Nozomi Networks Issues Major Update, Expanded Cybersecurity Solution

By Larry O'Brien

Category:
Industry Trends

Cybersecurity supplier Nozomi Networks recently announced a major update to Its Guardian cybersecurity solution that includes several new features and integration with other products and applications.  Nozomi aims to greatly improve operator effectiveness and bridge the gap between the converging domains of information technology and operational technology (IT and OT), and the rapidly growing world of the Internet of Things (IoT).  Version 19.0 of Guardian promises a more holistic approach to cybersecurity that addresses some of the more specific aspects of IoT such as remote monitoring of distributed assets, expanded protocol support, and more effective visualization of alerts.  

SCADA is a widely used term in the industry.  It means different things to different people and is not a sufficient term to describe the myriad applications, networks, and systems in the industrial critical infrastructure, and smart cities sectors.  For this reason, Nozomi has decided to drop the “SCADA” portion of its flagship product name, which is now simply called “Guardian.”  This is a major new release for Nozomi, and here are the key features:

Remote Collectors Extend Reach to Distributed Applications

IoT adoption is resulting in more remote monitoring and even remote control applications in a wide range of industries.  To support this, version 19.0 In version 19.0, includes Remote Collectors, which are cost-effective, low-resource appliances to help end users gather asset and network data from hard-to-reach locations such as offshore platforms and oil and gas pipelines.  Remote Collectors send data to Guardian for further analysis and reporting.

New Smart Polling Add-on Module

Tighter integration between existing products is another feature of the release.  Nozomi has renamed their active asset discovery solution to Smart Polling (previously SCADAguardian Advanced).  Rather than being a separate product, Smart Polling is now available as an add-on module for Guardian.  In v19.0 of the Smart Polling add-on, you can now collect data from the Windows devices in your environment.  

New Built-In Reports Provide Insights into Compliance and Risk

Eliminating unnecessary work is crucial in industrial environments that are faced with fewer workers with an ever-growing list of responsibilities.  Version 19.0 has several features that automate work processes and tasks.  New built-in reports provide visibility into current security posture and help end users understand both compliance posture and overall risk.  Out of the box reports for include Asset Inventory and CIS Controls for Industrial Control Systems, and the company plans to continue to build out their library with more reports over the next few months.  

Solution-Architecture-v19.0-w-remote-collector.png

New Cisco Integration Helps Automate Incident Response

When it comes to incident response, speed is crucial, and Nozomi has also taken steps to automate aspects of incident response times and reduce time to remediation by integrating with Cisco ASA and Cisco Firepower Threat Defense (FTD) to enable end users to automate response actions for suspicious activities.  Cisco device integration with Guardian can automate the following actions that triggered by alerts in the system:

•    Prevent new devices from joining the network
•    Block newly attempted connections between devices on your network
•    Kill suspicious sessions from the firewall

Version 19 also includes integration with Aruba Clearpass and Cisco ISE to enable security teams to have full visibility and access control across all IT and OT networks. 

Alert Profiles and Simplified Queries Improve Operator Visibility

New alert controls decide which alerts get displayed and which are silenced.  Nozomi has also made it easier to ask questions about the data in operational environments using its new Query Builder.  Users can transform queries into charts and graphs for custom dashboards and reporting.  Advanced users can still create more complex queries using the existing query syntax.  

Expanded Protocol Support

Nozomi has greatly expanded protocol support in the latest release, shown in this more detailed table (this is not a complete list).

Nozomi Networks Protocol Support

New CMC Appliance Management Interface

The Appliance Management Interface also has improvements.  In v19.0, users can easily see the hierarchy of their deployment and health status of each of their appliances.  Nozomi promises more improvements coming to CMC soon.

OT ThreatFeed Expanded

Although not technically part of v19.0, OT ThreatFeed is Nozomi’s regularly updated threat intelligence subscription that helps users better identify vulnerabilities and detect threats in their environment.  Nozomi added 800+ new rules, signatures, and indicators for threats like BlackEnergy, DeltaCharlie, LockerGoga, Palevo, Phobos, SmashingCoconut, and others.  
 

Engage with ARC Advisory Group