Nozomi Networks Vantage OT & IoT Security Solution

I am a service provider handling the portal for Nozomi Networks  across 35 different sites. I use the dashboard, Vantage , Guardian , and CMC. I have configured everything and use the system as both a provider and a user because I need to share all alerts and notifications with my clients. I share asset inventory and vulnerability management details. We collaborate on what the architecture will be and what alerts or incidents are being reported, as well as how we resolve them. When it comes to vulnerabilities and patching, we mitigate all those risks from both a management and technical perspective.

The most valuable features are asset inventory management and vulnerability management.

I appreciate the level of detail provided when all the ingested traffic and asset details are displayed, including vendor information, firmware details, name, IP address, MAC address, and protocol type. There are maps showing what kind of communication is happening between devices. I get all the details about the overall traffic being received.

There is a live option where I can click and see real-time data. There are numerous dashboards that provide traffic analysis, vulnerability management, and asset details. Nozomi Networks  also has an AI version with IQ where I can ask for all the details I need. There are query sections where I can query things and export all the required data. The vulnerability dashboards give me an overview of what assets have exploitable critical CVEs, open CVEs, high scores, likelihood, different scopes, how many sites have them, and graphs based on criticality and exploitability. I like the threat intelligence of Vantage  that Nozomi Networks has. They also have site-wide distribution showing all the CVEs and their risk scores. Every section has details about sensors, alerts, and assets. This kind of detailed analysis is very comfortable for me with Nozomi Networks. I believe it is the best. I can recommend Nozomi Networks and Claroty to my clients. This is great.

On the negative side, I believe their AI, which is IQ, could be more improved. For example, when I export any data, there are only 50 columns available. What if there were more columns? Nozomi Networks does not provide that data, so I have to go to the query section. The AI is currently useful for writing queries in English that are converted into their coding language for queries. Sometimes it provides the correct data, and sometimes it does not understand the request. From my attempts, I would say 50 percent of the time it has given me the proper data, and 50 percent of the time it might need improvement. Every day or week, new threat intelligence and AI upgrades are being released for Vantage, and all those upgrades are being implemented. Things are getting better, but I believe there are areas of improvement.

I have been using Nozomi Networks for one to one and a half years.

Nozomi Networks is stable, but sometimes disruptions occur at sites. Sensors can be down, so I cannot see what is happening in the network. Network connectivity is always a critical consideration. In an OT environment, there are changes and maintenance windows. Sometimes the network is not stable, the firewall or DMZ is down, so the device is also down. I understand this is expected. Network connectivity is important, and Nozomi Networks should be placed where it is monitored. Nobody should be able to remove it. Sometimes vendors need to connect to the OT network, and if they know it is being monitored, they might remove the sensor to avoid detection of their activities. Nozomi Networks should be placed in a central location where it is monitored, and nobody should be allowed to access it without proper authorization.

Nozomi Networks depends on different sizing models. It depends on the assets, the facility size, how many assets there are, and how much traffic is ingested. The model varies depending on the assets and the sizing of the site. It is scalable. If there are more assets, I can purchase a bigger configuration of Nozomi Networks hardware. This is properly aligned. Nozomi Networks has different pricing models, so I can choose accordingly.

Nozomi Networks does provide help. When I am stuck somewhere, I raise tickets and they are resolved. However, it does take some time. Customer service could be more efficient. Sometimes they hesitate to come on a call. They have knowledge transfer documents and process documents. However, sometimes I have to explain what issues I am facing on chat, which can be difficult. Coming on a call and those kinds of interactions may take a little more time. This is something I felt could be resolved more quickly.

I have switched my company and I am not currently using Claroty. I am in the same domain, but I am using Armis  in my current role and Nozomi Networks for my customers.

I have been using Armis  for two years. I switched from Armis because of some demerits and moved to Nozomi Networks.

A year ago, I had been using Armis for one year, and because there were some demerits with Armis, I switched my customers to Nozomi Networks.

The setup depends on site to site. I have deployed it remotely, but I had people at each site who would deploy it. The configuration is medium difficulty, not very easy but not very tough. I should have some experience or an understanding of how the system works, how networks work, all the connections, what the architecture is about, and how to connect with the switch. I am now a Nozomi Networks certified engineer, so I know things accordingly. I am also certified with Claroty and Armis. If someone is new to Nozomi Networks, they might need guidance to install it. It is somewhat technical but not that difficult to learn.

I did use AWS  cloud for remote management. I deployed Nozomi Networks on AWS  cloud and also used it for CMC. I have used AWS as an integration of cloud to host the server of Nozomi Networks for both. It does require some integrations and alignment of the networks, but it can be done.

