The experience of Gruppo Sigla in the industrial networks sector and its attention to security issues have led Gruppo Sigla to establish a partnership with Nozomi, a leading company in the field of security visibility solutions in the OT and IoT sector. Through Nozomi products it is possible to have an immediate, updated and in-depth view of one's own network and immediately identify potential problems due to ongoing attacks or simple malfunctions, and act accordingly. Nozomi is a solution designed specifically for industrial networks, and as such has characteristics that best adapt to the needs that this sector requires. Each part of its architecture is designed not to interfere with the normal operation of the plants, since it is well known that in an industrial environment the highest priority is not to stop production.
Nozomi is based on a passive probe, that is capable of listening to network traffic without modifying or slowing it down in any way. This probe, called Nozomi Guardian, is the heart of the Nozomi system, and it is a physical apparatus (or virtual appliance) installed in the network, capable of identifying how the network assets talk to each other, and therefore build a network model accurate and updated. It is therefore possible to identify which devices, servers, applications speak with which others using which protocols. The list of devices and protocols recognized automatically by Nozomi is very extensive and covers the main vendors on the market.
Knowledge of the network is simply the starting point: through a constantly updated database of threats and sophisticated techniques of artificial intelligence (Threat Intelligence and Asset Intelligence), Nozomi is able to identify anomalous behavior or dangerous situations, and trigger alarms accordingly, eliminating the overhead of false positives. These alarms can be verified directly in the Nozomi console, or directed to a SIEM / SOAR for more in-depth correlations, or even, if desired, to intervene directly on the traffic by interacting with compatible firewalls. No direct action that impacts network traffic is taken by Nozomi, faithful to its policy of non-intrusiveness on networks.
The Nozomi interface consists of a configurable web dashboard (Central Management Console) through which it is possible to build screens of immediate impact and to identify the information collected by the system. Much attention is paid by Nozomi to a usable and intuitive interface, so you can immediately take advantage of the data. The networks are displayed graphically through interactive graphs; there are complete and flexible navigation and drilldown functions; the filter and search features are powerful and easy to use.