Nozomi Networks, an OT and IoT provider who agreed a month ago to be acquired by Mitsubishi Electric, has announced the industry’s first cybersecurity solution to safely automate threat response in operational environments. What does the trick here is the latest release of Nozomi Arc, which gives users gain robust, automated threat prevention capabilities for OT endpoints.
First released in 2023, Nozomi Arc is a lightweight endpoint sensor purpose-built for OT environments, operating entirely in user space to eliminate kernel-level risks. Its most recent release two months ago has let it evolve from the industry’s first endpoint security and network sensor into a full threat prevention solution. As part of the Nozomi Networks platform, Arc is the first OT sensor that is natively integrated with an OT cybersecurity platform and also complements other automated threat response workflows in a security stack. Arc is a key component of the Nozomi platform, and extends Nozomi’s defenses to Windows, Mac and Linux endpoints in the operational environment.
This all comes at a time when industrial networks are facing a surge in nation‑state campaigns, hacktivist operations and criminal ransomware, all of which increasingly exploit OT endpoints as part of their kill chain. While control devices such as PLCs, RTUs and IEDs remain critical, it is often other OT assets, including control servers, operator and engineering workstations, HMIs and historian servers, that act as the real pivot points for attackers. According to MITRE ATT&CK for ICS, 72% of known ICS techniques directly target these OT assets, and the overlap with MITRE ATT&CK Enterprise techniques makes the exposure even larger. Protecting OT hosts effectively reduces the probability of a successful attack from initial access to lateral movement to impact.
“Industrial networks are under escalating attack, and traditional IT cybersecurity automation tools aren’t safe or viable in OT environments,” said Andrea Carcano, Nozomi Networks Co-founder and Chief Product Officer. “With Nozomi Arc threat prevention, we are empowering customers to – at their discretion – safely and automatically block and contain threats directly at the endpoint. And we intend to extend automated threat prevention capabilities across the Nozomi Platform in the future.”
Now available, with Nozomi Networks’ active threat prevention, the latest version of Arc moves beyond passive detection to deliver active defense – enabling industrial organizations to better protect mission-critical assets without compromising operational uptime.
Traditional IT endpoint detection and response tools cannot be applied safely in OT environments. They are too heavy for resource‑constrained systems, often incompatible with legacy operating systems and they introduce unacceptable downtime risks. However, relying solely on passive network monitoring leaves endpoints vulnerable to sophisticated malware and ransomware. Without automated prevention, response remains slow, containment manual and SOC teams burdened with alert fatigue.
Meanwhile, regulatory frameworks such as NIS2 and IEC 62443 explicitly require active defense and malware blocking at the endpoint level. Many industrial organizations cannot yet demonstrate this capability, creating both compliance gaps and elevated risk exposure.
“What the industry demands is a lightweight, OT‑safe endpoint prevention capability – one that delivers automated threat blocking and containment without destabilizing operations, and that integrates seamlessly with OT cybersecurity platforms for a unified response, said Anton Shipulin, Industrial Cybersecurity Evangelist at Nozomi. “This approach accelerates incident containment and enables enterprise SOC teams to extend detection and response into OT environments.”
Nozomi Arc can now operate in three modes depending on the organization’s environment and risk tolerance: Detection Mode provides non-disruptive monitoring for audits and compliance. Quarantine Mode blocks malicious files while preserving them for forensic analysis. Delete Mode instantly removes malicious files to prevent further damage.
Arc’s detection and prevention capabilities are fueled by Nozomi Networks’ OT‑specific threat intelligence, enriched with the Threat Intelligence Expansion Pack from Mandiant. Together they provide continuously updated indicators of compromise delivered in YARA and STIX formats, along with SIGMA rules for local behavioral analysis.
So why does this matter? With Nozomi Arc’s ability to safeguard OT endpoints across every stage of a cyberattack – from initial access to lateral movement and final impact – both security and operations teams gain measurable value. For security teams who oversee enterprise‑wide strategy, incident response, risk management and compliance, Arc accelerates mean time to response (MTTR), provides integrated visibility across network and endpoints, strengthens audit readiness, and improves regulatory and insurance posture. For operations teams whose primary goal is continuous and safe production, Arc delivers faster containment that minimizes downtime from intrusions, with the option to choose passive detection only, where practical.
“The evolution of Nozomi Arc marks a turning point,” Shipulin said. “Industrial organizations can now advance from passive detection to safe, automated endpoint threat prevention, purpose‑built for OT assets. Arc closes the gap left by IT‑centric tools and detection‑only OT security vendors, enabling security and operations leaders to cut cyber risk without compromising operational integrity.”