Note: on July 23rd 2019, SCADAguardian was renamed Guardian, and SCADAguardian Advanced was renamed Smart Polling.
Large organizations utilize a variety of technologies and solutions to create cyber resiliency, an important part of the best practice known as Defense in Depth. But, using disparate systems can actually result in increased security exposure and risks, and slower response to threats.
A few years ago, Cisco began working with the best and brightest minds around the world to address this issue. This led to the creation of their security technology program, which included an open platform for collaboration called the Cisco Security Technology Alliance (CSTA).
Nozomi Networks has integrated its ICS security solution with the CSTA to deliver comprehensive operational visibility and cyber security across IT/OT networks. Together, we provide real-time monitoring and threat detection that streamlines security policy management & enforcement, and speeds incident response.
Nozomi Networks Integrates with Cisco Security Policy Platform and Devices
The CSTA provides an environment for leading security solution providers like us to integrate with Cisco APIs and SDKs across the Cisco security portfolio.
Nozomi Networks kicked off our membership in CSTA with security integration for Cisco’s Identity Services Engine (ISE).
The Identity Services Engine (ISE) is a security policy management platform that helps organizations manage users and devices on business networks. Sharing contextual usage data amongst IT systems and solutions makes it much easier to enforce policies for resource access, and more.
Unified IT / ICS Security Policy Management, Monitoring and Incident Response
Today, enterprise security extends beyond business networks to include operational technology (OT) environments. The Nozomi Networks solution adds deep OT visibility and threat detection to Cisco’s security platform, for integrated IT/OT security monitoring, policy management and incident response.
For example, Cisco’s ISE provides network access control and creates profiles for devices connected to the ICS network. The Nozomi Networks solution passively analyzes network traffic and collects information about endpoints to enhance OT visibility. The systems exchange bidirectional information as follows:
- ISE provides additional asset details gathered from endpoint supplicants to enhance Nozomi Networks asset inventory. Similarly, ISE uses SCADAguardian information to build out more robust device profiles.
- SCADAguardian provides ISE with MAC information, enabling enhanced MAC allowlist for OT networks.
- SCADAguardian provides ISE with information that assists in changing authorization rules, such as modifying security group tags, applying downloadable ACLs to switchports, changing the VLAN, etc.
The Nozomi Networks solution also provides joint customers with:
- OT network visualization – for situational awareness and fast troubleshooting
- Operational visibility – for real-time OT network monitoring
- OT cyber security – for rapid, OT-specific threat detection and incident response
Integrated IT-OT Security Infrastructure Reduces Corporate Risk
Membership in CSTA allows us to better support our customers’ adoption of an integrated IT-OT security infrastructure. As more and more organizations move towards enterprise-wide cyber security management across business and industrial networks, our integrated solution provides the visibility and cyber resiliency they’re looking for.