Nozomi Networks Vantage OT & IoT Security Solution

My main use case for Nozomi Networks is asset tracking. I use Nozomi Networks day-to-day primarily for threat detection.

For threat detection in my work, I track vulnerability based on CVE codes and easily manage the status of the required patch.

The best features Nozomi Networks offers include its querying capabilities.

The querying and searching capabilities are most valuable to me, which makes my job easier when monitoring network traffic.

Nozomi Networks has positively impacted my organization by ensuring my assets remain secure.

Since using Nozomi Networks, it immediately identifies application patches and CVE codes, leading to fewer incidents and improved response times.

I do not have any suggestions for how Nozomi Networks can be improved.

I have been using Nozomi Networks for two years.

In my experience, Nozomi Networks is stable.

I believe Nozomi Networks' scalability may be a concern.

The customer support is good.

I would rate the customer support a 10 on a scale of 1 to 10.

I have not used a different solution before Nozomi Networks; I have only used Nozomi Networks.

I mention fewer employees needed when discussing the return on investment.

My experience with pricing, setup cost, and licensing for Nozomi Networks is that I think it is a bit expensive, but it is reliable.

Before choosing Nozomi Networks, I did not evaluate other options.

I would definitely recommend Nozomi Networks for security to others looking into using it.

I would rate this product a 10 on a scale of 1 to 10.

I have been involved in projects that used Nozomi Networks for Italian companies. At Advance, for example, we used it extensively, but in Italy, it is a brand that is quite expensive for many companies because the majority of the market is composed of small and medium companies, so a budget for Nozomi Networks is not very often available.

When I have used it, I implemented it for OT and IoT environments in public administration in Rome. We conducted a trial and were followed by a Nozomi Networks technician directly here in Italy. Guardian takes all the information that it receives from the appliance that you have deployed, and after you have all the data, you can put it into your SIEM and or SOAR, even if SOAR is not a good idea to have in use in OT and IoT.

In this particular customer, we had more or less 2,000 devices spread all over the city because they follow the traffic and also the parking and the IPTV cameras that are spread around the city in Rome. We deployed one Guardian and two remote devices that catch all the information that arrived from the devices spread all around the city. We conducted this kind of proof of concept in order to acquire and purchase Nozomi Networks instead of some other competitors.

Another case that I have seen was a really interesting demo with my previous company. We created it using Nozomi Networks and also Rapid7 as a SIEM. We managed a really small beer production facility. We simulated a threat actor that was introduced into the farm. After we deployed Nozomi Networks, we showed the people how it works and what the main features of the product are, how it can overview all the nodes using the probes. The probes can send data to one unique central console that is named Guardian. After that, Guardian can send data, raw data to your SIEM in order to process it and have SOC services that can guarantee the complete overview of your infrastructure.

Nozomi Networks is the easiest to use, with the capability to build really quickly an overview of your infrastructure. You can have an inventory of all your OT and IoT devices. It is based on a really solid code instead of many other competitors that were born recently. Today, it is recognized as the milestone to follow, the GOAT in this kind of environment.

Really often people do not know what they have put in place in their infrastructure. Especially in OT and IoT, you have to look into the complete environment in order to have a complete inventory. So, Shadow OT, which I have spoken about many times in terms of devices instead of Shadow IT in terms of applications, is a valuable feature.

Starting from scratch, they did not have any kind of tool that takes care of OT and IoT. Starting from scratch implementing Nozomi Networks, people were really happy because they have seen for the first time all their infrastructure. They have seen for the first time the complete inventory of all devices that were spread into their network. Today they are really happy to feel safe and to be sure to have it all under the control of our SOC services.

Nozomi Networks can be improved in many points. First of all, reduce the cost. That is really important because many companies are not so huge and many companies cannot acquire this kind of licensing. The second improvement would be to have a much more solid and robust IT solution, something that works like a network detection and response, even if Nozomi Networks was not born for this.

Nozomi Networks is absolutely scalable because you can introduce some other probes into your environment. You can also put some Guardians on-premise or have the SaaS solution that manages everything.

I have always tried to sell Nozomi Networks instead of other competitors from Israel, for example, because I trust in this kind of technology. Although Nozomi Networks is not so up-to-date for IT infrastructure, it is used in OT and IoT environments. It is a really good brand.

