“First let's take a picture of the situation: indeed let's directly make a video with Nozomi Networks!”

A cyber security assessment doesn't have to be a photo. It must be a video to show how traffic volumes move across the network between end points, supervisory systems and the enterprise network (and the CLOUD).

“A picture is worth a thousand words”. How many times have you heard this expression attributed by some to Mao Tse Tung, who however seems to have "cloned" it from the wise Confucius.

For Cyber ​​Security, especially OT, so far one of the first recommended activities to do to secure an industrial, factory automation or process control network, in industry as in utilities was: "Take a nice picture of your network , where you can see all participants, nodes, connected devices, switches, routers, etc.” Then we expect a good report (of 1000 or more words?) where I find indicated what you "think" could be the critical points that have been found in the "photo".

Now we have available much more effective and decisive tools: tools that make a continuous video and, if left active, continue to record for us, and then show us in "real-time", everything that (most likely) is wrong on our factory network. I took the liberty of putting "most likely" in brackets, because despite all the ML (Machine Learning) and AI (Artificial Intelligence) algorithms, false positives/negatives are still possible: this is where our brain comes in handy to better identify and understand what these wonderful and powerful tools are telling us.More recently it has been seen that the photo is useful, but proposes the "as-is" situation the moment the photo is taken. How to say today: swab for Covid19, tomorrow or later you will have the result. Which will most likely be negative, but it's a "photo" from two days ago. I wonder if I'm still negative today...

Just like one video surveillance tool installed in an opening to be monitored: for hours, days, months, it always captures the same places, people, vehicles, passages via cameras, perhaps without anything happening. Then it suddenly indicates that "something strange" is going on that requires our attention. And we can see if someone has actually entered who shouldn't have access, what he is doing and what countermeasures to put into play.

These tools specially designed and developed for the OT and IIoT industrial world, today they are already available on the market at affordable prices, they are powerful and already recognize many "suspicious behaviors", they track vulnerabilities, identify threats and every day they are increasingly rich in information, continuously learning through Machine Learning, both on your network and out of many around the world.

What is ServiTecno's proposal in this area? Nozomi Networks!

Nozomi helps you to reconstruct the scheme of your architecture, defining the relationships between the various terminals, the traffic volumes and the functional scheme: monitor your network and discover every single anomaly.

The solution Nozomi Networks improves the resilience of ICS systems and provides real-time operational visibility: it will help you define White Lists and detect threats, variations and changes in production processes (and beyond).

Nozomi is one passive technology that does not slow down or affect the process in any wayindeed it can even work offline with backup data.

From today also in the modality SCADAguardian Advanced ™ (EMS). It builds on the passive capabilities of SCADAguardian, adding active queries for a hybrid solution. SGA uses Smart Polling™, an active technique that uses low-volume, highly surgical communications to further identify and describe assets, vulnerabilities, and threats.