The new Cisco validated integration is with Cisco Identity Service Engine, while the integration with IBM’s QRadar SIEM has been expanded.

Today, OT and IoT security vendor Nozomi Networks is announcing an expansion of their relationship with Cisco. Their Guardian solution for cybersecurity and visibility in ICS environments has received Cisco Compatible certification to integrate with Cisco Identity Service Engine (ISE). This expansion of the company’s strategic Cisco relationship comes on the heels of the announcement of a multi-faceted expansion of their relationship with IBM.

Nozomi Networks has been aggressive in responding to the convergence of IT with OT by bridging between the two, and broadening their IT footprint with key strategic partnerships. The first was with Fortinet, followed by others with Palo Alto Networks, FireEye, HPE Aruba, Pulse Secure, Splunk, LogRhythm, Carbon Black, ServiceNow and Check Point, although the latter is less active. Major OT partnerships include Siemens, GE and Schneider Electric, while major Go-to-Market partners include Accenture, Atos, CapGemini, and NTT/Dimension Data.

Both the IBM and Cisco announcements extend already-existing IT partnerships. The new integration with Cisco is between Nozomi Networks’ Guardian solution for real-time cyber security and OT and IoT network visibility  and the Cisco Identity Service Engine [ISE]. Guardian has received Cisco Compatible certification for its ISE integration.

“This new integration with Cisco further extends visibility deep into the OT and IoT networks of our common enterprise customers,” said Chet Namboodri,  Nozomi Networks’ VP of Business Development. “The market exposure that they have makes this a very important partnership for us.” The ISE integration builds on existing ones between Guardian and the Cisco Adaptive Security Appliance [ASA] firewall and network security platform, with Cisco Firepower Threat Defense [FTD] network security traffic management and with the Cisco Catalyst 9300 compute module and Cisco Connected Grid Router [CGR].

“Cisco is a technology alliance that is driven by our customer base,” Namboodri said. “Among the Fortune 1000-5000 companies across the world, they are in between 60-70% of those companies, and at least a third are IoT/OT relevant. Many customers that we call on have Cisco gear and recognize the advantage of our integrations.  Our integrations with ASA and Firepower have been pulled by joint customer interest – largely in the Middle East with oil and gas. We have also integrated a virtualized instance of Guardian and enabled a Docker container on the Catalyst 9300 and their more IoT-oriented switching gear.”

The ISE integration, through Cisco’s pxGrid [Platform Exchange Grid], lets Guardian detect new OT and IoT assets as they are introduced to an environment and sends context-rich alerts to ISE to take action.

“ISE is used as a mechanism for quarantining threats which we identify,” Namboodri  said, with Guardian instructing Cisco ISE to place an offending endpoint into an Adaptive Network Control quarantine policy. With Guardian deployed at the access switch or router in OT and IoT networks, Cisco ISE can enforce policies to block or authorize endpoints.

The IBM announcement also extends an existing partnership further.

“We have had a partnership and a technology integration with IBM since the beginning of 2018, and this new announcement is holistic on our further progress along different fronts,” Namboodri indicated. “We have over a dozen joint customers and more than 50 customers on Proof-of-Concept evaluations with IBM. They are certainly in our top three partnerships, and we have more than 20 IBM SEs certified on us.”

The major technology development is an enhanced IBM-validated integration between Guardian and the IBM QRadar SIEM offering. It now provides advanced IT and OT security monitoring capabilities through one unified view.

“The integration with QRadar is our biggest leap forward with them,” Namboodri said. “It now ties in more data and provides more context natively. It is also now available on the IBM Security AppExchange.”

Nozomi Guardian is now running in IBM’s Global SOCs, including their big Security Services Center operations in Costa Rica, from where events are monitored for clients in over 130 countries.

“The SOC is a big deal for us, especially that OT-focused SOC centre that they have based out of Costa Rica,” Namboodri indicated. “We also have a presence now at their CyberRange in Cambridge MA, where they are  showcasing us as part of their hands-on experience.”