Nozomi Networks’ Arc Release Boosts OT Security

Nozomi Networks has unveiled a significant upgrade to its Nozomi Arc cybersecurity platform, introducing automated threat prevention capabilities specifically engineered for operational technology environments. This enhancement allows industrial organizations to move beyond simple detection and actively defend critical infrastructure without risking operational downtime. The solution directly addresses the unique security challenges present in industrial control systems where traditional IT security tools often fall short.

Initially introduced in 2023, Nozomi Arc provides comprehensive endpoint security and network monitoring tailored to the demanding requirements of both OT and IoT settings. As an integral element of the broader Nozomi platform, Arc extends protective measures to operational endpoints running on Windows, Mac, and Linux operating systems. The latest iteration represents a strategic evolution from passive monitoring to active threat prevention, giving security teams the ability to automatically neutralize threats at their source.

Andrea Carcano, Chief Product Officer at Nozomi Networks, emphasized the growing urgency for specialized industrial security solutions. “Industrial networks face increasingly sophisticated attacks, and standard IT cybersecurity automation simply isn’t suitable for OT environments,” Carcano explained. “With Nozomi Arc’s threat prevention capabilities, we’re enabling customers to safely and automatically block and contain threats directly at endpoints according to their specific security policies.”

The updated platform introduces several critical features that strengthen industrial security postures:

Flexible automated threat prevention now operates through three distinct modes aligned with organizational risk tolerance. Detection mode provides non-disruptive monitoring ideal for compliance and audit requirements. Quarantine mode blocks malicious files while preserving them for detailed forensic investigation. Delete mode offers immediate removal of threatening files to prevent further system damage.

OT-focused threat intelligence integration powers the prevention engine with specialized intelligence from Nozomi Networks’ own research team, augmented by the Threat Intelligence Expansion Pack incorporating Mandiant Threat Intelligence. The system delivers indicators of compromise in YARA, STIX, and SIGMA formats, enabling thorough local behavioral analysis specific to industrial environments.

Native platform integration distinguishes Nozomi Arc from standalone endpoint solutions by embedding seamlessly within the comprehensive Nozomi Networks platform for OT, IoT, and Cyber-Physical System protection. This unified approach allows organizations to coordinate detection, response, and orchestration workflows across all operational assets from individual endpoints to wireless communications.

Industrial networks confront escalating security challenges as attackers increasingly target control servers, operator workstations, human-machine interfaces, and other critical OT assets. Research from MITRE ATT&CK for ICS indicates that 72% of ICS attack techniques directly focus on these operational components, creating significant overlap with enterprise-level attack vectors. The inability to safely implement conventional IT security agents has left many essential industrial devices dangerously exposed.

Through automated endpoint protection, security teams can dramatically reduce mean time to response while achieving unified visibility across both network and endpoint activities. Operations teams simultaneously benefit from rapid threat containment that minimizes disruption to production processes and maintains operational continuity. This balanced approach addresses the dual priorities of security effectiveness and operational reliability that define successful industrial cybersecurity programs.

(Source: NewsAPI Cybersecurity & Enterprise)