security extends beyond business networks to include operational technology (OT) environments. The Nozomi Networks solution adds deep OT visibility and threat detection to Cisco’s security platform, for integrated IT/OT security monitoring, policy management and incident response.
For example, Cisco’s ISE provides network access control and creates profiles for devices connected to the ICS network. The Nozomi Networks solution passively analyzes network traffic and collects information about endpoints to enhance OT visibility. The systems exchange bidirectional information as follows:
- ISE provides additional asset details gathered from endpoint supplicants to enhance Nozomi Networks asset inventory. Similarly, ISE uses SCADAguardian information to build out more robust device profiles.
- SCADAguardian provides ISE with MAC information, enabling enhanced MAC whitelisting for OT networks.
- SCADAguardian provides ISE with information that assists in changing authorization rules, such as modifying security group tags, applying downloadable ACLs to switchports, changing the VLAN, etc.
The Nozomi Networks solution also provides joint customers with:
- OT network visualization – for situational awareness and fast troubleshooting
- Operational visibility – for real-time OT network monitoring
- OT cyber security – for rapid, OT-specific threat detection and incident response
Integrated IT-OT Security Infrastructure Reduces Corporate Risk
Membership in CSTA allows us to better support our customers’ adoption of an integrated IT-OT security infrastructure. As more and more organizations move towards enterprise-wide cyber security management across business and industrial networks, our integrated solution provides the visibility and cyber resiliency they’re looking for.
Related Content to Download
“Advancing ICS Visibility and Cyber Security with the Nozomi Networks Solution”
Read this document to learn how the Nozomi Networks solution:
Improves network and operational visibility for ICS
Detects ICS cyber and process risks
Facilitates rapid threat response
Enables enterprise-scale OT risk monitoring
Uniquely provides superior visibility and threat detection
- Cisco Blog: Securing Critical Infrastructure in the Digital Age
- Cisco Blog: How Alliances Strengthen Your Cybersecurity Defenses
- Cisco Blog: The Security Seven: 7 Ways to Defend Your Factory from Today’s Threats
- Cisco.com: Identity Services Engine
Nozomi Networks Materials
- Data Sheet: Nozomi Networks SCADAguardian
- Data Sheet: Nozomi Networks Central Management Console (CMC)
- Executive Brief: Business Leaders Need to Quickly Shift Focus to Industrial Security
- Case Study: Enel Secures Global Power Distribution Network
- Blog: Black Hat – Understanding TRITON, The First SIS Cyber Attack