Real-time ICS Cyber Security and Operational Visibility
Complete Cyber Security and Visibility For ICS Environments
Guardian™ protects control networks from cyberattacks and operational disruptions by providing complete ICS visibility and security in a single solution.
Its advanced technology automatically maps and visualizes your entire industrial network, including assets, connections and protocols. Guardian monitors network communications and behavior for risks that threaten the reliability of your systems, and provides the information you need to respond quickly.
Available as a passive monitoring solution, or low-impact active solution with the Smart Polling™ add-on, Guardian allows you to choose the asset discovery approach that best fits your organization.
Immediately Visualize Your Industrial Network
Real-time Network Visualization
- Improves system awareness and understanding of network structure and activity
- Displays key information such as traffic throughput, TCP connections and protocols used between nodes and zones
- Speeds incident response and troubleshooting efforts
Flexible Navigation and Filtering
- Shows macro views plus detailed information on endpoints and connections
- Filters by subnets, network segments, and topologies
Automatically Track Your Industrial Assets
Up-to-Date Asset Inventory
Advances cyber resiliency and saves time with automated asset inventory
Provides detailed and verified asset information
Identifies communicating assets using built-in passive network monitoring
Enhance Asset Tracking with Smart Polling Add-on Module
- Discovers silent and rogue assets with active discovery
- Includes firmware versions, patch levels and more
Continuously Monitor Your Network and ICS
Comprehensive Cyber Security and Reliability Monitoring
- Improves network security and productivity through dashboards, charts and queries relevant to your organization
- Monitors assets from all vendors and network communications
Clear Presentation of Key Metrics
- Displays summarized data related to alerts, incidents, vulnerabilities, etc.
- Includes indicators of reliability issues such as unusual variable values
Easy Access to ICS Data
- Summarizes ICS risk information for selected date and time ranges
- Supports drilldown on visual indicators for detailed information
- Queries any aspect of your network or ICS performance, reducing data collection and spreadsheet work
Quickly Detect Threats to Your ICS or SCADA System
Up-to-the-Minute Threat Detection
- Identifies cyber security and process reliability threats in real-time
- Detects attacks in process, early stage advanced threats and cyber risks
- Blocks attacks when integrated with compatible firewalls
Best-in-Class ICS Threat Detection
- Uses anomaly and signature-based threat detection for comprehensive risk detection
- Ensures current monitoring when integrated with an OT ThreatFeed™ subscription
Rapidly Identify Your Vulnerability Risks
Automated Vulnerability Assessment
- Identifies which vendors’ devices are vulnerable
- Utilizes the U.S. government’s National Vulnerability Database (NVD) for standardized naming, description and scoring
Efficient Prioritization and Remediation
- Speeds workflows with vulnerability dashboards and drilldowns
- Addresses questions like “Do certain devices have vulnerable firmware?”
Reduce Your Troubleshooting and Forensic Efforts
Effective, Efficient Incident Response
- Minimizes false positives with AI-powered Dynamic Learning™
- Decreases response time with Smart Incident™, which correlates alerts, provides operational context and delivers automatic packet captures
- Decodes incidents with TimeMachine™ system snapshots and diff reports (Snapshots are dynamic, allowing drilldown into rich ICS data)
- Provides answers fast with a powerful ad hoc query tool
Easily Integrate with Your SOC/IT Environments
Integrated Security Infrastructure
- Includes built-in integrations for asset, ticket and identity management systems, SIEMs and more
- Extends further with OpenAPI for additional integrations
Broad Protocol Support
- Supports hundreds of ICS and IT protocols
- Includes Protocol SDK and on-demand engineering services for quick creation of new protocol support
Examples of Threats Detected / Sample Deployment Architecture
Click to enlarge.
Shown above is a general example of how the Nozomi Networks solution can be deployed. A wide variety of appliances, a flexible architecture, and integrations with other systems allow us to provide a solution tailored to meet the needs of your organization.
Additionally, Remote Collectors™ can be added to Guardian appliances to capture data from remote and offsite locations.
