Nozomi & Mandiant collaborate on enhanced threat detection

Nozomi Networks has announced a collaboration with Mandiant to deliver a more comprehensive threat detection and response solution for OT, IT, and IoT environments, with the general availability of the Nozomi TI Expansion Pack powered by Mandiant Threat Intelligence.

The combined solution aims to enhance the way industrial and enterprise Chief Information Security Officers (CISOs) and their teams anticipate, diagnose, and respond to cyber threats across all critical business operations. This integration allows customers to enrich Nozomi's threat intelligence services with Mandiant's, providing broader access to real-time information about threats to IT, OT, and IoT systems.

Edgard Capdevielle, CEO of Nozomi Networks, emphasised the importance of the new solution in the context of the rapidly evolving cybersecurity threat landscape. "The cybersecurity threat landscape is rapidly evolving, with attacks growing in both number and impact enterprise-wide," Capdevielle stated.

"To minimise risk and maximise operational resilience, CISOs and their security teams need comprehensive solutions that enable them to quickly assess and respond to threats across their IT, OT, and IoT systems. We are pleased to be able to give our customers the option to easily incorporate Mandiant’s world-class threat intelligence as part of a whole solution that delivers superior security outcomes."

Melissa Smith, Google Cloud’s Head of Strategy & Technology Partnerships, also commented on the collaboration, highlighting the long-standing partnership between Mandiant and Nozomi Networks. "For nearly a decade, Mandiant and Nozomi Networks have partnered to deliver advanced, AI-powered OT and IoT security solutions to customers,” Smith noted.

"This latest expansion is another critical step in our journey to combine threat intelligence sources and defenses to deliver the best possible security outcomes for the world’s critical infrastructure. By blending Mandiant’s threat intelligence and expertise with Nozomi Networks’ OT threat intelligence and tools, we can enable critical infrastructure organisations to enhance their threat intelligence and investigations for a stronger defence."

The Nozomi TI Expansion Pack offers Nozomi Networks customers a deeper understanding of both OT and IT threat landscapes. This integration aims to improve monitoring and response capabilities, ensuring robust security outcomes. Alongside this, Nozomi Networks has introduced Vantage Threat Cards, a feature of their cloud-based cyber management console, Nozomi Vantage. These cards aim to revolutionise how users derive value from threat intelligence feeds by clustering and organising threat data logically.

The Vantage Threat Cards provide instant access to critical threat information, including descriptions, first and last-seen dates, exploitation status and vectors, targeted industries and countries, MITRE ATT&CK details, and mitigation suggestions. These features are designed to significantly speed up response times and enhance accuracy. Analysts can input an IP address, domain name, hash, or threat actor alias to identify associated rules, streamlining the identification process.

Additional updates to the vulnerability data within the Nozomi Vantage system include improved CVSS mapping, detailed summaries, lists of vulnerable products, exploitation details, MITRE ATT&CK details, workarounds, and vendor fixes. These updates link back to Threat Cards and malware groups, ensuring comprehensive coverage and deeper insights into vulnerabilities.

The Nozomi TI Expansion Pack is now available for customers using Nozomi Networks' on-premises and cloud-based monitoring solutions. Vantage customers specifically benefit from the additional threat intelligence feed provided through the Nozomi Threat Cards.