- Minimization of time spent on troubleshooting and analyzing security incidents
The overview of the “real-time” information, which the technology the Guardian offers, enables your company to react faster and more efficiently. That means that downtime is minimized and thus minimizing the consequences of an incident. Correspondingly, the reporting of an incident is easily accessible through a reporting module and dashboards in the solution.
- “Smart polling” – active scanning of Windows Servers
ICS-environments have numerous Windows components running and it is often a specific goal for hackers and malware, but this component is not included in the same update-cycle as IT. It is therefore important to watch the vulnerabilities that the OT-server platform is facing. “Smart Polling” is an active scanning feature that enables the delivery of more information about hotfixes, patches, etc., and thus enables the provision of specific information about which vulnerabilities the client has to respond to. “Smart Polling” can also detect USBs that are used in the server itself. “Smart Polling” is an add-on to Guardian.
- Integration to IT-security system with SIEM and firewalls
Guardian have different options in sending information for both SIEM and firewalls. Nozomi is in a working relationship with IBM Qraddar, Splunk, Arcsight, and LogRytherm to create a comprehensive overview of log information and incidents – both in the IT- and ICS environment. Nozomi has also entered a strategic cooperation with e.g. Cisco, HP Clearpass, Fortinet, and Palo Alto which entails firewall configurations being changeable according to the alarms that the Guardians dispatches.
- Flexible architecture with central management with CMC and Guardian units
The Guardian sits on the ICS network and collects a range of detailed information about the network, vulnerabilities and active devices in the ICS network. It is passive appliance, which sits on a “mirrored” port on one or more switches in the production network. Guardian is delivered either as a physical appliance or as a virtual appliance that can be installed on both Hyper-V, KVM, VMware and XEN platforms, and licensed by number of nodes, throughput and number of monitor ports.
- Central Management Center (CMC)
Nozomi also offers a central management platform, which allows for an overall overview of larger installations and perform the essential tasks from a central team. Rights management is offered so that certain persons responsible for a production facility have only the opportunity to manage this part of the entire Nozomi infrastructure.