Nozomi Networks has announced that its Threat Intelligence is now available for use with third-party cybersecurity platforms. Previously only available for use with Nozomi Networks Guardian and Vantage products, now other cybersecurity platforms can leverage the same Nozomi Networks research and intelligence to improve defenses against recent and emerging OT, IoT, phishing and ransomware threats. “With its Threat Intelligence feed, Nozomi Networks continues to raise the bar with actionable intelligence that has the flexibility to easily integrate and scale OT, IT and IOT cybersecurity environments”, said Frost & Sullivan Senior Security Analyst Danielle VanZandt. “Beyond ICS use cases, it’s a solid option for IoT customers that have other security environments or automation platforms, and for IT environments beyond the reach of Nozomi Networks existing customer base.”
Nozomi Networks Threat Intelligence Feed includes up to date information on malicious IP addresses or URLs, new indicators of compromise (IOC) signatures, threat sources, malware hashes, and methods and tactics to gain system access, all of which can serve to accelerate incident response and enhance security operations. With a subscription to the feed, customers can leverage a single, unified feed of threat intelligence across other layers of their security stack including:
- Integrating the feed into their security operations center (SOC)
- Complementing their existing threat research with a deeper level of OT and IoT intelligence
- Enhancing Security Information and Event Management (SIEM) environments to identify new IOCS, and
- Improving Security Orchestration, Automation and Response (SOAR) and firewall rules
For example, a global manufacturer in the healthcare industry is feeding Nozomi Networks Open Threat Intelligence into their Azure Sentinel SIEM to identify new IOCs. Their SOAR platform is then able to update their Palo Alto Networks firewalls with new isolation rules based on the IOCs. Nozomi Networks Guardian platform further updates the SOAR platform with the most recent asset information on the potentially compromised system, its security posture and quarantine status.
“Nozomi Networks’ vision is to empower our customers to do more with the data we observe and collect,” said Andrea Carcano, Co-Founder and Chief Product Officer at Nozomi Networks. “Our new Threat Intelligence feed makes it possible for customers to leverage our data and intelligence for better analysis, security automation, policy enforcement or integration into other tools and dashboards. More flexibility means more security and more ways to apply Nozomi Networks intelligence.”
The new Nozomi Threat Intelligence feed is compliant with a wide range of security platforms from SIEM tools to next-generation firewalls and endpoint detection and response systems.
Discussion about this post