The IT Nerd

In a new report, Assessing the Threat Landscape, Nozomi Networks warns that threat actors are targeting OT and IoT environments with increased volume and sophistication.

During the second half of 2023, the report notes that CISA released 196 new ICS advisories mentioning 885 old and new vulnerabilities affecting products from 74 vendors with reported CVEs up 38% and mentioned vendors up 19% compared to the first half of the year.

Notably, the most impacted sector was “critical manufacturing” with related CVEs surging 230% over the previous six months, to 621 with energy (75), waste and wastewater (37) and commercial facilities (31) trailing far behind.

The categories that represented the largest share of threats during the second half of 2023 included:

• Network anomalies and attacks – 38%
• Authentication and password issues – 19%
• Alerts on access control and authorization – 10%

Alerts on access control and authorization threats jumped 123% over the previous reporting period. In this category ‘multiple unsuccessful logins’ and ‘brute force attack’ alerts increased 71% and 14% respectively.

“This trend highlights the continued challenges in unauthorized access attempts, showing that identity and access management in OT and other challenges associated with user passwords persist,” the report noted.

This report comes as the FBI, CISA and the NSA warn of threat actors successfully infiltrating US critical infrastructure networks and covertly positioning themselves with the intention of launching destructive attacks in the event of military conflict.

Mark B. Cooper, President & Founder, PKI Solutions had this comment:

   “Attacks focusing on critical infrastructure components secured in OT frameworks highlights a new frontier in cybersecurity concerns. Increasing attacks, but deliberate and indiscriminate, will require organizations to prioritize protections for these systems. The traditional assumption of OT segregation and isolation is not sufficient to defend against modern attacks. The sophistication of both deliberate and indiscriminate attacks will require organizations to have a broader approach to defense and protection of these systems. A modern approach with defense in depth and real time monitoring and alerting is required. You must assume penetration into an OT environment and design systems to withstand attacks from within. Simple walls are no longer sufficient to protect these systems.”

Dave Ratner, CEO, HYAS follows with this comment:

“As attacks in OT, IoT, and other critical infrastructure environments escalate, the need for proactive intelligence and resilience-based strategies has never been greater. Only by identifying anomalies on the network, in real-time, can we actually escape the continual cat-and-mouse game”.

Once again I’m in the position of having to say that everyone needs to heed these warnings. Because given the threat landscape at the moment, the stakes have never been higher.

Nozomi Networks Inc., the leader in OT and IoT security, today introduced Vantage IQ™, the industry’s first AI-based analysis and response engine designed to quickly address security gaps and resource limitations in mission critical operational infrastructure. Available as an add-on to Vantage, Nozomi Networks’ SaaS-based security management platform, Vantage IQ uses artificial intelligence (AI) and Machine Learning (ML) to help security teams do more with less, by automating the time-consuming tasks associated with reviewing, correlating and prioritizing network, asset and alert data. Teams using Vantage IQ gain fast, accurate and in-depth cybersecurity analysis that’s not possible with human analysis alone. This advanced human-machine collaboration strengthens cybersecurity and resilience for critical infrastructure organizations while helping security administrators gain workload efficiencies.

Vantage IQ raises the bar on security analytics and automation, by giving users the ability to:

• Immediately understand what’s happening across a network of IT, OT and IoT devices. 
• Quickly and easily extract process intelligence and priority tasks from massively expanding networks and data sources
• Improve response times with deeper insights, correlation and actionable intelligence 

According to Gartner, “Increased complexity in security is challenging security practitioners to decide where to focus their efforts. The volume of threats and the disruption they cause will drive interest toward security solutions that help identify and prioritize the most-critical risks and exposures.” 

Key features in Vantage IQ include:

• AI-powered Insights. Users can access Vantage IQ’s Insights Dashboard where alerts are automatically correlated, prioritized and supported with root cause information for more efficient remediation and fewer security gaps. Deep neural networks in Vantage IQ identify activity patterns in network data. Data is correlated to streamline forensic analysis, tuning and security enhancements. 
• AI-based Query and Analysis. Users can easily gain a deeper understanding of their environment using natural language queries that answer common questions about vulnerabilities, network assets and other environmental details.
• Advanced Predictive Monitoring. Users can strengthen operational resiliency and prevent system outages with early warnings that system behaviors are deviating from the norm. The Time Series feature in Vantage IQ augments Vantage’s ability to alert on changes in the network with an additional level of alerting on unusual changes in the bandwidth of activity going through the sensors monitoring those networks. In future Vantage IQ will also alert on process variables enabling even great levels of predictive monitoring and maintenance.

Vantage IQ is an optional add-on to Nozomi Networks’ Vantage SaaS platform. It is available in the third quarter from Nozomi Networks and its extensive global network of channel partners.