This kind of appliance is not so difficult to manage and not so specific. The customer is happy because today they have all things under control.

I am actually looking at another solution that is named LEX. It is another completely Italian solution and it is much cheaper than Nozomi Networks, but at this moment, it was born as a network detection and response. Now they are also working on OT/IoT protocols, CANbus, and all the other industrial protocols. For the moment, I think that if you have a really solid infrastructure and you are managing a more or less big customer, you have to choose Nozomi Networks.

Another customer was also evaluating another Iranian solution. At this moment, I cannot remember the name, but it is really famous.

Nozomi Networks works like a charm and works as expected. It is interesting to receive data from CTI and organize it in your infrastructure using the AI algorithms that can really save a lot of time for a SOC operator or SOC analyst. The capability is really good.

Nozomi Networks is not as expensive as some other players like Darktrace, even if they do another job, but it is not so cheap either. I think that Nozomi Networks needs to have some discounts, additional discounts for some environments.

SOC analysts are much happier because they already have good and clean data. In this way, they can reduce the mean time to acknowledge and the mean time to detect.

Be sure that the probes are installed in the right network points. That is the most important thing I can advise.

I would rate this product an eight out of ten.

I primarily use Nozomi Networks for two main use cases in our environment: OT asset visibility and inventory management, as well as threat detection and anomaly monitoring, which is very important for our operations.

For OT asset visibility, in our compressor stations, we are connected to Nozomi via a span port in the Nozomi collector, and that collector sends data to Guardian, which we use there. With this setup, we can easily investigate our alert triggers. For threat detection at our pipeline block valve station, which is very useful for us, the baseline is the SCADA system, specifically the Honeywell SCADA we use. In this SCADA, periodical read commands on RTUs arrive, and sometimes these commands are unusual. For anomaly control command detection, which identifies unauthorized sources from different places, Nozomi is very helpful with Guardian as well as the CMC, which also shows us the dashboard.

Additional high-impact use cases for Nozomi Networks that I see in pipeline operations include Nozomi flagging some PLCs receiving new types of commands that we sometimes have never seen before. The inbuilt root cause analysis incidents and the IT/OT attack path vector detection are features I need to add to our use cases, making it much easier to maintain our window validation and related processes.

Regarding the learning curve for new users of Nozomi Networks in my organization, training is required, but the platform is user-friendly. I recommend training for all site locations, which is very helpful. The learning curve is moderate, and users can learn effectively with the necessary training.

Nozomi Networks plays a critical role in my environment for incident response and remediation by providing early detection, deep visibility, and actionable insights. In an OT environment, where responses must be controlled and careful, Nozomi proves to be invaluable, and I appreciate its capabilities.

Nozomi Networks has positively impacted our organization since we are in the asset owner environment. The first thing I noticed before was the lack of full OT visibility, which is the biggest impact to gain and understand more deeply our asset-related environment, and it is also facilitating faster threat detection and response, which I appreciate. This capability enables me to create a stronger incident response capability or response procedure for our OQGN environment, which is very helpful in reducing operational risks and enhancing our OQGN environment.

Regarding the reduction in operational risk, I have seen a significant example where the mean time to detect has reduced to minutes. Before, the mean time to detect was almost 30 minutes to one hour, but now it typically takes five to ten minutes, which is substantial. The response time has also reduced by 50 to 60 percent after implementing Nozomi Networks; those are the two key improvements I observe before and after its implementation.

Nozomi Networks significantly supports collaboration between IT and OT teams in my organization by providing a unified visibility platform. Both teams are able to see everything Nozomi offers on a single platform, the CMC, which I mentioned earlier. This facilitates our collaboration and provides actionable insights to our IT teams, helping maintain the operational context of our OT environment and coordinate effectively with the SIEM.

I have seen a clear return on investment with Nozomi Networks, as it measures and manages our risk reduction as well as operational continuity and efficiency. It significantly aids in time-saving; for example, before Nozomi, identifying the root cause of network or process issues took several hours or even days, especially with limited visibility for IT or OT teams. After implementing Nozomi Networks, those issues are resolved within minutes rather than hours due to real-time visibility and traffic analysis enabled by Nozomi Networks.

