Nozomi Networks released Vantage in early 2021 as a cloud–based platform for consolidating asset and threat information from multiple sensors into a single location. This allows our customers to easily access management and reporting features from anywhere, and it’s especially helpful when managing sites that are distributed around the globe.
While the world has decidedly moved towards the cloud model, there are also a number of reasons someone may not want to take advantage of a cloud-based console. Data residency and data sovereignty can be a big concern, especially when dealing with sites in multiple countries that may have vastly different regulatory requirements. Real-time updating to the cloud may also be difficult for remote sites with slow or costly connectivity. In these situations, it makes a lot of sense to only access the data from a local Guardian or Central Management Console (CMC). However, synchronization with Vantage provides additional benefits beyond improved monitoring and reporting capabilities.
Selective Data Synchronization makes this easier for customers to select which data is sent out to Vantage, to allow for concerns such as data residency.
The Vantage Advantage
When I started at Nozomi Networks, it took a few days for my lab hardware to arrive, but just a matter of minutes for my Vantage instance to be created. After starting up the first Guardian in my lab, I configured the settings to synchronize it with my Vantage instance and almost immediately had up-to-date licensing pulled down and the Threat Intelligence and Asset Intelligence features enabled. While that’s just one Guardian and couple remote collectors in my lab, when it’s applied to an organization with sites spread across the world, deployment is that much easier. A Guardian could be pre-configured, shipped to the site, and on the initial boot it would sync up and pull down the appropriate licensing, enabling the correct features and allowing for all the appropriate updates. This also allows for the support contracts and licensing to remain synced across the entire global organization, removing the need to track license renewal and updates for every individual site.
In an effort to provide customers with the licensing and configuration benefits of syncing to Vantage, but also allow for those who have data residency or other concerns, Nozomi Networks has introduced Selective Data Synchronization in version 21.9. This allows for a customer to pick and choose what data is sent to Vantage.
Synchronization settings such as alerts, assets, and audit items can be easily selected or deselected on Nozomi Networks sensors
It’s now possible to selectively turn syncing on and off at a very granular level. If a customer wanted to only use Vantage as a licensing server, they could deselect all of the options and no sensitive data will leave the Guardian. However, one could also decide to not sync asset alert data, but still sync health logs about the environment to monitor for potential system failures.
For sites with bandwidth constraints, it would be possible to only sync security alerts or asset information, minimizing the traffic across the wire. These settings are applied at the “organization” level, allowing one to sync different data for each organizational level. For example, setting up one organization for the “in country” Guardians and a different organization for remote sites in other geographic locations could allow for very precise control of data synchronization based on the individual countries in which the Guardians reside. For organizations who have historically been hesitant to try a cloud–based model, this also provides a way to dip their toes in the water and see how well it works for them.
More Flexible Deployment Models
To help with creating a customized deployment model, Vantage also includes unlimited sensor licenses. This provides a huge degree of flexibility for customers to expand their deployment to monitor small isolated environments or to keep pace with new expansions of their network. Utilizing virtual or containerized Guardians can also provide a more granular view into the network, reducing the need to rely on placing sensors only at choke points in the network.
With Selective Data Synchronization, Nozomi Networks provides customers with the ability to take advantage of a robust SaaS option for monitoring their assets across the globe with the option to control the types of data being sent to the cloud. Customers can now have a globally consolidated view of their Guardian installations with all the benefits of license and version consistency despite previous roadblocks brought about by regulatory compliance or connectivity constraints.
Technical Marketing Engineer
Bruce Snell comes to Nozomi Networks with 25 years in the information security industry. His background includes administration, deployment, and consulting on all aspects of traditional IT security. For the past 10 years, Bruce has branched out into OT/IoT cybersecurity (with GICSP certification), working on projects including automotive pen-testing, oil and gas pipelines, autonomous vehicle data, medical IoT, smart cities, and others. Bruce has also been a regular speaker at cybersecurity and IoT conferences as well as a guest lecturer at Wharton and Harvard Business School.