For this Company Spotlight, we interviewed Nozomi Networks’ CEO, Edgard Capdevielle, and CMO, John Vincenzo, about how the company is bridging the cybersecurity gap between operational technology (OT) and IT. Nozomi Networks accelerates digital transformation by protecting the world’s critical infrastructure, industrial and government organizations from cyber threats. For more information on Nozomi Networks, please visit www.nozominetworks.com.

Background: Companies are recognizing that the number of attacks and vulnerabilities have risen to the point where they understand that it’s not a matter of if, but when they’ll need a security solution to address the risks. With the proliferation of devices connecting within organizations and the expanding threat landscape, IT and OT professionals alike are understanding that if they can’t see it, they can’t defend it so addressing visibility and security is a top priority to help maintain operation resiliency.

Founded in 2013, Nozomi Networks began by providing AI-powered cybersecurity services to industrial control systems (ICS) in the power generation industry. As complex industrial facilities continued to implement more “connected” devices, there became a growing need for the same type of cybersecurity solutions for “Internet of Things” (IoT) devices as well. Over 3,400 installations covering over 44 million devices globally later, Nozomi has deployed its OT cybersecurity offering across several industries, including oil & gas, pharmaceuticals, mining, and utilities.

Value Proposition: Because OT devices are typically low-power and less sophisticated compared to IT devices, IT cybersecurity used in the corporate world is not able to protect plants and field locations. Ranked #1 by customers in Gartner Peer Insights, Nozomi’s OT & IoT cybersecurity solution includes the following unique features and technology: 

1. High OT/IoT Compatibility:  Nozomi has developed parsers to be able to understand and communicate with hundreds of OT protocols and thousands of IoT devices. This enables Nozomi to work with the vast majority of IoT devices, which facilitates the easy scaling of the platform within its customers’ operations.

2. Operational Visibility:  Nozomi’s platform also maps the devices by type and communication path through its patent-pending Graph technology. This allows customers to “see” behavior and prioritize actions throughout their entire system via user-friendly dashboards and reports.

3. AI-Powered Threat Detection:  Once all the IoT devices and the communication between them is visible, Nozomi then applies advanced AI and machine learning to determine what is “normal” behavior and what anomalies are security threats. This rule-based detection engine continuously learns and improves, which enables Nozomi’s technology to also detect zero-day attacks (novel security threats).

Recent Trends: Over the last couple years, the following trends have significantly increased the demand for OT cybersecurity solutions, such as Nozomi’s technology: 

1. Remote Access:  Since working from home has become more ubiquitous, personnel requiring remote access to critical infrastructure, such as power plants, has gone from just a very small percentage (<5%) of the critical infrastructure workforce to the large majority (>75%). Now that the remote working trend is here to stay, risk management and cybersecurity personnel must understand and manage these operations more like their corporate IT department.

2. Distributed Networks:  With industrial operations continuing to become more automated and connected, the number of devices that are at risk of being attacked and compromised is increasing at an accelerated rate. Further, critical infrastructure is becoming more decentralized (e.g., electricity being generated through solar panels on commercial and residential properties rather than at power plants).

3. OT Coming into Purview of CSO/CIO:  As industrial digitalization continues to be more prominent, IoT and OT security is capturing more attention of chief security officers and chief information officers. Given that IT cybersecurity companies don’t have industrial expertise, CSOs and CIOs are having to look to companies like Nozomi to ensure their OT networks are just as protected as their IT networks.

Closing Thoughts: As one of the few solutions that was built from the ground up with an OT perspective in mind, Nozomi has earned the trust of many of the leading companies in the oil & gas, pharmaceuticals, mining, and utilities sectors. We look forward to following Nozomi, as it continues to educate companies about OT cybersecurity risks and how it can minimize them.