About Us

Nozomi and Siemens Collaborated for Cybersecurity

Nozomi Networks and Siemens have expanded their collaboration by incorporating Nozomi Networks’ Guardian Remote Collector software into the Siemens Scalance LPE local processing engine, a hardware platform tailored to process data for edge and cloud applications in manufacturing environments. Customers can now deploy the leading OT & IoT continuous monitoring solution to their industrial networks with ease, thanks to the power and simplicity of the Siemens Scalance LPE hardware.

Maximilian Korff, Lead, Business Development for Scalance at Siemens commented, “This is the first distributed cybersecurity data collection and analysis software embedded in the Scalance LPE platform and is a vital part of our defense-in-depth concept for OT cybersecurity. This integration offers our customers a non-intrusive and powerful solution to detect threats in real-time and gain deeper visibility of their OT network.”

The Scalance LPE hosts a Docker containerized version of the Guardian Remote Collector, that brings local data collection, pre-processing, and analytics to operational technology deployments. It enables more efficient analysis and data aggregation by any centralized application, including Nozomi Networks Vantage cloud-hosted security platform, and provides an effective way to distribute processing power across large manufacturing operations.

Sid Snitkin, Vice-President of Cybersecurity Advisory Services at ARC Advisory Group stated, “This is a significant milestone for the Siemens partnership with Nozomi Networks. Embedding Nozomi Networks solutions into Siemens Scalance LPE eliminates integration cycles and gives users an efficient and reliable solution with cybersecurity capabilities baked in.”

The Scalance LPE solution delivers highly scalable continuous monitoring and intrusion detection to the network edge. Data is sent from the edge to the Nozomi Networks Remote Collector, which is hosted on the Scalance LPE, to monitor and analyze industrial network protocols for anomalous behavior and potential threats. This integration is unique and can collect traffic from parallel PROFIsafe production cells using the Siemens reference network architectures.

Chet Namboodri, Vice President of Business Development at Nozomi Networks stated, “Supporting the Scalance LPE with a docker container version of our Remote Collector will streamline deployment options for our customers and follows on our existing support for the Siemens Ruggedcom APE platform. Siemens helps customers get the most out of the Nozomi Networks platform at any scale for these critical manufacturing and industrial control customers.”

Read more articles:

Kroll and Armis Have Partnered for Cyber Resilience

Claroty Completed The Acquisition Of Medigate, A Leader In Healthcare IoT Security

Claroty, a cyber-physical systems (CPS) security firm for industrial, healthcare, and enterprise sectors, announced that it has finished the acquisition of Medigate, a leading healthcare IoT security firm. Claroty is now in a unique position to secure the Extended Internet of Things (XIoT) by providing unrivalled visibility, protection, and threat detection for all linked enterprises through a single solution.

“Highly interconnected CPS have become pervasive in industrial and healthcare environments in recent years in order to drive innovation, resilience, sustainability, and better health outcomes. However, greater connectivity begets greater exposure to risks, with serious consequences for patient safety, public safety, and the environment. Together, Claroty and Medigate will combine our deep domain expertise and specialized technologies into a comprehensive platform that will extend across all types of CPS and connected devices to secure the XIoT. We envision a future where cyber and physical worlds safely connect to support our lives, and with Medigate’s talented team and powerful capabilities, we have what it takes to make this vision a reality,” said Yaniv Vardi, CEO of Claroty.

Across 2021, ransomware attacks targeting CPS in all industries hit new highs, with 82 percent of healthcare systems reporting IoT cyber intrusions in the last 18 months. As a result, a slew of new security legislation have emerged, pushing corporations to take action.

“By joining forces between Medigate and Claroty, we are forming the only cybersecurity company that can deliver a best-of-breed solution for all the critical assets across healthcare, industrial, and enterprise environments that comprise the XIoT. Our combined talent, technology, and IP empowers us to truly change the way organizations identify, secure, and manage these connected assets on a massive scale, thereby delivering even greater value for our customers,” said Jonathan Langer, co-founder and CEO of Medigate.

Claroty’s $400 million Series E round, announced in December 2021, was used to fund the transaction. SoftBank Vision Fund 2, Bessemer Venture Partners, Schneider Electric, Rockwell Automation, Standard Investments, Team8, and ISTARI were among the investors in the round (a global cybersecurity platform established by Temasek). 

DDoS Protection Preparation Guide

DDoS attacks can bombard an organization’s network with traffic taking down online services and applications resulting in the prevention of genuine users from accessing the firm’s services. They often lead to lost revenues, loss of customers and damage to the brand. Nevertheless, the fact of the matter is that there is a lot to be done. Even though an enterprise firm can’t predict when an attack will occur the steps can be taken to minimize the impact of an attack and set up a backup to recover fast.

List Vulnerable Assets

To protect assets from DDoS attacks first step for security teams is to find the most vulnerable and valuable assets. They need to start by listing all attackable assets. Example – Servers, Applications, IP addresses and Domains.

Mapping assets will help security teams to identify points of vulnerability and construct defensive strategies.

