Nozomi Network Labs

We're using our research to protect the operational systems that support everyday life.

Since 2013, we have focused on using our deep OT knowledge, technical expertise, and experience in industrial cybersecurity to support the ICS security community. We freely shared our research findings and security tools, and responsibly disclosed vulnerabilities.

In 2019, we formalized our efforts under the banner of Nozomi Networks Labs, increasing the resources devoted to security research and broadening our community engagement.

Today, Nozomi Networks Labs is a well-known and respected team of threat hunters and security analysts dedicated to reducing cyber risk for industrial and critical infrastructure organizations around the world. Through our cybersecurity research and collaboration with industry and institutions globally, we help protect the operational systems that support everyday life.

Malware Analysis

When given access to a malware sample, Labs not only dissects it via reverse engineering, we use dynamic analysis to learn the behavior of the malware so we can develop protections against future variants. We also offer malware analysis tutorials to share our security research analysis and publication best practices.

Malware Testing Environment

In addition to analyzing malware, the Labs Team replicates the environment (including the devices and protocols) to simulate the attack. Our goal is to see how the malware interacts with devices, and use the insight gained to develop further protections.

Risk Management and Responsible Disclosure of ICS Vulnerabilities

The Labs team discovers industrial device zero-day vulnerabilities and, through a responsible disclosure process, contributes to the publication of advisories by recognized authorities. We work closely with vendors to remediate the vulnerabilities, and publish on ICS-CERT to expand industry awareness.

  • Provide unique signatures to cover in-house discovered vulnerabilities
  • Match publicly known vulnerabilities affecting devices present in customers’ environment to support risk and patch management decision-making

The Nozomi Networks Labs security research team has made over 45 responsible disclosures, which have resulted in multiple industrial control system advisories being issued by NCCIC. Successful exploitation of any of the vulnerabilities could lead to safety incidents, downtime or loss of production. By making asset owners aware of these vulnerabilities through ICS-CERT advisories, we hope they will take remediation or mitigation measures, thereby reducing their cybersecurity risks.

Deep OT/IoT Threat & Asset Intelligence

The Threat Intelligence and Asset Intelligence services provided by Nozomi Networks are fueled with ongoing data generated and curated by the Labs team, including:

  • Unique data collection on top executed commands, top attacker IP addresses, top credentials used, top abused protocols and more
  • Insights on trending threats that have been used in the wild or in targeted attacks (i.e. Industroyer2)

Subscribe to Labs Updates

To help the security community with emerging threats and other security issues, Nozomi Networks Labs also publishes blogs, research papers, webinars and podcasts, and many other free tools.