New Release Introduces Hybrid ICS Threat Detection – and more

Date: October 23, 2017 By: Andrea Carcano

Amid rising threats to industrial control systems, it’s good to see more and more operators realizing there is new technology available that can significantly help them with the challenge of ICS cybersecurity. Companies are moving beyond relying on network segmentation, industrial firewalls and SIEMs and want to monitor and analyze their network traffic in real-time so they can immediately act to defend security and reliability.

Our passive ICS cybersecurity and visibility solution addresses that goal, and today I am glad to let you know that we are advancing our offering with our second major product release of 2017. It further enhances our strength in ICS threat detection and addresses the needs of large customers for easy IT/OT integration. Let’s look at the key capabilities in release 17.5.

new-release-introduces-ICS-hybrid-threat-detection-and-more
Now industrial facilities can take advantage of hybrid ICS threat detection for maximum cyber resiliency.

1. Improved Cyber Resiliency with Hybrid ICS Threat Detection

Up-to-now, our SCADAguardian product has provided best-in-class behavioral-based anomaly detection that identifies any changes in communication or process variable values that could indicate the presence of a cyber threat or a risk to reliability. With our new release, the product is now enriched with signature and rules-based threat detection.

The new rules-based capability allows us to quickly identify known malware on an industrial network. For example, at a recent customer installation, SCADAguardian identified the presence of WannaCry on the network within a few minutes of deployment.

Furthermore, our hybrid approach goes beyond anomaly-only or rules-only analysis. SCADAguardian correlates the data from multiple types of threat detection to rapidly inform operators about what is happening on their network. Consider the following alerts, which SCADAguardian auto-correlated into one incident:

  • A new device is added to the network
  • New communication is coming from the device
  • Files indicating the presence of WannaCry are identified

From this information the security team quickly realized that a maintenance worker had connected their laptop to the industrial network and introduced the WannaCry malware.

What to Expect from Advanced ICS Threat Detection:

  • Best-in-class behavior-based anomaly detection enriched with rules and signature-based threat detection
  • Known malware identification using YaraRules and Packet Rules (file and packet signature matching)
  • Fine-tuned threat detection and hunting for with custom Assertions (queries and actions)
  • Real-time process analysis, powered by artificial intelligence, to eliminate noise and identify true threats

Did you Know?

Version 17.5 expands the selection of SCADAguardian appliances from 8 to 11 physical or virtual devices, covering every type of deployment.

physical-or-virtual-appliances

Our products use technology that is 100% Nozomi Networks owned, assuring security, performance and ease of deployment.


2. Easy Integration with IT/OT Environments

Ever since I founded Nozomi Networks with Moreno Carullo, our philosophy has been to provide solutions that share data and interact with other applications to provide a complete solution. The 17.5 release takes this vision to another level in our products with the inclusion of an Open API and Protocol SDK.

Expanding on already included built-in integrations with IT security infrastructure, now an Open API provides rich, deep integration with IT/OT applications. For example, share Nozomi Networks asset auto-discovery data with configuration management applications or easily integrate SCADAguardian data with applications like incident ticketing systems.

Similarly, while our products already support dozens of ICS and IT protocols, now customers and system integrators can expand that range with a Protocol SDK. This speeds support for more protocols and eliminates the need to share proprietary information.

What to Expect from the Open API and Extensible Architecture

  • Built-in integrations with SIEMs and firewalls are extended with an easy-to-use Open API
  • Comprehensive Open API makes available all Nozomi Networks data for use in IT/ICS applications
  • New Protocol SDK extends protocol support beyond the dozens already supported
  • Rich customizations and export capabilities improve productivity and enhance data analysis
nozomi-networks-solution-architecture-whatsnew
The Nozomi Networks Solution Architecture showing the new and extended capabilities of v17.5.

3. Real-time Monitoring and Cybersecurity for OT Networks from Trusted IT Security Providers

Another positive indicator of advances in ICS cybersecurity is that CISO’s are now demanding enterprise-grade security that encompasses their OT environments. To help meet that need, we are thrilled to offer managed service providers a new tool for powering their offerings. Our Central Management Console (CMC) now comes with a multitenant deployment option.

It is ideal for IT security service providers expanding into OT because our solution is designed from the ground-up with a thorough understanding of industrial networks and processes. It is totally safe for sensitive control networks and it provides optimum performance on shared infrastructure. The CMC combines the benefits of centralized cybersecurity and visibility with data segmentation for each client.

What to Expect from the Multitenant CMC:

  • Centralized ICS cybersecurity monitoring for many customers using a single instance of the CMC
  • Flexible, scalable, hierarchical aggregations of cybersecurity and operational data to suit all organizations
  • Secure, granular control of user access to OT data and interfaces, ensuring confidentiality
  • Maximized value from scarce OT security experts across many industrial sites
nozomi-networks-sample-deployment-architecture-MSSP
Shown above is just one example of how the Nozomi Networks Solution can be deployed
as a multitenant application by Managed Security Service Providers (MSSPs).

Hybrid ICS Threat Detection and Easy IT/OT Integration

With this release, Nozomi Networks has reinforced our commitment to meeting the needs of the world’s most demanding critical infrastructure operators and security stakeholders. Major enterprise cybersecurity partners, such as FireEye, Fortinet and Palo Alto Networks rely on our comprehensive ICS/OT cybersecurity and integration technology to complement their IT cybersecurity offerings.

To learn more about what’s new in v17.5, as well as what’s always been great about our solution, explore the content below.


Want to learn more about release 17.5?

thumbnail-whatsnew-17-5

DOWNLOAD THE
WHAT’S NEW BULLETIN


Related Content to Download

Related Links


Tagged , , , , , , , , , ,