Nozomi Arc boosts operational resilience by increasing visibility across endpoint attack surfaces

Nozomi Arc boosts operational resilience by increasing visibility across endpoint attack surfaces

OT and IoT security company Nozomi Networks announced Tuesday the availability of Nozomi Arc sensors that extend visibility across endpoint attack surfaces and reduce time to resiliency through faster deployments. It supports vulnerability assessment, endpoint protection, traffic analysis capabilities, and more accurate diagnostics of in-progress threats and anomalies, including identifying compromised hosts with malware, rogue applications, unauthorized USB drives, and suspicious user activity.

The Nozomi Arc sensors are an endpoint executable that runs on either Windows, Linux, or macOS hosts in mission-critical networks. They are designed to scale in large multi-site enterprise networks while minimizing management overhead, impact on host resources, and potential security and access concerns. Additionally, these sensors form an ideal complement with existing Guardian sensors in various form factors, including remote collectors and smart polling, to aggregate data for analysis and report either on-premises or in the Vantage cloud.

Designed to analyze endpoint vulnerabilities, identify compromised hosts, be deployed remotely, and accelerate monitoring deployments in mission-critical systems, Nozomi Arc sensors are currently available through subscription from the company and its global network of channel partners. Pricing is based on the number of assets monitored.

Nozomi Arc helps deliver increasingly accurate and detailed asset information, which can identify far more relevant cybersecurity details than can be learned from traffic monitoring and remote polling alone, including monitoring log files, user activity, and USB drives. It also provides best security practices including minimizing or eliminating connection or data requests from outside the most secure endpoint zones, such as in a Purdue Model. Many endpoints sit behind firewalls that block such externally initiated connection requests. Nozomi Arc allows endpoints to initiate all data collection and send data upstream. 

The San Francisco-based company said that even when the device is not sending or receiving traffic, Nozomi Arc can provide continuous visibility and monitoring since the sensor resides on the host, and by residing directly on the host, any interesting changes in asset configurations, behavior, or traffic can be immediately identified. “For the first time, assets that were not connected to a Guardian sensor can now be visible with a Nozomi Arc sensor, which can be periodically synced with connected asset data for more complete network visibility and analysis,” it added.

Nozomi Arc is deployed as a background executable on the host across hundreds or thousands of devices through an automated installation process. This can include existing mobile device management (MDM) platforms that are used to manage the consistency of application deployments on large numbers of mobile devices such as laptops, phones, and tablets.

The sensors eliminate time, resource, geographic, and internal policy constraints that come with network-based deployments. It gets new sites online quickly and makes monitoring and analyzing once unmanaged or unreachable connections and networks possible.

Nozomi Arc provides continuous visibility into (active and inactive) network assets and key endpoint attributes as well as information about who is using them. With access to the full attack surface of host systems, Arc provides more complete threat analysis and monitors potential attack entry points than is possible with a network-based sensor alone. Additional points of visibility include attached USB drives and log files.

Apart from shining a light on more assets and devices and potential vulnerabilities, Arc identifies process anomalies as well as any suspicious user activity. This reduces the potential for insider threats or compromised hosts. Arc also adds continuous monitoring capabilities for endpoint assets, monitoring that is not possible with network sensors alone.

As Nozomi Arc does not require extensive network changes to be deployed anywhere in the world, there is no administrative overhead to manage thousands of endpoints across multiple sites. Deployments can be automated across environments, whether they are installed as part of a standard operating environment or periodically deployed to collect data and then removed.

“Operational resiliency is the top business priority for critical infrastructure organizations, which can only be achieved by lowering cyber risks and increasing security,” Andrea Carcano, Nozomi’s co-founder and chief product officer, said in a media statement. “Nozomi Arc accelerates time to resiliency by transforming every computer on the network into an OT security sensor. It quickly extends visibility to attack surfaces and threats inside endpoint hosts and their local network.”

Last week, Nozomi disclosed in its latest OT/IoT security report for the second half of 2022 that disruptive and malicious cyberattacks on vital infrastructures like energy, hospitals, rail, and manufacturing were still observed and remain a significant issue. The firm reports that it also tracked hacktivists causing disruptive attacks, thefts of technology source code, and use of wiper malware.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related