Nozomi and Mandiant improve IoT security

  • August 28, 2024
  • Steve Rogerson

Virginia-based cyber-security firm Mandiant is helping Nozomi Networks deliver threat detection and response for OT, IT and IoT.

With the general availability of the Nozomi TI expansion pack, critical infrastructure organisations have access to both Nozomi Networks and Mandiant threat intelligence services, integrated to strengthen threat visibility and better defend cyber physical systems and processes.

California-based Nozomi Networks specialises in OT and IoT security. Powered by Mandiant threat intelligence, the TI expansion pack can help strengthen and streamline the way industrial and enterprise CISOs and their teams anticipate, diagnose and respond to cyber threats across all their critical business operations.

With the expansion pack, Nozomi Networks’ customers have the option to enrich Nozomi threat intelligence with Mandiant to gain more comprehensive access to real-time information about threats to their IT, OT and IoT systems.

“The cyber-security threat landscape is rapidly evolving, with attacks growing in both number and impact enterprise-wide,” said Edgard Capdevielle, CEO of Nozomi Networks (www.nozominetworks.com). “To minimise risk and maximise operational resilience, CISOs and their security teams need comprehensive solutions that enable them to quickly assess and respond to threats across their IT, OT and IoT systems. We are pleased to be able to give our customers the option to easily incorporate Mandiant’s world-class threat intelligence as part of a whole that delivers superior security outcomes.”

Melissa Smith, Google Cloud’s head of technology partnerships, added: “For nearly a decade, Mandiant and Nozomi Networks have partnered to deliver advanced, AI-powered OT and IoT security to customers. This latest expansion is another critical step in our journey to combine threat intelligence sources and defences to deliver the best possible security outcomes for the world’s critical infrastructure. By blending Mandiant’s threat intelligence and expertise with Nozomi Networks’ OT threat intelligence and tools, we can enable critical infrastructure organisations to enhance their threat intelligence and investigations for a stronger defence.”

Nozomi customers who wish to gain comprehensive access to real-time information about threats to their IT, OT and IoT systems now have access to an integrated threat feed that combines Mandiant’s threat intelligence with Nozomi OT threat intelligence. The expansion pack extends Nozomi’s OT and IoT threat intelligence by providing organisations with a deeper understanding of the coinciding IT threat landscape. This makes it possible to monitor and respond holistically to emerging threats for stronger security outcomes.

Vantage threat cards, also announced this week, are a presentation capability in Nozomi Vantage, the company’s cloud-based OT and IoT cyber management console. The cards change the way users access and derive value from threat intelligence feeds. These cards logically cluster and organise threat data, offering instant access to critical information such as threat descriptions, first and last seen dates, exploitation status and vectors, targeted industries and countries, Mitre ATT&CK details, and mitigation suggestions.

Users can swiftly narrow down threats by filtering based on specific countries and regions, ensuring they receive the most relevant information for their needs. The cards empower OT and IoT cyber teams to scan and filter key threat information, speeding up response times and enhancing accuracy. Analysts can easily input an IP address, domain name, hash or threat actor alias to identify any associated rules, streamlining the identification process.

The integration of Mandiant (www.mandiant.com) threat intelligence will be used throughout Vantage to enhance the offering even further. Updates to the vulnerability data include improved CVSS mapping, detailed summaries, lists of vulnerable products, exploitation details, Mitre ATT&CK details, workarounds and vendor fixes, and links back to threat cards and malware groups.

These enhancements ensure comprehensive coverage and deeper insights into vulnerabilities, enabling more effective threat management.

The expansion pack is available now for those using Nozomi Networks’ on-premises and cloud-based monitoring. Vantage users have the added benefit of accessing the threat intelligence feed through Nozomi threat cards.