Nozomi and Cisco Team for IT-OT Solution

By Larry O'Brien

Acquisition or Partnership

Nozomi Networks signed a pact to integrate its ICS security solution with the Cisco Security Technology Alliance (CSTA) – an open platform for collaboration.  The move will allow Nozomi to integrate with Cisco’s APIs and SDKs across the Cisco security portfolio.  Nozomi will first integrate with Cisco’s Identity Services Engine (ISE).

Large organizations utilize a variety of technologies and solutions to create cyber resiliency, an important part of Defense in Depth.  But, using disparate systems can actually result in increased security exposure and risks, and slower response to threats.  A few years ago, Cisco began working with organizations around the world to address this issue.  This led to the creation of their security technology program, which included an open platform for collaboration, called the Cisco Security Technology Alliance (CSTA).

The CSTA provides an environment for security solution providers to integrate with Cisco APIs and SDKs across the Cisco security portfolio.  Nozomi has now integrated its ICS security solution with the CSTA in an effort to deliver operational visibility and security across IT/OT networks.

Cisco’s Identity Services Engine (ISE) is a security policy management platform that helps organizations manage users and devices on business networks.  Sharing contextual usage data among IT systems and solutions makes it much easier to enforce policies for resource access, and more.  Enterprise security today extends beyond business networks to include operational technology (OT) environments.  Nozomi can add OT visibility and threat detection to Cisco’s security platform.

Cisco’s ISE provides network access control and creates profiles for devices connected to the ICS network.  Nozomi passively analyzes network traffic and collects information about endpoints to enhance OT visibility.

The systems exchange bidirectional information as follows:

  • ISE provides additional asset details gathered from endpoint supplicants to enhance Nozomi asset inventory. Similarly, ISE uses Nozomi’s SCADAguardian information to build out more device profiles.
  • SCADAguardian provides ISE with MAC information, enabling enhanced MAC whitelisting for OT networks.
  • SCADAguardian provides ISE with information that assists in changing authorization rules, such as modifying security group tags, applying downloadable ACLs to switchports, changing the VLAN, etc.

Engage with ARC Advisory Group