Nozomi Networks Automates Critical Infrastructure Cybersecurity

Nozomi Networks has introduced automated threat prevention capabilities within its Nozomi Arc platform, marking a significant advancement for critical infrastructure cybersecurity. This development represents the industry’s first solution designed to safely automate threat responses specifically for operational technology environments. The latest release of Nozomi Arc now provides robust, automated threat prevention for OT endpoints, moving beyond traditional detection methods to deliver active defense mechanisms.

Originally launched in 2023, Nozomi Arc stands as the world’s pioneering endpoint security and network monitoring solution created specifically to address both cybersecurity and operational requirements in OT and IoT environments. As an integral component of the Nozomi platform, Arc extends the company’s award-winning security protections to Windows, Mac, and Linux endpoints operating within industrial settings.

The newly available threat prevention capabilities enable industrial organizations to better safeguard mission-critical assets while maintaining operational continuity. Industrial networks face increasingly sophisticated attacks, and conventional IT cybersecurity automation tools often prove unsuitable for OT environments according to Andrea Carcano, Nozomi Networks Co-founder and Chief Product Officer. “With Nozomi Arc threat prevention, customers can now safely and automatically block and contain threats directly at endpoints according to their specific requirements,” Carcano explained, noting plans to extend these automated prevention capabilities across the entire Nozomi Platform in future releases.

The enhanced Nozomi Arc platform now offers several key features:

Flexible Automated Threat Prevention operates through three distinct modes tailored to organizational environments and risk profiles. Detection Mode provides non-disruptive monitoring ideal for audit and compliance requirements. Quarantine Mode blocks malicious files while preserving them for detailed forensic analysis. Delete Mode instantly removes harmful files to prevent further system damage.

OT-Tailored Threat Intelligence Integration powers the prevention engine through Nozomi Networks Threat Intelligence, further enhanced by the Threat Intelligence Expansion Pack utilizing Mandiant Threat Intelligence. The system delivers indicators of compromise in YARA, STIX, and SIGMA formats, enabling comprehensive local behavioral analysis.

Seamless Platform Integration distinguishes Nozomi Arc from standalone endpoint agents through native integration with the Nozomi Networks platform for OT, IoT and CPS protection. This unified approach allows organizations to coordinate detection, response, and orchestration workflows spanning from endpoint activities to wireless communications.

Operational technology networks confront escalating threat vectors as attackers increasingly target control servers, operator workstations, HMIs, and other critical OT assets. Research from MITRE ATT&CK® for ICS indicates that 72% of ICS techniques directly target these operational components, creating significant overlap with enterprise-level attack pathways. The challenge of safely deploying conventional IT security agents has historically left essential industrial devices vulnerable to exploitation.

Through automated endpoint protection, security teams can dramatically reduce mean time to response while achieving unified visibility across both network and endpoint activities. This enhanced capability simultaneously strengthens compliance postures. Operations teams benefit from rapid threat containment that minimizes disruption to production processes, ensuring critical infrastructure remains protected without compromising operational efficiency.

(Source: ITWire Australia)