I was about to create the ROI for Nozomi Networks. I believe it provides strong value. We have detailed analysis of breach scenarios, the total number of breaches that happened, and the risk categories that Nozomi Networks is detecting. Nozomi Networks OT impact includes asset enumeration, lateral movement, PLC or HMI accesses, remote access misuse, and credential guessing. We have details about the business consequences, such as malware propagation, loss of process integrity, or any manipulation that might happen. The OT environment is vulnerable to process manipulations and insider or external compromises, depending on what external devices are connecting to the OT network or whether IT-OT segmentation exists. These details create budgetary considerations that are important. We also have vulnerabilities, both open and exploitable, with critical and high scores with CVSS scores of more than nine or more than seven, and which have known exploits. I get these kinds of details in Nozomi Networks portal.

Nozomi Networks and Claroty are on the expensive end of the market, so the client should have those budgets available.

I have used all of them, but I would suggest Nozomi Networks if it is for a large client. For critical systems or critical sites such as oil and gas, nuclear facilities, or water treatment plants, I would recommend Nozomi Networks and Claroty. For smaller size organizations, Armis and Dragos  can be used. For detailed analysis and when the systems and the site are more critical, I would suggest and prefer Nozomi Networks and Claroty.

Asset details are convenient because I have lots of information with respect to assets. Whenever I receive any alert, I check what the asset is about. For example, with any incident such as network scanning or multiple successful logins, there are all the details regarding what happened. It tells me what the possible cause was and what the solution will be. The details show what source is involved, what site and zone, what label, IP or MAC address, what ports are involved, TCP/IP or any other protocols. I can see if there is any user assigned to it with respect to site spokes. I can see the destination and all those destination site details. I can determine if it is internal traffic, external traffic going out from IT to OT, or traffic from any other site or any external devices. I can see what communication protocol is being used, the transport protocol, the threat severity, the network exposure, and the attack tactics. All these details are available. I have additional details such as when the attack happened or when the incident was reported, how the device was captured, which port it was detected on, and whether it is an easy attack that is not relevant so I can acknowledge it or trigger it. I have timeline details and can also leave comments about whether something is recurring so I can ignore certain attacks or incidents. All these details provide a proper audit trail for companies. For customer support, I would rate it at eight point five out of ten. I would also rate the overall product experience at eight point five. I would rate Nozomi Networks at nine points overall. When looking at the OT monitoring tool market, Nozomi Networks wins. Nozomi Networks and Claroty are both excellent solutions, which is why I rate it as nine out of ten.

We use Nozomi Networks  as an intrusion detection system for OT deployments, automation systems, and IoT systems such as medical equipment to protect medical systems and smart meters. We detect any anomalies in the network, whether in operation networks, IoT networks, or IT networks, and it is the best intrusion detection solution with its intelligence.

We work with Nozomi Networks real-time visibility feature and deploy the solution for our customers.

The real-time visibility from Nozomi Networks helps with threat detection for our customers because almost all customers have integrated this IDS into their SOC, so they are getting full visibility on any anomalies in the network and immediate intelligence on that.

Integrating Nozomi Networks with third-party systems gives visibility in the network. We connect this with a SOC and SIEM  solutions, and they have better visibility on the entire network.

Nozomi Networks brings the main benefits of visibility and control, asset tracking with full visibility of the assets in the network, and threat intelligence with anomaly detection, so they have peace of mind and the system is always on watch.

We are utilizing the machine learning in Nozomi Networks, which is part of the Nozomi Networks package. We are deploying it for the customers and they take care of the operation side. We do the implementation only.

Nozomi Networks has the best AI-based detection and intrusion detection solution. It is very robust, easy to deploy, and easy to use with a very user-friendly GUI and good support in terms of product and after-sales support. They have vendor support in our region, and they are the best when it comes to IDS solutions.

I would like to see improvements in Nozomi Networks, probably more AI-based integration and better native integration with SOC and SOAR  platforms.

I would like to see specific features included in the next releases of Nozomi Networks, such as improvements in threat intelligence. They have competition from Dragos , which I believe is better in threat intelligence.

I do not have much of an answer about the key differences of Nozomi Networks in comparison to other cyber defense solutions because I only work with Nozomi Networks. However, I heard from the market that they might lack in threat intelligence compared to Dragos . Other than that, I see Nozomi Networks as the best platform for customers, easy to manage, deploy, and operate. The cons might be that they lack some threat intelligence features that Dragos offers.

