Nozomi unveils automated cyber defence for industrial networks

Nozomi Networks has released what it describes as the industry's first cybersecurity solution capable of automating threat responses within operational technology environments.

The latest version of Nozomi Arc introduces active threat prevention measures, allowing industrial organisations to move from passive detection to active defence when protecting mission-critical assets, while aiming to maintain operational uptime.

Nozomi Arc, launched in 2023, was created to address the cybersecurity and operational needs of both operational technology (OT) and Internet of Things (IoT) environments. The software provides endpoint security and network monitoring and is a key element within the broader Nozomi platform, supporting Windows, Mac, and Linux endpoints in operational contexts.

The new release shifts the approach to cybersecurity in operational environments by providing automated mechanisms to block and contain threats in real time. This is seen as a response to ongoing challenges faced by industrial networks, which according to the company, are increasingly targeted by cyber attackers.

"Industrial networks are under escalating attack, and traditional IT cybersecurity automation tools aren't safe or viable in OT environments," said Andrea Carcano, Nozomi Networks Co-founder and Chief Product Officer. "With Nozomi Arc threat prevention, we are empowering customers to - at their discretion - safely and automatically block and contain threats directly at the endpoint. And we intend to extend automated threat prevention capabilities across the Nozomi Platform in the future."

Operational modes

Nozomi Arc now provides three operational modes designed to suit various organisational needs and risk appetites. Detection Mode enables non-disruptive monitoring which can be used for audits and compliance purposes. Quarantine Mode blocks malicious files and preserves them for subsequent forensic analysis. Delete Mode offers an option to instantly remove harmful files to reduce further risk of damage.

The preventive engine within Nozomi Arc utilises Nozomi Networks' own Threat Intelligence, with further enhancements available via the Threat Intelligence Expansion Pack powered by Mandiant Threat Intelligence. The system interprets indicators of compromise through several industry formats including YARA, STIX, and SIGMA. This aims to improve the detection and response to threats by enabling in-depth behavioural analysis at a local level within OT environments.

Integration and visibility

Unlike standalone security agents, Nozomi Arc is natively integrated into the wider Nozomi Networks platform for the protection of OT, IoT, and Cyber Physical Systems (CPS). This integration is intended to enable organisations to unify their detection, response, and orchestration procedures across network infrastructure, endpoints, and wireless communication channels.

The context in which this solution is launched features rising threats to OT networks, with attackers focusing increasingly on control servers, operator workstations, human-machine interfaces (HMIs), and similar assets. Citing data from MITRE ATT&CK for ICS, Nozomi Networks notes that 72% of ICS attack techniques specifically target these types of OT assets, and that there is significant overlap with attack paths found in enterprise IT environments.

Conventional IT security agents are often unsuitable for OT environments due to safety and operational constraints. This has presented security challenges, leaving critical devices exposed to cyber threats affecting operational continuity.