Chet Namboodri, VP, Alliances and Business Development, Nozomi Networks, outlines how Nozomi Networks and Cisco are working together to secure IT and ICS systems.
Large organisations utilise a variety of technologies and solutions to create cyber-resiliency, an important part of the best practice known as ‘defence in depth’. But, using disparate systems can actually result in increased security exposure and risks, and slower response to threats.
A few years ago, Cisco began working with the best and brightest minds around the world to address this issue.
This led to the creation of their security technology programme, which included an open platform for collaboration called the Cisco Security Technology Alliance (CSTA).
Nozomi Networks has integrated its ICS security solution with the CSTA to deliver comprehensive operational visibility and cybersecurity across IT/OT networks.
Together, we provide real-time monitoring and threat detection that streamlines security policy management and enforcement, and speeds incident response.
By integrating the Nozomi Networks solution with Cisco technologies, manufacturers and other industrial operators benefit from comprehensive IT/ICS security.
Nozomi Networks integrates with Cisco security policy platform and devices
The CSTA provides an environment for leading security solution providers like us to integrate with Cisco APIs and SDKs across the Cisco security portfolio.
Nozomi Networks kicked off our membership in CSTA with security integration for Cisco’s Identity Services Engine (ISE).
The Identity Services Engine (ISE) is a security policy management platform that helps organisations manage users and devices on business networks. Sharing contextual usage data amongst IT systems and solutions makes it much easier to enforce policies for resource access and more.
Unified IT/ICS security policy management, monitoring and incident response
Today, enterprise security extends beyond business networks to include operational technology (OT) environments. The Nozomi Networks solution adds deep OT visibility and threat detection to Cisco’s security platform, for integrated IT/OT security monitoring, policy management and incident response.
For example, Cisco’s ISE provides network access control and creates profiles for devices connected to the ICS network.
The Nozomi Networks solution passively analyses network traffic and collects information about endpoints to enhance OT visibility.
The systems exchange bi-directional information as follows:
- ISE provides additional asset details gathered from endpoint supplicants to enhance Nozomi Networks asset inventory. Similarly, ISE uses SCADAguardian information to build out more robust device profiles
- SCADAguardian provides ISE with MAC information, enabling enhanced MAC whitelisting for OT networks
- SCADAguardian provides ISE with information that assists in changing authorisation rules, such as modifying security group tags, applying downloadable ACLs to switchports, changing the VLAN, etc
The Nozomi Networks solution provides OT asset details to Cisco’s ISE and vice versa, delivering integrated IT/OT visibility.
The Nozomi Networks solution also provides joint customers with:
- OT network visualisation – for situational awareness and fast troubleshooting
- Operational visibility – for real-time OT network monitoring
- OT cybersecurity – for rapid, OT-specific threat detection and incident response
Integrated IT-OT security infrastructure reduces corporate risk
Membership in CSTA allows us to better support our customers’ adoption of an integrated IT-OT security infrastructure. As more and more organisations move towards enterprise-wide cybersecurity management across business and industrial networks, our integrated solution provides the visibility and cyber-resiliency they’re looking for.