Nozomi’s Guardian gives your business the following benefits:
- Time-saving in relation to Asset management and keeping track of your units in your production system
- Real-time intuitive overview and great visibility
- Effective risk assessment on discovered vulnerabilities in production infrastructure.
- New in version 19.0: “Remote Collector”: collecting data from smaller locations or from segmented networks
- New in version 19.0: Improved reporting capabilities in relation to standards and compliance
- New in version 19.0: “Smart Polling” for active scanning of MS Windows OS for collecting OS information and detecting USB usage.
Guardian has primary functions in one comprehensive solution that offers the following benefits:
- Asset tracking – updated overview – all the time
Guardian conducts “deep packet inspection” via the 1-7 levels in the OSI protocol stacks. This means the solution can draw a detailed picture of the production system’s infrastructure and identify the protocols and units attributes (including supplier, type, etc.). With Asset tracking, the company always has an updated picture of devices in the infrastructure and thereby saves resources on manual updates of databases.
- New in version 19.0: Remote Collector
The Remote Collector is a “probe” capable of gathering detailed data from the ICS environment from smaller production locations. Previously, a “full-blown” solution had to be installed in a small location, but with this remote collector, it is not necessary anymore. A remote collector collects data from the location and sends data back to the Guardian, which is located in a central location. The Guardian will then analyze this data from the remote locations. Remote collector can also be used for large ICS infrastructures on larger location with a highly segmented network via VLANs and or NATs. The remote collector is available both as a virtual image or as a hardware device.
- IT and OT Protocol baselining – visualization of the network
Guardian can analyze a wide range of protocols and attributes from leading products to ICS Systems. Below is an excerpt:
OT protocols and applications:
- Aspentech Cim / IO, BACNet, Beckho ADS, BSAP IP, DNP3, Enron Modbus, EtherCAT, EtherNet / IP – CIP, Foundation Fieldbus, Generic MMS, GOOSE, Honeywell, IEC DLMS, Generic MMS, GOOSE, Honeywell, IEC DLMS / COSEM, ICCP, Modbus / TCP, MQTT, OPC AU, Siemens CAMP, Mitsubishi Melsoft, Mitsubishi SLMP, ABB Totalflow,.
IT protocols and applications:
- BROWSER, CDP, DCE-RCP, DHCP, DNS, DRDA, FTP, FTPS, HTTP, HTTPS, ICMP / PING, IGMP, IKE, IMTP, ICMP / PING, IGMP, IKE, IMPP , IMAPS, Kerberos, KMS, LDAP, LDAPS, LLDPMDNS, MS SQL Server, MySQL, NetBIOS, NTP, OSPF, RDP, etc. This support is continually expanded as customer needs arise. In addition, supported by the leading suppliers of ICS equipment in the Guardian solution, such as:
The support of protocols is continuously expanded as the needs from the customers rise.
In addition, the leading suppliers of ICS equipment in the Guardian solution support such as:
Continuous monitoring – alerting about vulnerabilities and infrastructure changes.
- When the solution is running and baselining is completed,Guardian can be set up to alert different events:
- Increased traffic relative to normal traffic patterns
- New protocols from other devices.
- New devices or IP addresses that enters the network.
- PLC equipment that performs commands other than normal.
Advanced techniques such as “Artificial Intelligence” and “Machine Learning” are used to detect and alert about “abnormal” traffic.
- Minimizing time by troubleshooting and analysis by security incidents.
With the overview and the “realtime” information provided by the technology from the Guardian solution, your company will be able to react faster and more efficiently. This means that a potential “downtime” will be as short as possible, and thus the consequence of an event will be minimized. Similar to reporting on an event is easily accessible via the reporting module and dashboards in the solution.
- New in version 19.0 – “Smart polling” – active scanning of Windows servers
ICS environments have many MS Windows devices running, and this is often a specific target for hackers and malware, but this equipment is not part of the same update cycle as IT. Therefore, it is important to keep an eye on the vulnerabilities facing this part of the OT server platform. “Smart Polling” is an active scanning feature that allows you to get more information about hotfixes, patches. Etc. and thereby provide you specific information about which vulnerabilities that you should deal with. “Smart Polling” can also detect USBs used in the server itself. Smart Polling is an add-on to the Guardian solution .
- Integration to IT security systems with SIEM and firewalls.
Guardian has various options for sending information to both SIEM and Firewalls. Nozomi works together with IBM Qradar, Splunk, Arcsight and LogRytherm in order to form a comprehensive overview of log information and events – both in the IT-ICS environment. In addition, Nozomi has entered into strategic collaborations with eg. Fortinet and Palo Alto, which means that firewall configurations can be changed based on the alarms sent by the Guardian solution. A more detailed description of the partner is described here: https://www.nozominetworks.com/partners/
- Flexible architecture with central management with CMC and Guardian devices.
Guardian is placed on the ICS network and collects a number of detailed information about the network, vulnerabilities and active devices in the ICS network. It is passive appliance that sits on a mirrored port on one or more switches in the production network. Guardian is delivered either as a physical appliance or as a virtual appliance that can be installed on both Hyper-V, KVM, VMware and XEN platforms, and licensed by a number of nodes, throughput and a number of monitor ports.
- Central Management Center (CMC)
Nozomi also offers a central management platform, which allows a comprehensive overview of larger installations and performs the essential tasks from a central level. Right management is offered so that certain persons with responsibility for a production facility can only manage this part of the Nozomi infrastructure.
Want to try out Guardian in your infrastructure?
SecuriOT offers a “Proof of Concept” (PoC), where on or more appliances are deployed in your infrastructure. The Solution runs for up to 3 weeks in a limited part of your ICS-network. After finalizing the PoC resultats and recommendations are presented.
Prices starts at 5.000 Euro excl. VAT. Contact us to heare more about this.