Estimate Potential Damages

Assess the value and importance of each asset to properly allocate protection money/resources. An important point that companies should consider is certain damages are direct, while others can be indirect.

Loss of clients – Client loss is one of the most serious possible repercussions of a successful DDoS attack.

Productivity loss – Firms that rely on online services like email, online storage or databases, the unavailability of these services will result in a productivity loss.

Direct revenue loss – If a company’s online service generates revenue effectively on a regular basis, any downtime will result in a direct revenue loss. 

Brand damage – Accessibility and the digital experience are more closely linked to a company’s brand. A cyberattack that results in a loss of online service will have an impact on a company’s brand and reputation.

Assigning Tasks

The responsibility of managing DDoS attacks should be distributed to respective people – 

1. CISO and security team should manage the overall DDoS attack coordinating with other teams.

2. Network administrators should communicate with the security team to mitigate DDoS attacks.

3. Teams handling specific applications or online services like cloud storage should coordinate with the security team to provide details and assistance if there’s a DDoS attack.

Deploy and Manage DDoS Solution

After assessing the most vulnerable assets and expenses security team should set up an attack detection strategy. This strategy should be designed in consideration with the DDoS solution deployed by the company. How DDoS solution is being deployed on the cloud or on-premises?

Routing entire traffic through a firewall reduces the need for a diversion. This form of security is perfect for a critical application that simply cannot afford any downtime.

The backup must be created. A separate backup of the most important or critical assets should be created. While creating backup it must be integrated and tested with restoring process and systems to make restoration seamless.

After deploying the DDoS solution, it should be scaled up with the growth of the organization as new customers, systems, users, and devices are added. Once the DDoS solution is set up, the mitigation strategies for various DDoS attack scenarios must be planned.

Update and maintenance schedule of the DDoS solution should be planned. The database of malicious traffic like IP addresses must be updated on regular basis by the vendor. The regular trials of various defensive strategies of DDoS must be conducted with the assistance of the vendor.

The key to a DDoS solution lies in filtering or shifting possibly dangerous traffic away from networks and application infrastructure.

JUMP Global Technology Advisors And IronNet Announced Strategic Initiative To Protect The Entertainment Industry From Cyber Attacks

The IT procurement firm JUMP Global Technology Advisors (GTA) and IronNet Inc. have announced a collaboration to protect the entertainments sector against cyber attacks.  Acknowledging that the defense of the electric system, the financial sector, and other sectors of the nation is as important to economic prosperity, JumpGTA and IronNet bring advanced threats to this integral industry, and a real-time exchange of attack intelligence.

JUMP GTA and IronNet will work together to support the Entertainment Collective Defense Communities to enable stakeholders, through the automated anonymous attack intelligence and crowd threat information, to share visibility and quicker reaction to cyber attacks among community members. The aim is to empower the entertainment industry to defend itself as a unified front to prevent threats of hackers, organised cyber criminals and national opponents which are harmful and difficult to identify.

“In light of rampant cyber campaigns hitting all industries, including ransomware attacks, there is an urgency to change the entertainment sector’s defense playbook to ensure that companies can operate in a secure digital environment – without costly disruptions and risk to intellectual property,” said Walter Thurmond III, Managing Director.

Collective Defense Community of IronNet uses the IronDefense solution for AI-based Network Detection and Reaction (NDR) as well as its embedded systems that rate and prioritise warnings and built-in hunting services for detecting new and unidentified cyber attacks.

Maj. General (Ret.) Brett Williams, Co-founder, IronNet said, “It does not make sense for the entertainment sector, or any industry, to wait for the next major attack when we have the tools to see unknown threats and a new way of defending together. I am pleased to be part of the JUMP GTA and IronNet initiative to deliver Collective Defense to this crucial sector.”

JUMP Managing Partner & CEO Aric Ackerman said, “Our partnership with IronNet will allow us to ensure that no company has to continue defending alone, especially against attacks that threaten the entertainment sector as a whole.”

Mission Secure and XONA partners to offer zero-trust OT cybersecurity solutions to industries relying on remote operations capacity

Mission Secure, the world’s leading Industrial control (ICS) cybersecurity tech firm, announced a strategic partnership with XONA, the developer of a zero-trust user access solution for remote industrial operations, to provide more comprehensive and integrated operational technology (OT) cybersecurity solutions across several industries.

Remote operations capability is becoming extremely important in a pandemic-affected operational landscape for sustaining resiliency, enhancing efficiency, and accomplishing corporate goals. However, as IT and OT systems converge, businesses are exposed to cybersecurity vulnerabilities that standard IT security solutions can’t address. In order to protect essential infrastructure and business data from malicious attackers, organizations need OT-specific cybersecurity features.

In the defence, critical infrastructure, and process industries, Mission Secure offers comprehensive OT security solutions. This partnership improves their security by bringing a zero-trust user access layer to their product offerings, which include integrated closed-loop multi-factor authentication (MFA), browser-based virtual desktop infrastructure (VDI), moderated secure file transfer, system connection segmentation and monitoring, protocol isolation, and deep user access forensics, all offered through a single platform.