Visit the Product Page: www.nozominetworks.com/products/vantage-iq

Nozomi Networks, Inc., a leader in operational technology (OT) and Internet of Things (IoT) security, strengthens its cloud strategy by joining the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS. This will allow AWS sales teams to promote the Nozomi Networks Vantage platform to millions of customers worldwide. Vantage™ is hosted on AWS and is a cloud-based OT/IoT network security solution that equips security professionals and industrial operators with actionable, AI-driven insights to manage risk and speed precise remediation. Now, Vantage is available for purchase in AWS Marketplace. 

Vantage is designed to give AWS customers a seamless platform for aggregating, analyzing and monitoring OT systems and data in the cloud with a range of flexible, cost-effective deployment options ideally suited for physical processes. With the rapid emergence of IoT environments and 5G networks, there is growing recognition that cloud networks need access to physical, real-world data which Vantage can deliver for AWS cloud applications. 

AWS customers who choose Nozomi Networks Vantage can benefit from an enhanced cybersecurity monitoring and asset intelligence solution that aggregates and analyzes data from physical devices, and then processes and responds to critical issues across large, global enterprises. 

The AWS ISV Accelerate Program is a co-sell program for organizations that provide software solutions that run on or integrate with AWS. The program helps drive new business and accelerate sales cycles by connecting participating ISVs with the AWS Sales organization.

Visit AWS Marketplace to purchase Nozomi Networks solutions.

More information on the Nozomi Networks and AWS can be found on the Nozomi Networks AWS microsite.

Nozomi Networks, the leader in OT and IoT security, today announced a new content pack for organizations working toward ISA/IEC 62443 compliance and certification. The ISA/IEC 62443 Content Pack [JB1] makes it possible for Nozomi Networks platform users to quickly create custom queries and reports that help confirm their industrial automation and control systems (IACS) meet ISA/IEC 62443 standards. The Content Pack can also be used to assess an IACS’ security posture against ISA/IEC 62443 standards, identifying areas that align with the standards and areas that must be addressed in order to be compliant. 

The ISA/IEC 62443 series of standards, developed by the International Society of Automation 99 committee (ISA99) and adopted by the International Electrotechnical Commission (IEC), provides a framework to address and mitigate current and future security vulnerabilities in IACSs. The committee draws on the input and knowledge of security experts across the globe to develop consensus standards that are applicable to all industry sectors and critical infrastructure.

Nozomi Networks’ Content Packs are owned by Nozomi Networks’ user community and make it possible to export a combination of queries and reports into a single JSON file that can be shared in a completely separate environment. Content Packs do not contain any proprietary information and are safe to share. This allows Nozomi Networks and its customers to quickly share custom reports or queries internally or with the Nozomi Networks user community. The new ISA/IEC 62443 Content Pack covers parts 2-1 (security program best practices) and part 3-3 (definitions for system security requirements and security capabilities levels). 

Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks had this to say:

“Many MSPs work with customers to meet ICA/IEC 62443 practices during all phases of a project, from design, to operations, to cybersecurity monitoring.  This content pack instantly ‘turbo charges’ their ability to offer valuable insight into a customers alignment with 62443, on a continual and timely basis.”

The ISA/IEC 62443 Content Pack is available now. Contact Nozomi Networks Sales to learn more. 

For more information you can read this blog post.

Nozomi Networks, the leader in OT and IoT security, today announced its product line has been added to the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program’s approved product list (APL).

The Cybersecurity and Infrastructure Security Agency’s (CISA) CDM Program dynamically fortifies the cybersecurity of civilian government networks and systems with real-time risk monitoring and defense. The CDM program provides cybersecurity tools, integration services, and dashboards to participating federal agencies to support them in improving their respective security posture.

Nozomi Networks’ products align perfectly with the CDM program’s goals by delivering exceptional network and asset visibility, threat detection, and insights for critical infrastructure environments. Nozomi Networks solutions help reduce the threat surface, speed response, and streamline reporting. CDM-approved products include:

• Vantage, the industry’s first SaaS-based security and visibility platform for dynamic OT & IoT networks
• Guardian, sensors that make it possible to see, secure and monitor all ICS, OT, IoT, IT, edge and cloud assets
• Threat and Asset Intelligence Services, which provide continuous updates on emerging threats and new asset vulnerabilities for strong security and response.

Recognized as the market leader in OT and IoT security, Nozomi Networks is valued for superior operational visibility, advanced OT and IoT threat detection and highly scalable deployments. Nozomi Networks solutions support more than 89 million devices in thousands of installations across government agencies and critical infrastructure organizations worldwide. With the flexibility of deploying onsite and/or in the cloud, Nozomi Networks spans IT, OT and IoT to automate the hard work of inventorying, visualizing and monitoring networks through the innovative use of artificial intelligence. Use cases stretch beyond cybersecurity, and include troubleshooting, asset management and predictive maintenance.

