Archive for Nozomi Networks

Nozomi Networks Delivers The Industry’s First OT and IoT Endpoint Security Sensor 

Posted in Commentary with tags on January 24, 2023 by itnerd

Nozomi Networks Inc., the leader in OT and IoT security, today introduced Nozomi Arc™, the industry’s first OT and IoT endpoint security sensor designed to exponentially speed time to full operational resiliency. Built to automatically deploy across large numbers of sites and devices anywhere an organization needs visibility, Nozomi Arc adds crucial data and insights about key assets and network endpoints. This data is used to better analyze and deter threats, as well as correlate user activity, all without putting a strain on current resources or disrupting mission-critical networks. 

Arc is a game-changer when it comes to complete asset visibility, deployment speed and reach across complex and remote OT and IT networks. Nozomi Arc is designed to:

  • Analyze endpoint vulnerabilities,
  • Identify compromised hosts,
  • Be deployed remotely; and 
  • Accelerate monitoring deployments in mission critical systems. 

According to the most recent SANS ICS security report, two of the biggest challenges facing security professionals center on the lack of security resources and the inability to track industrial control devices and applications. Nozomi Networks Arc is purpose-built to address both issues, while complementing the network-based analysis provided by Nozomi Networks’ Vantage and Guardian platforms. 

With Nozomi Arc, users benefit from:

Faster Time to Resiliency: Nozomi Arc eliminates time, resource, geographic and internal policy constraints that come with network-based deployments. It gets new sites online quickly and makes it possible to monitor and analyze once unmanaged or unreachable connections and networks. 

Lower Cyber Risk and Increased Security: Nozomi Arc is the only OT solution in the market to detect malicious hardware. It’s the first solution to provide continuous visibility into (active and inactive) network assets and key endpoint attributes as well as information about who is using them. With access to the full attack surface of host systems, Arc provides more complete threat analysis and monitors potential attack entry points than is possible with a network-based sensor alone. Additional points of visibility include attached USB drives and log files. 

Extended Visibility and Context: In addition to shining a light on more assets and devices and potential vulnerabilities, Arc identifies process anomalies as well as any suspicious user activity. This reduces the potential for insider threats or compromised hosts. Arc also adds continuous monitoring capabilities for endpoint assets, monitoring that is not possible with network sensors alone.

Lower Operational Overhead: Because Arc can be deployed remotely via software download, Nozomi Arc does not require extensive network changes to be deployed anywhere in the world – even the most remote location. There is no administrative overhead to manage thousands of endpoints across multiple sites. Deployments can be automated across environments, whether they are installed as part of a standard operating environment or periodically deployed to collect data and then removed. 

Nozomi Arc is available now via subscription from Nozomi Networks and its extensive global network of channel partners. Pricing is based on the number of assets monitored. 

For more information:

Read the Blog: Get More Insight into Endpoint Activity and Threats with Nozomi Arc 

Read the Product Overview: Nozomi Arc

New 2H 2022 OT/IoT Security Report Deep Dives Into ICS Finding Wiper Malware, IoT Botnet, Russia/Ukraine War Dominated Threat Landscape

Posted in Commentary with tags on January 18, 2023 by itnerd

Nozomi Networks has released the 2nd Half Review in its “OT/IoT Security Report: A Deep Look Into the ICS Threat Landscape” finding wiper malware, IoT botnet activity, and the Russia/Ukraine war significantly influenced the threat landscape as disruptive attacks on critical infrastructure continued into the second half of last year targeting rail, hospitals, manufacturing and energy. 

Malicious IoT botnet activity remained high and continued to rise in the second half of 2022. Nozomi Networks Labs uncovered growing security concerns for both hard-coded passwords and internet interfaces for end-user credentials. On the vulnerability front, manufacturing and energy remained the most vulnerable industries followed by water/wastewater, healthcare and transportation systems. In the last six months of 2022.

You can read the full report here.

New OT/ICS Cybersecurity Report Finds Defences Getting Stronger & Postures Maturing As Risks Remain High

Posted in Commentary with tags on October 28, 2022 by itnerd

Nozomi Networks has released its new report, The State of OT/ICS Cybersecurity in 2022 and Beyond, which uncovers that ICS cybersecurity threats remain high as adversaries set their sights on control system components. 

In response, organizations have significantly matured their security postures since last year. Despite the progress, more than a third don’t know whether their organizations had been compromised, and attacks on engineering workstations doubled in the last 12 months. 

