Nozomi’s Vantage IQ uses AI-assisted data analysis that helps security teams reduce cyber risk, speed response

Nozomi’s Vantage IQ uses AI-assisted data analysis that helps security teams reduce cyber risk, speed response

OT and IoT security company Nozomi Networks rolled out Tuesday Vantage IQ, an AI-based analysis and response engine designed to address security gaps and resource limitations in mission-critical operational infrastructure. The Vantage IQ offering transforms modern threat detection and remediation with AI-assisted data analysis that helps security teams reduce cyber risk and speed response and provides AI-powered cybersecurity analysis and response engine for critical infrastructure environments. 

Available as an ‘optional’ add-on to Vantage, Nozomi Networks’ SaaS-based security management platform, Vantage IQ uses AI (artificial intelligence) and ML (machine learning) to help security teams do more with less, by automating the time-consuming tasks associated with reviewing, correlating and prioritizing network, asset, and alert data. Teams using Vantage IQ gain fast, accurate, and in-depth cybersecurity analysis that’s not possible with human analysis alone. This advanced human-machine collaboration strengthens cybersecurity and resilience for critical infrastructure organizations while helping security administrators gain workload efficiencies.

Explaining how Vantage IQ will transform modern threat detection and remediation with AI-assisted data analysis that helps reduce cyber risk and speed response, Gary Kinghorn, senior director at Nozomi Networks, told Industrial Cyber that modern cybersecurity efforts are generally hampered by too much information, too many alerts, too many potential anomalies, too many known vulnerabilities across too many assets of too many types, particularly in cyber physical processes and legacy OT environments. 

“Vantage IQ assists cybersecurity teams by providing AI-driven rules and analytics, along with a learned understanding of the normal and predicted behaviors of the processes and systems that filter out the noise and focus priorities into much more likely issues that really deserve attention,” according to Kinghorn. “The primary capability is to have a better understanding of the nature of threats and the process systems to know which data and information to pay attention to, making the security team much more efficient.”

Analyzing how Vantage IQ deals with evolving ransomware vectors and handles the growth of the ransomware-as-a-service (RaaS) model that affects the threat landscape, Kinghorn said, “prior to Vantage IQ, the Nozomi platform could detect known instances of ransomware signatures, as well as anomalies that could be indicative a new ransomware attack.” 

“Vantage IQ will provide added intelligence that could provide more certainty to an ongoing attack by seeing disparate events or alerts that should be escalated in priority to focus the security response teams analysis and remediation efforts,” Kinghorn said. “Vantage IQ is less about new capabilities to identify a threat, but providing more insight and correlation to real threats and issues from the collected information in the platform that may otherwise be missed. It is equally about efficiency and productivity as increased security and threat detection.”

According to the vendor, Vantage IQ raises the bar on security analytics and automation, by giving users the ability to immediately understand what is happening across a network of IT, OT and IoT devices. It also extracts process intelligence and priority tasks from massively expanding networks and data sources and improves response times with deeper insights, correlation, and actionable intelligence. 

Nozomi said that users can access Vantage IQ’s Insights Dashboard where alerts are automatically correlated, prioritized, and supported with root cause information for more efficient remediation and fewer security gaps. Deep neural networks in Vantage IQ identify activity patterns in network data. Data is correlated to streamline forensic analysis, tuning, and security enhancements.

Users can also gain a deeper understanding of their environment using natural language queries that answer common questions about vulnerabilities, network assets, and other environmental details. They also can strengthen operational resiliency and prevent system outages with early warnings that system behaviors are deviating from the norm. 

The Time Series feature in Vantage IQ augments Vantage’s ability to alert on changes in the network with an additional level of alerting on unusual changes in the bandwidth of activity going through the sensors monitoring those networks. In the future, Vantage IQ will also alert on process variables enabling even great levels of predictive monitoring and maintenance.

Looking into how Vantage IQ overcomes operational system challenges such as legacy systems, running outdated software, and having zero operational downtime, Kinghorn said Vantage IQ doesn’t introduce much more to address these challenges than the Nozomi platform has a long history of prioritizing. 

“Nozomi has a deep understanding of these legacy systems and protocols that allow us to detect vulnerabilities and threats. We understand the zero operational downtime and have always developed the platform to be low impact, minimizing resource requirements, and non-disruptive,” Kinghorn pointed out. “Our new Arc endpoint sensor, for example, doesn’t require systems to be rebooted to install the endpoint application, nor does it require cloud connectivity for information storage or updates, like other OT EDR systems. We have been addressing these problems unique to OT environments for 10 years.” 

KInghorn highlighted that Vantage IQ brings these capabilities to the forefront with new features that allow greater correlation, insight, and analytics to the large data collections managed by the platform. “This can reduce the time it takes to identify a real attack or identify the root cause of an issue, and what remediation steps can be suggested, and the impact on overall risk management. It’s making security teams more efficient as a result, with this intelligent cybersecurity assistant by their side. And with more efficient teams, organizations are more secure against real issues (which the existing platform probably picked up anyway, they are just now more in focus),” he added. 

Eventually, “Vantage IQ will allow more of a natural language query interface that will enable users to explore how to make their environment more secure, assets more visible (we have a good example of this today), and ways to be more efficient overall. Vantage IQ is a great start down this road towards this lofty goal,” Kinghorn added.

Last month, Nozomi announced its new Elite Cyber Defenders Program, with Accenture Security, IBM Security, and Mandiant (now part of Google Cloud) as initial participants. The program enables incident response organizations to combine Nozomi’s AI-powered OT and IoT monitoring and detection technologies with the skills and services of these incident response organizations, to provide the best tools and services for the critical infrastructure sector.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related