Nozomi Networks, the leader in OT and IoT security, today announced an expanded global strategic partnership with Mandiant to help industrial and enterprise customers anticipate, diagnose and respond to IT and OT cyber threats in their critical business operations.

As part of the strategic partnership, Mandiant expanded the number of certified Nozomi Networks experts on its global OT incident response team and will utilize Nozomi Networks’ solutions to further forensic analysis and incident assessments. The companies are also investing in a new initiative that will include threat intelligence sharing and joint security research, and plan to introduce custom-designed incident response and assessment programs for joint customers. These new efforts reinforce a trusted partnership that began in 2016 and continues to expand with the shared mission to strengthen the security of industrial control systems.

Recognized as a market leader in OT and IoT security, Nozomi Networks is valued for superior operational visibility, advanced OT and IoT threat detection and strength across deployments. Nozomi Networks solutions support more than 89 million devices in thousands of installations across energy, manufacturing, mining, transportation, utilities, building automation, smart cities, and critical infrastructure. Nozomi Networks products are deployable onsite and in the cloud, and span IT, OT and IoT to automate the hard work of inventorying, visualizing and monitoring industrial control networks through the innovative use of artificial intelligence. Use cases stretch beyond cybersecurity, and include troubleshooting, asset management and predictive maintenance.

By combining their market leadership in OT, IT & IoT cybersecurity, Nozomi Networks and Mandiant are bringing a new level of cyber defenses to critical infrastructure organizations worldwide.

Nozomi Networks Inc., the leader in OT and IoT security, today introduced Nozomi Arc™, the industry’s first OT and IoT endpoint security sensor designed to exponentially speed time to full operational resiliency. Built to automatically deploy across large numbers of sites and devices anywhere an organization needs visibility, Nozomi Arc adds crucial data and insights about key assets and network endpoints. This data is used to better analyze and deter threats, as well as correlate user activity, all without putting a strain on current resources or disrupting mission-critical networks. 

Arc is a game-changer when it comes to complete asset visibility, deployment speed and reach across complex and remote OT and IT networks. Nozomi Arc is designed to:

• Analyze endpoint vulnerabilities,
• Identify compromised hosts,
• Be deployed remotely; and 
• Accelerate monitoring deployments in mission critical systems. 

According to the most recent SANS ICS security report, two of the biggest challenges facing security professionals center on the lack of security resources and the inability to track industrial control devices and applications. Nozomi Networks Arc is purpose-built to address both issues, while complementing the network-based analysis provided by Nozomi Networks’ Vantage and Guardian platforms. 

With Nozomi Arc, users benefit from:

Faster Time to Resiliency: Nozomi Arc eliminates time, resource, geographic and internal policy constraints that come with network-based deployments. It gets new sites online quickly and makes it possible to monitor and analyze once unmanaged or unreachable connections and networks. 

Lower Cyber Risk and Increased Security: Nozomi Arc is the only OT solution in the market to detect malicious hardware. It’s the first solution to provide continuous visibility into (active and inactive) network assets and key endpoint attributes as well as information about who is using them. With access to the full attack surface of host systems, Arc provides more complete threat analysis and monitors potential attack entry points than is possible with a network-based sensor alone. Additional points of visibility include attached USB drives and log files. 

Extended Visibility and Context: In addition to shining a light on more assets and devices and potential vulnerabilities, Arc identifies process anomalies as well as any suspicious user activity. This reduces the potential for insider threats or compromised hosts. Arc also adds continuous monitoring capabilities for endpoint assets, monitoring that is not possible with network sensors alone.

Lower Operational Overhead: Because Arc can be deployed remotely via software download, Nozomi Arc does not require extensive network changes to be deployed anywhere in the world – even the most remote location. There is no administrative overhead to manage thousands of endpoints across multiple sites. Deployments can be automated across environments, whether they are installed as part of a standard operating environment or periodically deployed to collect data and then removed. 

Nozomi Arc is available now via subscription from Nozomi Networks and its extensive global network of channel partners. Pricing is based on the number of assets monitored. 

For more information:

Read the Blog: Get More Insight into Endpoint Activity and Threats with Nozomi Arc 

Read the Product Overview: Nozomi Arc

Nozomi Networks has released the 2nd Half Review in its “OT/IoT Security Report: A Deep Look Into the ICS Threat Landscape” finding wiper malware, IoT botnet activity, and the Russia/Ukraine war significantly influenced the threat landscape as disruptive attacks on critical infrastructure continued into the second half of last year targeting rail, hospitals, manufacturing and energy. 

Malicious IoT botnet activity remained high and continued to rise in the second half of 2022. Nozomi Networks Labs uncovered growing security concerns for both hard-coded passwords and internet interfaces for end-user credentials. On the vulnerability front, manufacturing and energy remained the most vulnerable industries followed by water/wastewater, healthcare and transportation systems. In the last six months of 2022.