Here’s a geographical breakout of the survey respondents:

And here’s an infographic with top level details:  

You can see the full results here.

The 2022 SANS ICS/OT survey received 332 responses representing various industry verticals from energy, chemical, critical manufacturing, nuclear, water management, and several others. Of the 63 subcategories across these verticals, many respondents are sub-classified in electricity, oil and gas, equipment manufacturing, specialty chemicals, transportation equipment manufacturing, drinking water, and engineering services

Nozomi Networks Releases 2022 1H Threat Landscape Report

Posted in Commentary with tags on August 3, 2022 by itnerd

Nozomi Networks, the leading OT and IoT security and visibility solution, has released its 2022 1H Threat Landscape Report. In this report, Nozomi Networks Labs analyzes the current threat landscape, ransomware and IoT botnet attacks, ICS, OT/IoT device vulnerability and exploitation trends, and steps to improve cyber threat remediation strategies. 

Nozomi Networks Labs explores key threat mitigations for more robust security, including backups, threat intelligence, cloud security, threat detection, and SBOMs. Based on this latest analysis, Nozomi Networks provides a forecast with some of the critical cybersecurity trends they expect to see throughout the rest of 2022. 

High level report takeaway from Roya Gordon, OT/IoT Security Research Evangelist and Nozomi Networks Labs:

  • With added IoT and analytics technologies for business efficiency come security concerns for both hard-coded passwords and internet interfaces for end-user credentials, in addition to networks security gaps and concerns 
  • Manufacturing and energy continue to lead in threat actor activity, however, healthcare, and commercial facilities targeting is on the rise 
  • As each sector becomes more targeted, unique risks arise for each, growing the overall risk landscape across critical infrastructure sectors 
  • Fewer CVEs recorded, however, more vendors and additional product vulnerabilities reported as we see threat actors more carefully tailoring attacks to specific environments and use cases 
  • Decision makers are inundated with information, including security research and threat reports, but they often don’t equate to actionable intelligence in lieu of mounting vulnerabilities – some manageable and others un-patchable 
  • Good quote: “Most reported critical weaknesses include misused authentication, improper access controls, and integer overflow variables.”

Thoughts on trend analysis from Danielle Jablanski, OT Cybersecurity Strategist at Nozomi Networks:

  • Threat actors are doing their homework, focusing on techniques to maintain access undetected, and mitigating potential unintended consequences. 
  • There has been broad realization that operations that tolerate little to no physical downtime are lucrative targets, with seemingly no sector off limits – food, hospitals, transportation 
  • It remains difficult to standardize attack patterns in OT/ICS, and case-by-case tacit knowledge is required to sufficiently secure each operation based on what is treated, produced, fabricated, manufactured, pumped, assembled, etc. 
  • Supply chain manipulation and chain of custody concerns for OT and ICS, as well as the potential to hijack native functionality of these systems, represents a more pressing concern in this domain than traditional zero days software vulnerabilities 
  • OT/ICS owners and operators underappreciated the potential effects of social engineering campaigns on their companies and environments 
  • Cyber-attacks on critical infrastructure are not just a force multiplier in times of crisis or conflict, but can also overwhelm local resources and cause public panic and require appropriate risk reduction and contingency planning 
    • One of the most heroic events in any ICS sector took place in March 2022 as a result of the Russian invasion of Ukraine when Ukraine securely integrated with Europe’s power grid due to market, regulatory, cybersecurity and legal concerns. 
  • Companies and individuals are still mostly reacting to security incidents, rather than reducing the severity of potential impacts 
  • The looming threat of highly sophisticated, often nation-state level attacks, narrows focus to threat hunting at the expense of other indicators worth investigating 
  • Limited resources, lack of technical competency, talent and expertise gaps, and siloed communications continue to be notable hurdles to the holistic adoption of security best practices 
  • Market for cyber insurance is at a critical inflection point, recognizing that although the sensitivity of data across many industrial sectors is not extremely high, the potential for business disruption and severe physical impacts by cyber means remains high 
    • Fewer providers offering coverage and premiums increasing, and most recently Travelers insurance has filed suit to rescind cyber insurance policy coverage to a customer for allegedly misrepresenting information gathered on their coverage application concerning their use and implementation of multi-factor authentication 

Executive Summary:

Full Report:

A webinar will occur. You can register: here