We have been working with Nozomi Networks  for four years.

We have faced downtimes, crashes, or performance issues with certain implementations. We had certain device card issues, but those were rectified immediately as an RMA was issued and addressed promptly. It is not that there are no issues at all, but they have been addressed, and that matters most.

Nozomi Networks is scalable. You can add more locations with more devices and integrate with the CMC, and that is not a problem at all. You can also have high availability if you want.

My experience with the technical support and customer service teams of Nozomi Networks is very good. That is one good part of Nozomi Networks.

We did not face many issues during the deployment process with Nozomi Networks. We did multiple implementations and it was all smooth.

For threat detection, we have an IPS solution for intrusion prevention. Nozomi Networks works as an intrusion detection system, and we have a prevention system with TXOne that can do virtual locking, along with many features. This is part of Trend Micro, so we sell it as an IPS and as a firewall with different technologies, including portable inspectors and their own threat intelligence platform.

I assess the impact of potential threats detected by Nozomi Networks as high because it is mostly deployed in critical infrastructure. It is a very critical technology that customers are using to be safe, ensuring business continuity, and that matters most for the industry.

Given my very rich experience with Nozomi Networks technologies, I would advise organizations considering it to look primarily into ICS system cybersecurity and IoT. They can also enhance their focus on enterprise IT security. I rate this product an eight out of ten.

We use Nozomi Networks  in our operational technology environment to manage the inventory of assets in our plants and conduct vulnerability assessments and risk quantification. It helps us identify communication that is not allowed between zones.

The most valuable features of Nozomi Networks  are the visibility of OT protocols and the versatility in finding the details of the assets feeding the tool. It is helpful because we can see all the traffic coming from the plants. We can distinguish what kind of traffic is our baseline, what is different from normal operation, and what is traversing the OT zone to the IT zone.

Nozomi Networks currently offers add-ons, such as ARP agents, that can be installed on machines to expand the information we receive from sensors. However, these are part of a licensing structure, which can be costly. It would be very helpful if these agents were available free of charge. The solution itself has no major problems, but this is a feature request I would make for improvement.

I have had experience with Nozomi Networks for three years.

I would rate the stability of Nozomi Networks as a nine out of ten. It is very good.

Scalability is straightforward and tied to the license. We have a batch of 5,000 assets, but deploying the Guardian  solution is unlimited. We can install the software image anywhere in any plant and still receive information.

I would rate their customer service at eight out of ten. While their support is good, we are looking for added value in a provider. I would like to see more proactive communication and campaigns from them to help us gain further benefits and visibility of the product features.

We previously used Tenable OT Security . We switched to Nozomi Networks due to price and architecture. Scalability is easier with Nozomi Networks, and the reporting part is integrated with the tools, unlike in Tenable, where it was separate.

The initial setup was very easy. We have a solution called Vantage  licensed by assets. We manage 5,000 assets and deploy the tool with Nozomi Networks software. We only need to connect a span port or mirror port from the network to start receiving information.

Nozomi Networks is priced moderately. Its cost is not too expensive, but it is not low either.

Nozomi Networks scores a nine out of ten overall. There is no perfect solution, but it is a solid choice for managing OT security.

I use this solution for vulnerability scanning in energy firms.

The time capsule feature is valuable.

I believe there is room for improvement regarding on-premises AI.

I have been using the solution for half a year.

The implementation was carried out by just two engineers.

I do not have ROI at the moment. It is too early to talk about it.

I considered alternative solutions such as Elastic and Curator.

I chose Nozomi because it is far ahead of other competitors, like Curator and Elastic. I would rate the overall solution nine out of ten.

There are different use cases, and it depends on the product and the customer. Usually, it is used for asset management and other features. Sometimes it serves as an IDS solution instead.

It has impacted security operations in a better way.

The network visualization feature of Nozomi impacts security operations positively. It is valuable for asset management, although there are probably better solutions for that.

I would like more customizable options for configurations. Creating custom queries is time-consuming. It would be beneficial if more options were added for easier configurations.

Personally, I have been familiar with Nozomi Networks  for a couple of years.

I am not involved in daily operations. As far as I know, Nozomi Networks  is considered to be of good quality. The product is stable and doesn’t usually require frequent technical support interaction.

I don't deal with technical support on a daily basis. However, the product itself is stable, so there is usually no need to contact support.

The initial setup is straightforward for a basic configuration. However, custom configurations can be quite complex and time-consuming.

It is probably mid-range in pricing. It's not cheap, yet it is also not super expensive either.

I'd rate the solution seven out of ten.