GUARDIAN ADD-ON MODULE
Smart Polling for Active Asset Inventory
Hybrid Passive + Active Asset Discovery Enhances Guardian
- Adds low volume, active technologies to Guardian’s passive asset discovery
- Provides precise asset detail, a complete asset inventory, exact vulnerability assessment and advanced ICS security monitoring
Comprehensive ICS Asset Details
- Identifies non-communicating assets and rogue devices
- Detects USB devices on Windows systems
- Gathers details about changes in process flows and variables
- Discovers operating system information, firmware, patch levels and more
- Delivers accurate vulnerability assessment for fast and efficient response
Enhanced Network Monitoring and Threat Detection
- Uses a full set of ICS data for enhanced anomaly detection
- Integrates with OT ThreatFeed for up-to-date detection of emerging threats and zero-days
Flexible Usage Options
- Deploys across your entire network or only to targeted segments or assets
GUARDIAN ADD-ON SUBSCRIPTION
OT ThreatFeed for Up-to-Date Threat Intelligence
Stay on Top of the Dynamic Threat Landscape
- Makes it easy and efficient to stay on top of current ICS risks
- Delivers up-to-date threat intelligence for ICS environments
Timely Threat Updates
Provides emerging threats, zero-day and vulnerability information, curated by Nozomi Networks Labs
Includes threat detection tools such as Packet rules, Yara rules, vulnerability signatures, STIX indicators and a threat knowledgebase
Threat Insights that Strengthen Cyber Resiliency
Provides full network visibility with integrated threat intelligence
Delivers valuable security and operational context regarding detected risks
Alerts you about suspicious activity in real-time
Reduces security management costs as a single, comprehensive ICS threat detection tool
GUARDIAN ADD-ON APPLIANCE
Remote Collectors for Expansive Visibility and Cyber Security
Low-Resource Appliances for Distant and Distributed Installations
- Cost-effectively extend network monitoring to provide full visibility across the entire ICS environment
- Collect data from remote locations and send it to Guardian for further analysis
- Reduce deployment costs for wilderness, off-shore and desert installations
For more information on Remote Collectors, contact us.
“Once you try Nozomi and its rich feature set you cannot imagine operating without it!”
Nozomi hands down wins the evaluations … the Nozomi platform was able to pick out and properly categorize more L2 devices than any other tool in the market place.
“Innovative, easy to implement and even easier to maintain.”
From POC to implementation Nozomi has been quick to answer questions, provide feedback, and extensive support … Guardian is feature rich and Nozomi offers many different solutions for all aspects of our OT environment
“Exceeded expectations. Deeper visibility than expected.”
Best part was the willingness to adapt to our unique environment. … Not only has their solution done as advertised, and then some.
“Nozomi Guardian is literally window to the wire”
I have had an extremely positive experience with Nozomi. … I was amazed that 15 minutes later the things we were learning about our network – not all of it was good!
“Ease of deployment, behavioural baselining, visibility and granular asset inventory.”
Nozomi won hands down in terms of key features … The superb support and technical know-how provided by their Lead Engineer … [was] a key deciding factor.
“Excellent Customer Service””
Nozomi offers excellent pre and post customer support, including 24/7 service that launched in 2019.
“With Nozomi Networks Guardian we can now detect and collect operational and cyber security issues in real-time, and take corrective actions before the threat can strike.”
“Nozomi Networks Guardian is now a fundamental element of our network infrastructure and an essential tool for our daily activities.”
“The Guardian appliance is powerful, their team is skilled, they solved our problem.”
Nozomi has provided a high level of customer service and expertise throughout our procurement and implementation process. Their sales, engineering, and support teams are excellent and their product is best in class.
“This product keeps its promises.”
Guardian gives us precise alerts, with almost no false positives. Real events are clearly visible with the risk level indicator, making it easy to decide when and how to react.
What You Can Achieve with Nozomi Networks
Superior Operational Visibility
Accurately visualize your industrial networks and improve resilience with real-time asset inventory and network monitoring.
Advanced ICS Threat Detection
Rapidly manage cyber threats and process risks with a solution that correlates multiple, advanced detection techniques.
Rapid Global Deployments
Centrally monitor hundreds of facilities with a solution proven to scale across continents and integrate with IT/OT systems.
Want to Know More?