Becomes first OT & IoT security specialist to join the globally recognized program
SAN FRANCISCO, September 15, 2020 — Nozomi Networks Inc., the leader in OT and IoT security, today announced it has been recognized by the CVE Program as an authorized CVE Numbering Authority (CNA), assigning CVEs in the area of OT & IoT vulnerabilities. The CVE Program is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and operated by MITRE. It is the de facto international standard for identifying and naming cybersecurity vulnerabilities. Nozomi Networks joins an elite group of 136 CNA organizations spanning 24 countries and is the first OT & IoT security specialist to join the program.
“We are pleased to grant Nozomi Networks CVE Numbering authority,” said Scott Lawler, CEO LP3 and CVE Board Member. “In addition to a deep commitment to ensuring the security of their own products, a team of researchers in Nozomi Networks Labs also works to identify vulnerabilities in other industrial equipment and software. Nozomi Networks leads their industry in the number of responsible disclosures made to the United States ICS-CERT. They’ve consistently demonstrated a high level of professionalism and expertise in helping impacted customers and vendors quickly address identified vulnerabilities. Their specialized expertise in OT and IoT cybersecurity and the processes they have established to ensure the cybersecurity of their own products make them a valued member of the CNA team.”
As a CNA, Nozomi Networks can now assign CVE numbers to newly identified vulnerabilities and publicly disclose information about these vulnerabilities. This includes assigning CVE numbers to vulnerabilities found in the company’s own products as well as third-party automation and industrial products not covered by another CNA.
Since 2013, Nozomi Networks researchers have made more than a dozen responsible disclosures, which to date have resulted in 13 CISA ICS-CERT Advisories. The company uses the MITRE ATT&CK Framework for ICS terminology in its detection and alerting capabilities, providing immediate context for any detected activity and reducing the need for additional research to understand the significance of the behavior. Nozomi Networks products are ISO 9001: 2015 certified. Additionally Nozomi Networks’ Product Security Incident Response Team (PSIRT) supports solidly defined procedures for managing product vulnerabilities.
“We are honored to receive CNA status,” said Nozomi Networks Co-founder and CTO Moreno Carullo. “Our passion for helping our customers and the industry as a whole fuels Nozomi Networks’ history of innovation and success. This is a significant milestone that allows us to do even more in our efforts to strengthen the security of the operational infrastructure that people rely upon around the world.”
For more information read the Nozomi Networks blog post: CISA-sponsored CVE Program Grants Nozomi Networks CNA Status.