Nozomi Automates ICS Risk Detection

Monday, January 9, 2017 @ 05:01 PM gHale


Relative industry newcomer, Nozomi Networks released the latest version of SCADAguardian, which allows engineers and operators to protect against cybersecurity attacks, monitor processes and manage ICS environments.

Last year, 295 critical infrastructure attacks ended up reported to the United States Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) division of the US Department of Homeland Security, according to its annual report. But everyone knows that is just the tip of the iceberg.

RELATED STORIES
Monitoring a Growing Network
Integrated Tactic to ICS Security
Integrated Approach to Protecting ICS
Analytics through Network Monitoring

Concerns about ICS vulnerabilities and incidents continue to grow as attacks increased from only a few each year to an incident every day.

“In the United States and globally the security of systems that control electric power, water, and oil & gas are at risk and need the most advanced technologies possible to protect operations from disruption,” said 451 Research Analyst Christian Renaud.

Launched in 2013, Nozomi Networks applied advanced machine learning and behavior detection to ICS networks. Its flagship product, SCADAguardian, monitors more than 50,000 industrial devices in dozens of multinational customer sites spanning oil & gas, electric utilities, manufacturing and transportation. One operator is Enel, a multinational energy company and a leading integrated electricity and gas operators.

Scadaguardian brings users:

ICS Cybersecurity: Allows users to rapidly detect cyber incidents and process anomalies. Nozomi Networks bridges automation, machine learning and network behavior analytics with ICS cybersecurity for deep detection of ICS risks and rapid prevention or mitigation of impacts. SCADAguardian’s Time Machine capabilities provides network and process snapshots to support forensic investigations and compliance reporting. It also provides capabilities to help with response and remediation. SCADAguardian supports Zero Day detection, integration with firewalls and SIEMs, ICS incident alerting and notification; and end-to-end detection of attack activities, from recognizance, to command-and-control, to malicious actions.

Operational Visibility: Users can monitor processes. It supports real-time process monitoring and baselining with high granularity. Non-intrusive real-time mapping, monitoring and visualization provide immediate insights for faster troubleshooting and remediation of IT and operational issues without impacting industrial processes.

SCADAguardian enhancements include:
• Incident management that automatically aggregates multiple alerts and messages into incidents, using intelligent correlation heuristics. Instead of receiving multiple alerts that need to be associated to their logical cause, SCADAguardian groups those alerts by incident, providing an explanation of the cause, and making it more actionable for the operator. Operators can easily manage their networks at a level that makes the most sense.
• Customizable portable dashboards that simplify and streamline the standardization of corporate policy, security monitoring, and operational reporting across plants, entities, and even industries. Not only can industrial operators share and standardize dashboards between their plants, system integrators and resellers can also incorporate SCADAguardian’s dashboards into the compliance or operational services they sell.
• Time machine allows operators to compare a complete model of their plant and process at two different times in order to understand and visualize changes in the ICS environment with the highest possible context and granularity. This functionality is now fully integrated and seamlessly available throughout SCADAguardian to improve analysis and remediation of alerts and incidents.
• Performance optimization delivers a 20x improvement on response times giving customers instantaneous answers to complex ad-hoc queries and assertions along with compliance checks against NIST or NERC that are continuous and in real-time.



Leave a Reply

You must be logged in to post a comment.