PRODUCT

Guardian
Real-time ICS Cyber Security and Operational Visibility

 Complete Cyber Security and Visibility For ICS Environments

Guardian™ protects control networks from cyberattacks and operational disruptions by providing complete ICS visibility and security in a single solution.

Its advanced technology automatically maps and visualizes your entire industrial network, including assets, connections and protocols. Guardian monitors network communications and behavior for risks that threaten the reliability of your systems, and provides the information you need to respond quickly.

Available as a passive monitoring solution, or low-impact active solution with the Smart Polling™ add-on, Guardian allows you to choose the asset discovery approach that best fits your organization.

Immediately Visualize Your Industrial Network

Real-time Network Visualization

  • Improves system awareness and understanding of network structure and activity
  • Displays key information such as traffic throughput, TCP connections and protocols used between nodes and zones
  • Speeds incident response and troubleshooting efforts

Flexible Navigation and Filtering

  • Shows macro views plus detailed information on endpoints and connections 
  • Filters by subnets, network segments, and topologies

Click to enlarge.

Click to enlarge.

Automatically Track Your Industrial Assets

Up-to-Date Asset Inventory

  • Advances cyber resiliency and saves time with automated asset inventory

  • Provides detailed and verified asset information

  • Identifies communicating assets using built-in passive network monitoring

Enhance Asset Tracking with Smart Polling Add-on Module

  • Discovers silent and rogue assets with active discovery
  • Includes firmware versions, patch levels and more

Continuously Monitor Your Network and ICS

Comprehensive Cyber Security and Reliability Monitoring

  • Improves network security and productivity through dashboards, charts and queries relevant to your organization
  • Monitors assets from all vendors and network communications

Clear Presentation of Key Metrics

  • Displays summarized data related to alerts, incidents, vulnerabilities, etc.
  • Includes indicators of reliability issues such as unusual variable values

Easy Access to ICS Data

  • Summarizes ICS risk information for selected date and time ranges
  • Supports drilldown on visual indicators for detailed information
  • Queries any aspect of your network or ICS performance, reducing data collection and spreadsheet work

Click to enlarge.

Click to enlarge.

Quickly Detect Threats to Your ICS or SCADA System

Up-to-the-Minute Threat Detection

  • Identifies cyber security and process reliability threats in real-time
  • Detects attacks in process, early stage advanced threats and cyber risks
  • Blocks attacks when integrated with compatible firewalls

Best-in-Class ICS Threat Detection

  • Uses anomaly and signature-based threat detection for comprehensive risk detection
  • Ensures current monitoring when integrated with an OT ThreatFeed™ subscription

Rapidly Identify Your Vulnerability Risks

Automated Vulnerability Assessment

  • Identifies which vendors’ devices are vulnerable
  • Utilizes the U.S. government’s National Vulnerability Database (NVD) for standardized naming, description and scoring

Efficient Prioritization and Remediation

  • Speeds workflows with vulnerability dashboards and drilldowns
  • Addresses questions like “Do certain devices have vulnerable firmware?”

Click to enlarge.

Click to enlarge.

Reduce Your Troubleshooting and Forensic Efforts

Effective, Efficient Incident Response

  • Minimizes false positives with AI-powered Dynamic Learning™
  • Decreases response time with Smart Incident™, which correlates alerts, provides operational context and delivers automatic packet captures

Informative Forensics

  • Decodes incidents with TimeMachine™ system snapshots and diff reports (Snapshots are dynamic, allowing drilldown into rich ICS data)
  • Provides answers fast with a powerful ad hoc query tool

Easily Integrate with Your SOC/IT Environments

Integrated Security Infrastructure

  • Includes built-in integrations for asset, ticket and identity management systems, SIEMs and more
  • Extends further with OpenAPI for additional integrations

Broad Protocol Support

  • Supports hundreds of ICS and IT protocols
  • Includes Protocol SDK and on-demand engineering services for quick creation of new protocol support

Click to enlarge.

Examples of Threats Detected / Sample Deployment Architecture

Click to enlarge.

Shown above is a general example of how the Nozomi Networks solution can be deployed. A wide variety of appliances, a flexible architecture, and integrations with other systems allow us to provide a solution tailored to meet the needs of your organization.

Additionally, Remote Collectors can be added to Guardian appliances to capture data from remote and offsite locations.

GUARDIAN ADD-ON MODULE

Smart Polling for Active Asset Inventory

Hybrid Passive + Active Asset Discovery Enhances Guardian

  • Adds low volume, active technologies to Guardian’s passive asset discovery
  • Provides precise asset detail, a complete asset inventory, exact vulnerability assessment and advanced ICS security monitoring

Comprehensive ICS Asset Details

  • Identifies non-communicating assets and rogue devices
  • Detects USB devices on Windows systems
  • Gathers details about changes in process flows and variables
  • Discovers operating system information, firmware, patch levels and more
  • Delivers accurate vulnerability assessment for fast and efficient response

Enhanced Network Monitoring and Threat Detection

  • Uses a full set of ICS data for enhanced anomaly detection
  • Integrates with OT ThreatFeed for up-to-date detection of emerging threats and zero-days

Flexible Usage Options

  • Deploys across your entire network or only to targeted segments or assets
GUARDIAN ADD-ON SUBSCRIPTION

OT ThreatFeed for Up-to-Date Threat Intelligence

Stay on Top of the Dynamic Threat Landscape

  • Makes it easy and efficient to stay on top of current ICS risks
  • Delivers up-to-date threat intelligence for ICS environments

Timely Threat Updates

  • Provides emerging threats, zero-day and vulnerability information, curated by Nozomi Networks Labs

  • Includes threat detection tools such as Packet rules, Yara rules, vulnerability signatures, STIX indicators and a threat knowledgebase

Threat Insights that Strengthen Cyber Resiliency

  • Provides full network visibility with integrated threat intelligence

  • Delivers valuable security and operational context regarding detected risks

  • Alerts you about suspicious activity in real-time

  • Reduces security management costs as a single, comprehensive ICS threat detection tool

GUARDIAN ADD-ON APPLIANCE

Remote Collectors for Expansive Visibility and Cyber Security

Low-Resource Appliances for Distant and Distributed Installations

  • Cost-effectively extend network monitoring to provide full visibility across the entire ICS environment
  • Collect data from remote locations and send it to Guardian for further analysis
  • Reduce deployment costs for wilderness, off-shore and desert installations

For more information on Remote Collectors, contact us.

Nozomi Networks Solution Architecture

Click to enlarge.

 Helpful Resources

TECH SPECS

Guardian

DATA SHEET

Guardian

DATA SHEET

Central Management Console

DATA SHEET

OT ThreatFeed

SOLUTION BRIEF

Nozomi Networks

#thosewhoknowpicknozomi

What You Can Achieve with Nozomi Networks

Superior Operational Visibility

Accurately visualize your industrial networks and improve resilience with real-time asset inventory and network monitoring.

Advanced ICS Threat Detection

Rapidly manage cyber threats and process risks with a solution that correlates multiple, advanced detection techniques.

Rapid Global Deployments

Centrally monitor hundreds of facilities with a solution proven to scale across continents and integrate with IT/OT systems.

Want to Know More?