Nozomi, Industrial Defender boost OT monitoring analytics using critical configuration change management

OT and industrial cybersecurity vendors Nozomi Networks and Industrial Defender announced Monday a joint solution that combines asset visibility and threat detection capabilities from Nozomi Networks with change and configuration monitoring from Industrial Defender to provide a complete and detailed view of operational technology (OT) assets and behavior in the industry. The offering blends network monitoring, vulnerability management, and threat detection with endpoint configuration management capabilities to protect critical OT environments. 

The Nozomi-Industrial Defender solution is targeted at complex industrial control system (ICS) environments to protect availability and safety of these systems, while also simplifying compliance requirements. Integrating seamlessly into the larger security enterprise environment enables IT teams to access the same level of visibility and situational awareness that they enjoy on corporate networks, making their work easier.

Industrial Defender ingests data about the environment from the Nozomi Networks Guardian or Central Management Console. Using a REST-based API and ‘syslog’ to transfer information between the two solutions, Industrial Defender integrates network data with endpoint configuration data for a more detailed and comprehensive view of system states.

The combined solution provides complete asset coverage through active, agentless, and passive data collection methods for connected assets, and manual import capabilities for disconnected assets. This includes OS details, software installed, patches, open network ports, firewall rules, user accounts, and NICs. Combined with asset inventory, vulnerability database, process variables, and threat detection data, this provides comprehensive visibility into OT asset states in a central location.

With deeper visibility into endpoint configurations, the Nozomi-Industrial Defender solution automatically collects, normalizes, and reports changes in the OT environment, regardless of vendor or location. Users can create asset baseline configurations that change detection engine compares with actual asset configuration data including ports and services, users, software, and firewall rules.

Compliance capabilities make it easy to determine the status of OT infrastructure and automate reporting for relevant regulatory programs and industry standards such as NIST CSF, NERC CIP, and ISA/IEC 62443 controls.

Detailed visibility and insight from both connected and non-connected devices allow organizations to detect and respond to security and operational risks. The threat detection engine together with configuration change detection provides a fuller view of malicious and routine activity affecting OT systems. With these capabilities, operators gain the ability to identify, monitor, and analyze every asset in the OT infrastructure to mitigate security and operational risk.

“Collaborating with industry leaders is essential for effectively defending against the growing cyber threats against operational technology. That’s why we’re proud to partner with Nozomi Networks, the leading asset visibility and threat detection platform for OT and IoT environments,” Jay Williams, CEO of Industrial Defender, said in a media statement. “Our combined solution enables end users to gain a more complete view of asset activity and behavior, as well as better diagnose potential threats for manufacturers, power utilities, oil and gas, and other critical infrastructure operators.”

“The partnership between Industrial Defender and Nozomi Networks empowers industrial operators to gain valuable insight to detect anomalies and improve their overall security posture,” according to Edgard Capdevielle, CEO of Nozomi Networks. “With our combined capabilities, asset owners and operators benefit from a full view of their OT environment, enhanced with deeper asset data provided through Industrial Defender’s endpoint configuration management capabilities.”

Last month, Nozomi released its Nozomi Arc sensors that extend visibility across endpoint attack surfaces and reduce time to resiliency through faster deployments. It supports vulnerability assessment, endpoint protection, traffic analysis capabilities, and more accurate diagnostics of in-progress threats and anomalies, including identifying compromised hosts with malware, rogue applications, unauthorized USB drives, and suspicious user activity.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.