Nozomi Networks and Tripwire announced Thursday a partnership deal to help enterprises and industrial organizations lower cyber risk with consistent security controls that span their IT, IoT, and OT domains. The alliance will blend Tripwire’s compliance offering with Nozomi Networks’ solutions for industrial cybersecurity, asset visibility, vulnerability analytics, and real-time monitoring to deliver an integrated offering that provides a comprehensive view into IT and OT networks.
Nozomi solutions support over 48 million devices in thousands of installations across energy, manufacturing, mining, transportation, utilities, building automation, smart cities, and critical infrastructure sectors. These products are deployable onsite and in the cloud, and they span IT, OT, and IoT networks.
By combining with Tripwire’s compliance technologies, Nozomi’s customers will be able to strengthen their security posture across their IT and operational technology (OT) networks, the companies said. These tools will work together to provide them with a consolidated view of their compliance and their authorized assets in those environments. Customers can then leverage that visibility to improve collaboration between IT and OT domains, such as, by building more continuous data sharing workflows and consolidating processes such as change reconciliation.
“With Nozomi Networks, our customers now have access to OT and IoT network monitoring and threat detection that is fully integrated with Tripwire’s industry-standard solutions for integrity monitoring, change detection and compliance validation,” explained Tim Erlin, vice president of strategy at Tripwire.
“We’ve already successfully worked together on customer integrations in Power Utilities, Oil & Gas, and Manufacturing and firmly believe this partnership accelerates our joint efforts to help customers worldwide meet new requirements for IT and OT security and compliance,” Chet Namboodri, Nozomi’s senior vice president of business development and alliances, said in a press statement.
The challenges associated with the IT-OT convergence are difficult for a single vendor to address on its own, Alex Bagwell, vice president for industrial sales at Tripwire, wrote in a company blog post. “The partnership between Nozomi Networks and Tripwire represents an important step for the security industry, and it reiterates the need for industry leaders to work together to provide comprehensive protection for organizations against today’s emerging threats,” he added.
The deal between the two companies comes after Nozomi’s March agreement with ABB to jointly address the growing demand for improved OT cybersecurity solutions for energy, process, and hybrid industries. ABB was to integrate Nozomi solutions for operational resiliency and real-time network visibility to assist ABB’s global automation and digitalization customers.
Kaspersky released last week data that showed a big rise in the percentage of attacked ICS computers during the first half of this year, with the internet emerging as the main source of threats causing these increases. Africa and Southeast, East and Central Asia are leading in the ranking of global regions based on the percentage of ICS computers on which malicious activity was prevented. During the same period, the percentage of attacked ICS computers was 33.8 percent, higher than that recorded in the second half of 2020.
The presence of threats in the ICS and OT domains is regularly exploited by hackers. Recent cybersecurity incidents have demonstrated that supply chain threats are rising in scale and sophistication, as evident from the December attacks on SolarWinds. Software updates and routine patching are not the only potential entry vector that could be abused in a supply chain type of intrusion, Dragos warned in a recent report.
Cybercriminals have also struck drinking water and wastewater systems. In February, unidentified cyber attackers were able to gain access to a panel that controls the water treatment plant at the city of Oldsmar near Tampa, Florida. A modification in the setting would have drastically increased the amount of sodium hydroxide in the water supply, which could have led to poisoning the water supply to the city. Subsequently, in May, the Metropolitan Water District of Southern California was allegedly hacked by supposedly Chinese-backed hackers using security vulnerabilities in the Pulse Connect Secure appliances.
The presence of threats in the nation’s bulk power systems (BPS) has called for the Federal Energy Regulatory Commission (FERC) to direct the North American Electric Reliability Corporation (NERC) to conduct a comprehensive survey of all registered entities in the BPS to determine what Chinese equipment or systems are currently in use in the BPS, and how they are being used. The equipment identified can be also used in many other critical infrastructure sectors, including water and wastewater systems, pipelines, oil and gas, and manufacturing.
Given the emerging opportunity to secure OT domains, several vendors in the space have secured funding and are making more meaningful alliances in recent weeks and months.
Last month, Nozomi Networks secured a US$100 million pre-IPO funding round that would set the pace for the enhancement of the company’s product portfolio in the evolving OT/IoT security market in industrial and critical infrastructure environments. This was preceded by another industrial cybersecurity company Claroty securing in June ‘the largest investment ever made within the industrial cybersecurity sector,’ with its Series D financial round of $140 million, taking the company’s total funding to $235 million.