Live Demo: The Nozomi Networks Platform in 15 Minutes
Register Now
To ensure that we will continue to earn your trust every day, you can count on us. We develop, deliver and operate security and visibility products for operational technology systems with the highest achievable level of quality, security, integrity and availability.
We also strive to protect corporate information, personal information, and customer data against loss, unauthorized access and disclosure.
To deliver on our commitment to you, we rigorously follow industry best practices and regulatory guidelines related to product security and information security.
Within our software development life cycle and after release, we utilize several processes to identify potential product security issues
Adhere to the international standard ISO 9001:2015 for quality management and versioning conventions to ensure consistency, traceability and reproducibility
Scan our entire code base regularly with automated tools to find potential vulnerabilities
Use third parties to scan our product for potential vulnerabilities after release
Follow best practices for secure software development, according to the ISO 27001:2013 standard
Monitor disclosures related to third-party software used in our operating system
Provide checksums of the compiled code for customer validation
Conduct internal vulnerability assessments on the continual build process
Ship our system image with a hardened and continually tested configuration
After release, the Nozomi Networks Product Security Incident Response Team (PSIRT) is responsible for coordinating the investigation of any potential vulnerability in our products. If a security researcher discovers a potential vulnerability or security risk in one of our products, the PSIRT works with the engineering team to investigate the issue and identify any remediation when appropriate (our Incident Response Policy describes our approach in more detail). Nozomi Networks customers can contact the Nozomi Networks PSIRT directly using our GPG key to report any emerging vulnerabilities in their specific environments.
Remediation can be in the form of a software update and/ or a temporary workaround. We tightly control information about any potential issue until remediation is available to avoid exposing our customers to security threats while a fix is in development.
Once we make a solution available, we notify our customers about the issue and update the Security Portal.
To secure all information assets, which includes all data we may collect from our customers, we use the Information Security Management System (ISMS) in support of the international standard ISO/IEC 27001:2013. To preserve the confidentiality, integrity and availability of our information, we have established and enforce a range of policies and procedures.
At Nozomi Networks we are very aware of potential risks introduced with supply chain dependencies. We develop all of our software products in-house. In those cases where our products rely on third-party code to operate, we have customized our systems to minimize its use and the risk exposure.
We assess all third-party products and providers associated with our business operations with a comprehensive due diligence program.
We carefully select, screen and evaluate our Nozomi Networks employees against the ethical standards of the company. We seek and retain top cybersecurity talent from around the world to contribute to the development of our products and the security of our network infrastructure.
They also deploy our product into our customers’ networks, investigate incidents affecting our customers, and conduct research into the latest threats and trends. The combined result of different teams’ efforts is that we have developed additional proprietary and non-public methods of protection against cyber threats.
These methods enhance the cybersecurity of the product and network security processes and policies described above.
We are committed to complying with relevant regulatory standards and industry best practices that improve security for critical systems. Our initiatives in this area include:
We are committed to complying with relevant regulatory standards and industry best practices that improve security for critical systems. Our initiatives in this area include:
Nozomi Networks has certified information security management systems that show that we do as much as possible to reduce identified risks to an acceptable level and manage them effectively.
ISO 27001: 2013 Certificate – IQNetISO 27001: 2013 Certificate – SQSNozomi Networks actively contributes to this standard which defines secure-by-design components for power grids. Examples include end-to-encryption, user and identity management, and networking monitoring systems.
Nozomi Networks is a founding member of this group dedicated to advancing the adoption of IEC ISA 62443 automation and control systems cybersecurity standards.
Nozomi Networks has achieved SOC 2 Type 1 certification in August 2021 and SOC 2 Type 2 certification in March 2022. For the latest available SOC 2 Type 2 report, contact compliance@nozominetworks.com.
Nozomi Networks Guardian sensors have undergone rigorous auditing and testing by the French Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) and been awarded the Security Visa for CSPN certification for its Guardian NSG-M (product version 21.3 certification report ANSSI-CSPN-2021/28).
If you are a customer and you would like to request an SBOM for our products, please visit our support portal.
Support Portal