The best feature Nozomi Networks offers, in my opinion, is deep OT protocol intelligence, which is very effective for our OT environment. The second important feature is the agentless and passive OT visibility, which creates a very crucial role in critical environments because if you set up something inbuilt in your environment, it is not worth and not acceptable for all asset owners. Due to this reason, the third feature is the behavioral baseline with very low false positive alerts, which detects issues and does not show false alarms on the CMC dashboard.

Overall, Nozomi Networks is effective at identifying unknown threats or zero-day vulnerabilities. It has strong performance in that area, although I did encounter one case where something abnormal was not detected immediately. However, overall, it is strong for zero-day detection and unknown threat visibility, though the false positives remain a challenge that all organizations face, especially in the initial stages.

I see challenges with Nozomi Networks mainly as a detection or visibility tool, but it does not actively block traffic by design for safety reasons. If it detects any abnormalities, it suggests using firewalls, NAC, or manual actions at the time of threat detection. For deeper asset context beyond the network layer, it does not provide that for engineering systems, and sometimes it falls short in SMTP. The main challenges I have noted are cost and scaling considerations; sometimes, clients directly deny requests for additional integration due to Nozomi Networks' high costs.

Regarding Nozomi Networks' AI capabilities, I have a mixed opinion. On one hand, I think it is very effective and helpful in strengthening Nozomi Networks itself, but on the other hand, I see potential risks and gaps in governance that are easily detectable. For AI in governance, I recommend creating strong controls along with privacy awareness, data security, operational safety, and most importantly, AI transparency. Much transparency with limited external visibility would be beneficial.

Integrating Nozomi Networks with our existing systems was relatively easy at level three due to established tie-ups, but I faced issues when integrating at level two with some OEMs, like Emerson, who do not allow deep dives for monitoring and collecting all data from Nozomi Networks from the tap one.

I have been using Nozomi Networks for almost more than four years.

Nozomi Networks has proven to be very stable and comfortable in my experience.

In terms of scalability, Nozomi Networks is well-suited for large-scale OT environments, accommodating hundreds and thousands of assets and nodes. This suitability applies particularly to the oil and gas sector as well as manufacturing and utilities, so my recommendation is that it has very high scalability capacity, ease of scaling, and flexibility.

In the Middle East, the customer support provided by Nozomi Networks is very good. However, I personally faced some minor delays a couple of times, but they were acceptable and not much of an issue.

I worked with different organizations and used various solutions previously, including Armis, Microsoft Defender for IoT, and Claroty. There was no particular reason to switch solutions because I simply changed organizations, which used different solutions for their IDS and IPS.

Nozomi Networks is easy to manage updates and maintenance for since it is deployed on-premises, providing us internal control. This offers flexibility, but it also requires proper planning and coordination with Nozomi Networks vendors and teams directly involved in integration. This makes it helpful to manage manual efforts effectively and supports our critical infrastructure environment.

My experience with Nozomi Networks in terms of pricing and licensing is that it is generally a premium solution, not a standard one for all organizational needs. It is more than a typical premium solution, specifically focused on IT and OT systems in our critical infrastructure environment. The pricing is slightly high, which influences smaller organizations' decisions against implementing Nozomi Networks.

Prior to choosing Nozomi Networks, I evaluated a few options, including Claroty, which I deemed not considerable in the Middle East. I also looked at Armis, where I found limited visibility and poor service in the region, and Dragos, which has higher pricing compared to Nozomi Networks. Therefore, I recommended implementing Nozomi Networks for our needs at OQGN.

I rate Nozomi Networks overall a nine out of ten.

I give it a nine because, while it excels not just for asset inventory detection and related areas, there is one gap I have noted and shared with you. That is why I deduct a point, making my rating nine out of ten.

For me, Nozomi Networks has high reliability and moderate to high accuracy, which I believe is the right trade-off for our OT environment.

I advise others looking into using Nozomi Networks that it is scalable and provides excellent support and services, so I recommend configuring Nozomi Networks in your environment, whether for large-scale or small-scale industries.