You can read the full report here.

Nozomi Networks has released its new report, The State of OT/ICS Cybersecurity in 2022 and Beyond, which uncovers that ICS cybersecurity threats remain high as adversaries set their sights on control system components. 

In response, organizations have significantly matured their security postures since last year. Despite the progress, more than a third don’t know whether their organizations had been compromised, and attacks on engineering workstations doubled in the last 12 months. 

Here’s a geographical breakout of the survey respondents:

And here’s an infographic with top level details:  

You can see the full results here.

The 2022 SANS ICS/OT survey received 332 responses representing various industry verticals from energy, chemical, critical manufacturing, nuclear, water management, and several others. Of the 63 subcategories across these verticals, many respondents are sub-classified in electricity, oil and gas, equipment manufacturing, specialty chemicals, transportation equipment manufacturing, drinking water, and engineering services. 

Nozomi Networks, the leading OT and IoT security and visibility solution, has released its 2022 1H Threat Landscape Report. In this report, Nozomi Networks Labs analyzes the current threat landscape, ransomware and IoT botnet attacks, ICS, OT/IoT device vulnerability and exploitation trends, and steps to improve cyber threat remediation strategies. 

Nozomi Networks Labs explores key threat mitigations for more robust security, including backups, threat intelligence, cloud security, threat detection, and SBOMs. Based on this latest analysis, Nozomi Networks provides a forecast with some of the critical cybersecurity trends they expect to see throughout the rest of 2022. 

High level report takeaway from Roya Gordon, OT/IoT Security Research Evangelist and Nozomi Networks Labs:

• With added IoT and analytics technologies for business efficiency come security concerns for both hard-coded passwords and internet interfaces for end-user credentials, in addition to networks security gaps and concerns 
• Manufacturing and energy continue to lead in threat actor activity, however, healthcare, and commercial facilities targeting is on the rise 
• As each sector becomes more targeted, unique risks arise for each, growing the overall risk landscape across critical infrastructure sectors 
• Fewer CVEs recorded, however, more vendors and additional product vulnerabilities reported as we see threat actors more carefully tailoring attacks to specific environments and use cases 
• Decision makers are inundated with information, including security research and threat reports, but they often don’t equate to actionable intelligence in lieu of mounting vulnerabilities – some manageable and others un-patchable 
• Good quote: “Most reported critical weaknesses include misused authentication, improper access controls, and integer overflow variables.”

Thoughts on trend analysis from Danielle Jablanski, OT Cybersecurity Strategist at Nozomi Networks:

• Threat actors are doing their homework, focusing on techniques to maintain access undetected, and mitigating potential unintended consequences. 
• There has been broad realization that operations that tolerate little to no physical downtime are lucrative targets, with seemingly no sector off limits – food, hospitals, transportation 
• It remains difficult to standardize attack patterns in OT/ICS, and case-by-case tacit knowledge is required to sufficiently secure each operation based on what is treated, produced, fabricated, manufactured, pumped, assembled, etc. 
• Supply chain manipulation and chain of custody concerns for OT and ICS, as well as the potential to hijack native functionality of these systems, represents a more pressing concern in this domain than traditional zero days software vulnerabilities 
• OT/ICS owners and operators underappreciated the potential effects of social engineering campaigns on their companies and environments 
• Cyber-attacks on critical infrastructure are not just a force multiplier in times of crisis or conflict, but can also overwhelm local resources and cause public panic and require appropriate risk reduction and contingency planning 
  • One of the most heroic events in any ICS sector took place in March 2022 as a result of the Russian invasion of Ukraine when Ukraine securely integrated with Europe’s power grid due to market, regulatory, cybersecurity and legal concerns. 
• Companies and individuals are still mostly reacting to security incidents, rather than reducing the severity of potential impacts 
• The looming threat of highly sophisticated, often nation-state level attacks, narrows focus to threat hunting at the expense of other indicators worth investigating 
• Limited resources, lack of technical competency, talent and expertise gaps, and siloed communications continue to be notable hurdles to the holistic adoption of security best practices 
• Market for cyber insurance is at a critical inflection point, recognizing that although the sensitivity of data across many industrial sectors is not extremely high, the potential for business disruption and severe physical impacts by cyber means remains high 
  • Fewer providers offering coverage and premiums increasing, and most recently Travelers insurance has filed suit to rescind cyber insurance policy coverage to a customer for allegedly misrepresenting information gathered on their coverage application concerning their use and implementation of multi-factor authentication 

Executive Summary: https://www.nozominetworks.com/downloads/Nozomi-Networks-OT-IoT-Security-Report-ES-2022-1H.pdf

Full Report: https://www.nozominetworks.com/downloads/Nozomi-Networks-OT-IoT-Security-Report-2022-1H.pdf

A webinar will occur. You can register: here