Nozomi Networks Speeds Industrial Cyber Threat Detection and Response

‍This post was updated on March 3, 2020.

Safe active monitoring and a new threat feed among latest features that answer growing CISO demand for more advanced industrial cyber security solutions

SAN FRANCISCO, November 15, 2018 – Nozomi Networks Inc., the leader in industrial cybersecurity and operational visibility, today announced its latest round of innovations to accelerate industrial cyber threat detection. With this release, Nozomi Networks is addressing a rapidly maturing market with:

• A safe active choice for precise ICS network visibility
• A threat feed service to support advanced threat monitoring
• A visual GUI for improved usability and alerting
• More SCADAguardian deployment options – with the addition of containers

“After more than 1,000 installations, it’s clear that IT/OT collaboration is the norm. CISOs are now looking for mature solutions and continued innovation. This release achieves both,” said Dr. Andrea Carcano, Nozomi Networks Co-founder and Chief Product Officer. “We are delivering full OT network visibility, comprehensive protection for emerging threats, fast, flexible deployment options and a premium user experience capable of efficiently supporting reporting and remediation.”

The convergence of IT/OT has advanced the need for new security capabilities and integrations. Gartner predicts that “by 2022, 30% of asset-centric enterprises will adopt a hybrid model to secure OT environments,  with traditional security deployed alongside specialist OT security technology, up from 10% in 2018.” * The research firm recommends “security and risk management leaders focused on industrial Internet of Things and OT security should identify key OT assets and systems, as well as potential vulnerabilities, and prioritize security processes and controls, based on recognized threats to OT and IT systems.” **

Nozomi Networks Solution Architecture – SCADAguardian Advanced Edition

In response to these evolving market demands, the latest enhancements in the Nozomi Networks 18.5 release include:

NEW SCADAguardian Advanced™ – The Safe Approach to Deep ICS Network Visibility

First previewed in August, SCADAguardian Advanced (SGA) is a separate and distinct product. It leverages Nozomi Networks’ strengths in passive-only discovery and analysis, and safely incorporates active capabilities, giving operators the option to discover and monitor a specific and more complete set of ICS data. SGA includes Smart Polling™, a technique that uses low volume, very precise communications to actively identify and describe assets, vulnerabilities, and threats. Users can:

• Safely discover firmware, patch level and other device details
• Confirm vulnerabilities for faster, more efficient response
• Monitor a complete set of ICS data, improving threat and process anomaly detection
• Choose easy-to-use default configurations, or manually apply Smart Polling to query specific devices or selected areas of the network

NEW Threat Intelligence™

Nozomi Networks Threat Intelligence makes it easier for IT and OT teams to quickly find, understand and respond to anomalies and threats. With this service Nozomi Networks OT security experts curate, test and enhance ICS threat and vulnerability information gathered from their own research and that of the ICS security community. The OT ThreatFeed arms SCADAguardian customers against emerging OT threats with precise automated threat alerts and recommendations for remediation. Enhanced updates delivered through the Nozomi Networks Threat Intelligence include:

• Identified threat signatures, indicators of compromise and zero-days discovered by Nozomi Networks
• Curated malware indicators from the ICS community, with enhanced Yara Rules & Packet Rules
• Enriched updates from the U.S. Government’s National Vulnerability Database (NVD)

NEW Container-based Delivery Model – For Embedded Deployment and Efficiency

With this latest release, Guardian can be deployed via a container embedded into select switches and routers as well as within the security infrastructure of Nozomi Networks partners. Nozomi Networks’ new container-based option allows operators to manage fewer devices and deploy across a wide variety of embedded network devices and security architectures. As a result they gain improved resource efficiencies, simplified implementation, and reduced overall total cost of ownership (TCO).

The 18.5 release delivers a premium UX. New dashboards and alerts, as well as an enhanced visual interface, improve network monitoring, threat detection and productivity across OT and IT environments. It will be generally available by year-end.

With this fifth generation of technology, Nozomi Networks continues to lead the market in ICS cybersecurity. Chosen by leading IT security providers, and resellers around the world, Nozomi Networks’ proven solutions support hundreds of thousands of devices in more than 1,000 installations spanning energy, manufacturing, mining, transportation, utilities and critical infrastructure.

*Gartner Competitive Landscape: Operational Technology Security, Ruggero Contu, 29 October 2018
**Gartner Market Guide for Operational Technology Security, Saniye  Alaybeyi and Ruggero Contu, 30 July 2018

‍