My main use case for Nozomi Networks is that I have experience with implementation, designing, and configuration.

The best feature of Nozomi Networks is that it has built OT-oriented protocols such as OPC UA, DNP3, Modbus, and Siemens S7. For these protocols, Nozomi Networks identifies them very perfectly. They have designed this specifically for OT-based protocols.

The second valuable feature is network visualization. It provides you a complete graph of all assets connected across the system, showing which nodes are connected, which systems are connected, how many nodes each system has, and how many network elements exist.

Nozomi Networks allows you to customize IDS and IPS. Additionally, there is a tool called YARA, which is used for threat detection over the file system. Asset inventory in Nozomi Networks is useful for OT compliance processes.

With the Asset Intelligence license, the system will start polling each asset and collect complete information about it, including software version, firmware, hardware, and model details. It also has an AI model built in.

The potential area of improvement I see for Nozomi Networks is that there are many unknown malwares that cannot be identified because they are not updated in the National Vulnerability Database. Those malwares can infiltrate your system, which Nozomi Networks cannot identify.

My suggestion is that Nozomi Networks' operating system should be inbuilt with AI and machine learning. Even though many malwares exist, modern malware can bypass endpoint detection and all security elements. Those malwares should be identified with advanced AI and machine learning. I believe Nozomi Networks needs to work on this continuously.

Regarding the functionality of Nozomi Networks, the query syntax is very complicated. The syntax of the queries is very complex, so sometimes you will not get what you want. The command line functionality is not as good as it could be.

I have been working with Nozomi Networks SCADA Guardian for three to four years.

I would rate the stability of Nozomi Networks as eight out of ten.

I would rate the scalability of Nozomi Networks as good because whatever hardware you use, it would be Nozomi Networks-based and scale accordingly.

I would rate Nozomi Networks' technical support as ten out of ten.

I would describe the initial setup of Nozomi Networks as very simple. Within three to four hours, you can complete the setup.

It is easy to integrate Nozomi Networks with third-party systems. It supports Cisco, Fortinet, Palo Alto, and Juniper, and it can be integrated with CrowdStrike, SIEM solutions, and Microsoft Sentinel. One feature I found valuable in Nozomi Networks is that there is a built-in vulnerability assessment feature, whereas in IT we typically use Nessus or Qualys for vulnerability assessment.

People use Nozomi Networks for OT cybersecurity. There is a subscription called Vintage that, if purchased, will provide you AIML-based threat detection and threat identification. Different subscriptions and licenses are available.

The pricing of Nozomi Networks is good. I would rate it as nine. Compared to Dragos, Nozomi Networks offers good value.

I am working with Nozomi Networks in both deployment models: hybrid and fully cloud-based.

In OT environments, the barriers that exist for using a cloud-based model with Nozomi Networks are regulatory restrictions. We cannot go directly to the cloud because of these regulations and cannot access the cloud in certain contexts.

I am not aware of how to integrate Nozomi Networks with AWS and Azure. Since Azure and AWS deal with IT components, when it comes to OT components, you need to create a barrier between IT and OT. You need to create DMZs and some kind of filtering.

My overall review rating for Nozomi Networks is nine out of ten.

I am a service provider handling the portal for Nozomi Networks across 35 different sites. I use the dashboard, Vantage, Guardian, and CMC. I have configured everything and use the system as both a provider and a user because I need to share all alerts and notifications with my clients. I share asset inventory and vulnerability management details. We collaborate on what the architecture will be and what alerts or incidents are being reported, as well as how we resolve them. When it comes to vulnerabilities and patching, we mitigate all those risks from both a management and technical perspective.

The most valuable features are asset inventory management and vulnerability management.

I appreciate the level of detail provided when all the ingested traffic and asset details are displayed, including vendor information, firmware details, name, IP address, MAC address, and protocol type. There are maps showing what kind of communication is happening between devices. I get all the details about the overall traffic being received.

