Merging Security and Operational Asset Data with the Nozomi Networks Platform

Merging Security and Operational Asset Data with the Nozomi Networks Platform

In industrial environments, operational technology (OT) and information technology (IT) systems typically maintain separate data sets. OT systems like control systems and SCADA track detailed asset information for production, while IT systems like maintenance management track higher-level business data. This separation can hinder effective communication and risk management decision making between teams. Integrating important OT asset data from both OT and IT systems can improve cross-functional collaboration and risk management. Let’s walk through how this might look in practice.

In the video below, Marty the OT Guy demonstrates a method for merging asset data between the Nozomi Networks platform and a simulated maintenance management system, enabling data sharing between security and production teams to facilitate better conversations. The Nozomi Networks platform provides discovered asset data like IP addresses, vendors, installed firmware and zones, while the maintenance system provides supplemental data not visible to the Nozomi Networks platform like asset IDs, locations, managers, criticality ratings, and maintenance schedules.

By merging this data, security teams can access production context for OT assets to improve risk prioritization and use standardized language when collaborating with maintenance teams.

Some examples of merged data fields in the Nozomi Networks platform might be:

  • Asset ID: The maintenance system ID for the asset
  • Location: Where the asset is physically installed
  • Manager: Responsible maintenance contact for the asset
  • Criticality: Production criticality rating (1-5)
  • Last/Next Maintenance: Upcoming scheduled maintenance
  • Downtime Cost: Estimated hourly production loss if asset fails

One sample query using this enriched data could look for assets with criticality not equal to zero, then sorted by highest criticality. Another query could be on downtime cost by showing assets with downtime cost greater than zero, displaying the IP, label, asset ID, description, manager, location, criticality, and hourly downtime cost, sorted by highest downtime cost to identify assets with the largest financial impacts if they experience unplanned downtime.

Using both queries together can help prioritize risk mitigation efforts for the most critical assets, or “crown jewels”, in your environment.

By blending OT asset visibility data from the Nozomi Networks platform with supplemental IT details from a maintenance system, security and operations teams gain a unified view of their vital production assets. This provides essential context for smarter security decisions and fosters better collaboration. The result is improved risk management and more uptime.

With some customization, the APIs and data model options outlined in this video could be adapted to merge and sync asset data between the Nozomi Networks platform and various maintenance management or ERP systems like SAP, Oracle, Maximo, and more.

If you’re interested in getting your hands on Marty’s asset management toolkit from the video, reach out to your CSM or contact us.