Nozomi Guardian Industrial Control System Security Demo

Bookmark

Solution Overview

Nozomi Guardian™ protects control networks from cyberattacks and operational disruptions by providing complete ICS visibility and security in a single solution.

Its advanced technology automatically maps and visualizes your entire industrial network, including assets, connections and protocols. Guardian monitors network communications and behavior for risks that threaten the reliability of your systems, and provides the information you need to respond quickly.

Available as a passive monitoring solution, or low-impact active solution with the Smart Polling™ add-on, Guardian allows you to choose the asset discovery approach that best fits your organization.

Goals & Objectives

Nozomi Guardian monitors span port traffic to monitor the ICS network. The network has no security controls. All traffic generated in the network is monitored and analyzed by Guardian. Guardian provides insight into the hosts in the network, their roles, and their communications. Once traffic is baselined, new hosts or traffic baseline deviations will generate an alert.

This lab demonstrates the following Nozomi Guardian features:

Discover and identify ICS assets
Map ICS network
Baseline ICS traffic
Generate alerts related to ICS assets/traffic

Hardware & Software

1 x Nozomi Guardian
3 x Ubuntu Linux hosts
1 x Debian Linux host

Contributors

Enrique Martinez

WWT

Technical Solutions Architect

John Stillwell

WWT

Technical Solutions Architect