There is a live option where I can click and see real-time data. There are numerous dashboards that provide traffic analysis, vulnerability management, and asset details. Nozomi Networks also has an AI version with IQ where I can ask for all the details I need. There are query sections where I can query things and export all the required data. The vulnerability dashboards give me an overview of what assets have exploitable critical CVEs, open CVEs, high scores, likelihood, different scopes, how many sites have them, and graphs based on criticality and exploitability. I like the threat intelligence of Vantage that Nozomi Networks has. They also have site-wide distribution showing all the CVEs and their risk scores. Every section has details about sensors, alerts, and assets. This kind of detailed analysis is very comfortable for me with Nozomi Networks. I believe it is the best. I can recommend Nozomi Networks and Claroty to my clients. This is great.

On the negative side, I believe their AI, which is IQ, could be more improved. For example, when I export any data, there are only 50 columns available. What if there were more columns? Nozomi Networks does not provide that data, so I have to go to the query section. The AI is currently useful for writing queries in English that are converted into their coding language for queries. Sometimes it provides the correct data, and sometimes it does not understand the request. From my attempts, I would say 50 percent of the time it has given me the proper data, and 50 percent of the time it might need improvement. Every day or week, new threat intelligence and AI upgrades are being released for Vantage, and all those upgrades are being implemented. Things are getting better, but I believe there are areas of improvement.

I have been using Nozomi Networks for one to one and a half years.

Nozomi Networks is stable, but sometimes disruptions occur at sites. Sensors can be down, so I cannot see what is happening in the network. Network connectivity is always a critical consideration. In an OT environment, there are changes and maintenance windows. Sometimes the network is not stable, the firewall or DMZ is down, so the device is also down. I understand this is expected. Network connectivity is important, and Nozomi Networks should be placed where it is monitored. Nobody should be able to remove it. Sometimes vendors need to connect to the OT network, and if they know it is being monitored, they might remove the sensor to avoid detection of their activities. Nozomi Networks should be placed in a central location where it is monitored, and nobody should be allowed to access it without proper authorization.

Nozomi Networks depends on different sizing models. It depends on the assets, the facility size, how many assets there are, and how much traffic is ingested. The model varies depending on the assets and the sizing of the site. It is scalable. If there are more assets, I can purchase a bigger configuration of Nozomi Networks hardware. This is properly aligned. Nozomi Networks has different pricing models, so I can choose accordingly.

Nozomi Networks does provide help. When I am stuck somewhere, I raise tickets and they are resolved. However, it does take some time. Customer service could be more efficient. Sometimes they hesitate to come on a call. They have knowledge transfer documents and process documents. However, sometimes I have to explain what issues I am facing on chat, which can be difficult. Coming on a call and those kinds of interactions may take a little more time. This is something I felt could be resolved more quickly.

I have switched my company and I am not currently using Claroty. I am in the same domain, but I am using Armis in my current role and Nozomi Networks for my customers.

I have been using Armis for two years. I switched from Armis because of some demerits and moved to Nozomi Networks.

A year ago, I had been using Armis for one year, and because there were some demerits with Armis, I switched my customers to Nozomi Networks.

The setup depends on site to site. I have deployed it remotely, but I had people at each site who would deploy it. The configuration is medium difficulty, not very easy but not very tough. I should have some experience or an understanding of how the system works, how networks work, all the connections, what the architecture is about, and how to connect with the switch. I am now a Nozomi Networks certified engineer, so I know things accordingly. I am also certified with Claroty and Armis. If someone is new to Nozomi Networks, they might need guidance to install it. It is somewhat technical but not that difficult to learn.

I did use AWS cloud for remote management. I deployed Nozomi Networks on AWS cloud and also used it for CMC. I have used AWS as an integration of cloud to host the server of Nozomi Networks for both. It does require some integrations and alignment of the networks, but it can be done.

I was about to create the ROI for Nozomi Networks. I believe it provides strong value. We have detailed analysis of breach scenarios, the total number of breaches that happened, and the risk categories that Nozomi Networks is detecting. Nozomi Networks OT impact includes asset enumeration, lateral movement, PLC or HMI accesses, remote access misuse, and credential guessing. We have details about the business consequences, such as malware propagation, loss of process integrity, or any manipulation that might happen. The OT environment is vulnerable to process manipulations and insider or external compromises, depending on what external devices are connecting to the OT network or whether IT-OT segmentation exists. These details create budgetary considerations that are important. We also have vulnerabilities, both open and exploitable, with critical and high scores with CVSS scores of more than nine or more than seven, and which have known exploits. I get these kinds of details in Nozomi Networks portal.

