Note: on July 23rd 2019, SCADAguardian was renamed Guardian, and SCADAguardian Advanced was renamed Smart Polling.
As I travel the world visiting customers and prospective customers it’s satisfying to see the value that Nozomi Networks products are bringing to industrial organizations. Whether I’m at an oil and gas company in North America or a mining operation in Brazil, asset owners tell me they’ve been able to improve ICS network visibility and cyber security using our SCADAguardian and Central Management Console.
I am also seeing the state of industrial cyber security changing. While the majority of our customers are completely satisfied with the passive solution we provide, some industrial operators have matured their capabilities.
These “cyber-sophisticated” organizations represent a market that is now in line with a vision our team has had for a number of years. That vision is to provide a separate platform that combines both passive and active capabilities, to discover and monitor a more complete set of ICS data.
Until now, such customers were either unable to leverage active techniques to get maximum visibility, or they would have to risk uptime and reliability by using a solution with a noisy, intrusive active component. Now, they can have the best of both worlds.
Today I am proud to announce a new, additional product line, SCADAguardian Advanced™ (SGA). It builds on SCADAguardian’s passive capabilities, adding active querying for a hybrid solution. SGA uses Smart Polling™, an active technique that uses low volume, very surgical communications to further identify and describe assets, vulnerabilities, and threats.
SCADAguardian Advanced Addresses the Need for Full ICS Network Visibility
Nozomi Networks’ technology is built out of a passionate belief in the value of passive analysis of network communications to provide asset discovery and industrial control network monitoring. This approach shines a bright light into previously dark OT networks and is providing real value today to our customers through improved situational awareness, asset inventory and ICS threat detection.
Over time, however, some of our more advanced customers have integrated the value delivered by SCADAguardian into their operational and security practices and are ready to move to the next level. They have also developed a deep trust in Nozomi Networks as a technology partner and have asked us to safely shine a brighter light into their networks, and to include some areas that need more focus.
Thus, with rapidly maturing ICS cybersecurity programs and escalating threats to these networks, the time is right to introduce an additional product line that combines passive technologies with an ICS-safe active approach.
SCADAguardian Advanced: Safe Deployment, Surgical Functionality
SGA is a distinct and new product line and its active capabilities are implemented in such a way that they involve very low volume, surgical queries (Smart Polling). Customers can rest assured that SGA will not cause harm to their network devices or processes.
With SGA, customers will achieve full asset visibility. For example, if device communication is infrequent or lacks details, it might not be possible to determine its firmware with a passive-only approach. Now, with Smart Polling, SGA requests the firmware version and updates the device’s profile to include it. Similarly, SGA can determine the patch level of firmware, confirming whether a vulnerability has been dealt with or not.
In addition, customers have maximum control over the use of the Smart Polling capability. Upon installation they can select an easy-to-use default configuration, or they can use a control panel for precision application, designating it to be active for only selected areas of the industrial control network, or for certain devices.
Nozomi Networks Hybrid Approach Delivers the Best Solution
At Nozomi Networks our philosophy is to tackle problems from every angle and combine approaches to deliver the best solution. For example, we were the first vendor to provide hybrid threat detection. This method combines behavior-based anomaly detection with rules-based threat detection to identify cybersecurity and process risks. Furthermore, detection results are correlated and combined with operational context to provide detailed insights and fast remediation. Our customers describe the result as “the best ICS threat detection” in the market.
Similarly, with SGA, we are delivering a solution that provides full asset information by combining passive network monitoring with a safe, active approach for the best overall solution.
Delivering Choice in Deep ICS Network Visibility
SGA is in beta test now at multiple large industrial sites around the world and it will ship in Q4 2018. A migration path exists for companies who want to add SGA to their ICS security program.
A passive solution is the right choice for most organizations, and SCADAguardian will continue to be available as a completely passive product line. It will also continue to evolve and receive ongoing investment.
SGA, on the other hand, is an excellent choice for operators who want the fuller level of visibility that comes from the use of a combination of passive and safe active techniques. It provides enhanced ICS visibility and monitoring, and does it in a way that does not disrupt network devices or processes.
We’re proud to be innovating at the forefront of ICS cyber security, delivering the most advanced solution to those customers who are pushing boundaries to secure their industrial critical infrastructure.
If you are interested in either the SCADAguardian or the SGA product line, I urge you to contact us – we’d love to discuss them with you.