Nozomi Networks and Claroty are on the expensive end of the market, so the client should have those budgets available.

I have used all of them, but I would suggest Nozomi Networks if it is for a large client. For critical systems or critical sites such as oil and gas, nuclear facilities, or water treatment plants, I would recommend Nozomi Networks and Claroty. For smaller size organizations, Armis and Dragos can be used. For detailed analysis and when the systems and the site are more critical, I would suggest and prefer Nozomi Networks and Claroty.

Asset details are convenient because I have lots of information with respect to assets. Whenever I receive any alert, I check what the asset is about. For example, with any incident such as network scanning or multiple successful logins, there are all the details regarding what happened. It tells me what the possible cause was and what the solution will be. The details show what source is involved, what site and zone, what label, IP or MAC address, what ports are involved, TCP/IP or any other protocols. I can see if there is any user assigned to it with respect to site spokes. I can see the destination and all those destination site details. I can determine if it is internal traffic, external traffic going out from IT to OT, or traffic from any other site or any external devices. I can see what communication protocol is being used, the transport protocol, the threat severity, the network exposure, and the attack tactics. All these details are available. I have additional details such as when the attack happened or when the incident was reported, how the device was captured, which port it was detected on, and whether it is an easy attack that is not relevant so I can acknowledge it or trigger it. I have timeline details and can also leave comments about whether something is recurring so I can ignore certain attacks or incidents. All these details provide a proper audit trail for companies. For customer support, I would rate it at eight point five out of ten. I would also rate the overall product experience at eight point five. I would rate Nozomi Networks at nine points overall. When looking at the OT monitoring tool market, Nozomi Networks wins. Nozomi Networks and Claroty are both excellent solutions, which is why I rate it as nine out of ten.

We use Nozomi Networks as an intrusion detection system for OT deployments, automation systems, and IoT systems such as medical equipment to protect medical systems and smart meters. We detect any anomalies in the network, whether in operation networks, IoT networks, or IT networks, and it is the best intrusion detection solution with its intelligence.

We work with Nozomi Networks real-time visibility feature and deploy the solution for our customers.

The real-time visibility from Nozomi Networks helps with threat detection for our customers because almost all customers have integrated this IDS into their SOC, so they are getting full visibility on any anomalies in the network and immediate intelligence on that.

Integrating Nozomi Networks with third-party systems gives visibility in the network. We connect this with a SOC and SIEM solutions, and they have better visibility on the entire network.

Nozomi Networks brings the main benefits of visibility and control, asset tracking with full visibility of the assets in the network, and threat intelligence with anomaly detection, so they have peace of mind and the system is always on watch.

We are utilizing the machine learning in Nozomi Networks, which is part of the Nozomi Networks package. We are deploying it for the customers and they take care of the operation side. We do the implementation only.

Nozomi Networks has the best AI-based detection and intrusion detection solution. It is very robust, easy to deploy, and easy to use with a very user-friendly GUI and good support in terms of product and after-sales support. They have vendor support in our region, and they are the best when it comes to IDS solutions.

I would like to see improvements in Nozomi Networks, probably more AI-based integration and better native integration with SOC and SOAR platforms.

I would like to see specific features included in the next releases of Nozomi Networks, such as improvements in threat intelligence. They have competition from Dragos, which I believe is better in threat intelligence.

I do not have much of an answer about the key differences of Nozomi Networks in comparison to other cyber defense solutions because I only work with Nozomi Networks. However, I heard from the market that they might lack in threat intelligence compared to Dragos. Other than that, I see Nozomi Networks as the best platform for customers, easy to manage, deploy, and operate. The cons might be that they lack some threat intelligence features that Dragos offers.

We have been working with Nozomi Networks for four years.

We have faced downtimes, crashes, or performance issues with certain implementations. We had certain device card issues, but those were rectified immediately as an RMA was issued and addressed promptly. It is not that there are no issues at all, but they have been addressed, and that matters most.

Nozomi Networks is scalable. You can add more locations with more devices and integrate with the CMC, and that is not a problem at all. You can also have high availability if you want.

My experience with the technical support and customer service teams of Nozomi Networks is very good. That is one good part of Nozomi Networks.

We did not face many issues during the deployment process with Nozomi Networks. We did multiple implementations and it was all smooth.

For threat detection, we have an IPS solution for intrusion prevention. Nozomi Networks works as an intrusion detection system, and we have a prevention system with TXOne that can do virtual locking, along with many features. This is part of Trend Micro, so we sell it as an IPS and as a firewall with different technologies, including portable inspectors and their own threat intelligence platform.

I assess the impact of potential threats detected by Nozomi Networks as high because it is mostly deployed in critical infrastructure. It is a very critical technology that customers are using to be safe, ensuring business continuity, and that matters most for the industry.

Given my very rich experience with Nozomi Networks technologies, I would advise organizations considering it to look primarily into ICS system cybersecurity and IoT. They can also enhance their focus on enterprise IT security. I rate this product an eight out of ten.

We use Nozomi Networks in our operational technology environment to manage the inventory of assets in our plants and conduct vulnerability assessments and risk quantification. It helps us identify communication that is not allowed between zones.

The most valuable features of Nozomi Networks are the visibility of OT protocols and the versatility in finding the details of the assets feeding the tool. It is helpful because we can see all the traffic coming from the plants. We can distinguish what kind of traffic is our baseline, what is different from normal operation, and what is traversing the OT zone to the IT zone.

Nozomi Networks currently offers add-ons, such as ARP agents, that can be installed on machines to expand the information we receive from sensors. However, these are part of a licensing structure, which can be costly. It would be very helpful if these agents were available free of charge. The solution itself has no major problems, but this is a feature request I would make for improvement.

I have had experience with Nozomi Networks for three years.

I would rate the stability of Nozomi Networks as a nine out of ten. It is very good.

Scalability is straightforward and tied to the license. We have a batch of 5,000 assets, but deploying the Guardian solution is unlimited. We can install the software image anywhere in any plant and still receive information.

I would rate their customer service at eight out of ten. While their support is good, we are looking for added value in a provider. I would like to see more proactive communication and campaigns from them to help us gain further benefits and visibility of the product features.

We previously used Tenable OT Security. We switched to Nozomi Networks due to price and architecture. Scalability is easier with Nozomi Networks, and the reporting part is integrated with the tools, unlike in Tenable, where it was separate.

The initial setup was very easy. We have a solution called Vantage licensed by assets. We manage 5,000 assets and deploy the tool with Nozomi Networks software. We only need to connect a span port or mirror port from the network to start receiving information.

Nozomi Networks is priced moderately. Its cost is not too expensive, but it is not low either.

Nozomi Networks scores a nine out of ten overall. There is no perfect solution, but it is a solid choice for managing OT security.

I use this solution for vulnerability scanning in energy firms.

The time capsule feature is valuable.

I believe there is room for improvement regarding on-premises AI.

I have been using the solution for half a year.

The implementation was carried out by just two engineers.

I do not have ROI at the moment. It is too early to talk about it.

I considered alternative solutions such as Elastic and Curator.

I chose Nozomi because it is far ahead of other competitors, like Curator and Elastic. I would rate the overall solution nine out of ten.

There are different use cases, and it depends on the product and the customer. Usually, it is used for asset management and other features. Sometimes it serves as an IDS solution instead.

It has impacted security operations in a better way.

The network visualization feature of Nozomi impacts security operations positively. It is valuable for asset management, although there are probably better solutions for that.

I would like more customizable options for configurations. Creating custom queries is time-consuming. It would be beneficial if more options were added for easier configurations.

Personally, I have been familiar with Nozomi Networks for a couple of years.

I am not involved in daily operations. As far as I know, Nozomi Networks is considered to be of good quality. The product is stable and doesn’t usually require frequent technical support interaction.

I don't deal with technical support on a daily basis. However, the product itself is stable, so there is usually no need to contact support.

The initial setup is straightforward for a basic configuration. However, custom configurations can be quite complex and time-consuming.

It is probably mid-range in pricing. It's not cheap, yet it is also not super expensive either.

I'd rate the solution seven out of ten.