“Mission Secure is proud to bring XONA’s ‘best-in-class’ solution to our customers Our OT/ICS customers often face challenges with remote access, but the XONA technology adds an important feature set to our Platform-as-a-Service that will bridge the gap between cyber protection and operational efficiency. That’s especially important now as threat actors increasingly turn their attention to vulnerabilities in OT/ICS to avoid the increased security in IT infrastructures,” said John K. Adams, Mission Secure’s CEO.

“Simple to deploy, zero-trust user access empowers companies to embrace OT remote operations capacity without compromising cybersecurity. As ransomware and other cybersecurity threats increase in scope, frequency and severity, it’s critical that companies fortify their remote operations to account for a shifting threat landscape. We’re excited to partner with Mission Secure to deliver just those necessary capabilities,” said XONA CEO, Bill Moore.

Together Mission Secure and XONA will offer a comprehensive cybersecurity solution that protects companies as they embrace remote operations.

Deloitte Acquires Industrial Cybersecurity Business aeCyberSolutions from aeSolutions

Applied Engineering Solutions, Inc., based in Greenville, S.C., sold its industrial cybersecurity business (aeCyberSolutions) to Deloitte Risk & Financial Advisory (aeSolutions). With the aeCyberSolutions company’s well-tested frameworks, processes, and technology-enabled tools for industrial control systems / operational technology (ICS/OT) security, Deloitte’s existing cybersecurity capabilities will be enhanced. Professionals from aeCyberSolutions will be brought in as well, with extensive experience in industrial sector standards creation and risk advice services.

“Cyberattacks on industrial controls systems for critical infrastructure are increasingly sophisticated and far-reaching, making cyber resilience and regulatory compliance more important than ever. As industrial organizations digitally transform to adopt more emerging technologies like 5G, the Internet of Things, machine learning and artificial intelligence, our acquisition of the aeCyberSolutions business helps us to offer leading-edge ICS/OT technologies and related advisory services,” said Wendy Frank, Deloitte Risk & Financial Advisory Cyber 5G and IoT leader and principal, Deloitte & Touche LLP.

“Knowing our clients’ needs are only expanding, we’re aggressively growing our cyber practice to meet that need, aiming to bring innovative solutions as well as top industry executives with deep experience to help our clients achieve enhanced cyber resilience. Acquiring the aeCyberSolutions business’ highly certified, credentialed and experienced security professionals and tech-enabled solutions allows us to hyperscale our offerings to help clients advance their cybersecurity programs for the industrial sector and beyond,” said Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal, Deloitte & Touche LLP.

“Since 2014, our cyber services and solutions have helped industrial sector organizations meet their most pressing ICS/OT cybersecurity needs by providing corporate and plant-level assessments, remediation recommendations, program frameworks, and training. Joining Deloitte will enable us to scale the depth and breadth of our services, increasing our ability to help clients build more trustworthy, resilient and secure environments,” added John Cusimano, vice president of industrial cybersecurity for aeSolutions and incoming Deloitte Risk & Financial Advisory managing director, Deloitte & Touche LLP.

Deloitte’s sixth cyber purchase in 2021 is the aeCyberSolutions business, illustrating the firm’s commitment to aggressively growing services and improving capabilities that assist clients to solve a wide variety of cyber threats.

Argon announces Integrity solution, the first software supply chain security solution in the industry that prevents supply chain attacks

Argon Security announced the introduction of its patent-pending IntegrityTM technology, which enables businesses to detect and prevent software supply chain cyberattacks such as the ones that hit SolarWinds and ClickStudios. Misconfigurations, vulnerabilities, and weak dependencies in the company’s CI/CD pipeline are also eliminated, reducing supply chain risks.

Argon IntegrityTM strengthens Argon’s position as a leader in software supply chain security for the modern paradigm of DevOps-led high-velocity software development and increased trust and confidence in businesses’ software releases.

Argon’s patent-pending solution monitors the development process and prevents source-code tampering or manipulation during the software development and release process. Together with the infrastructure hardening and process security, Argon is the only solution in the market that provides holistic, multi-layered prevention of supply chain threats.

“The SolarWinds’ breach highlighted the fact that the software supply chain is a new attack vector that organizations are not currently equipped to defend against. Our solution provides full visibility into the development environment and protects our customers from bad actors who seek to tamper with their code or native behavior and uptime of their applications,” said Eilon Elhadad, CEO, Argon.

“Defending against supply chain attacks is a difficult challenge. Argon is the first solution I’ve seen that can provide broad visibility and security across your software supply chain, detect and prevent risks from misconfigurations, vulnerabilities, and supply chain attacks. This is a quantum leap forward for the defending side,” said Stephen Davis, Chief Information Security Officer at Macmillan.

Cybercriminals are taking advantage of the high complexity and low security within new modern software development environments to exploit and cause massive damage, not only to the attacked corporation, but to their thousands of clients, in this new trend of software supply chain attacks that preyed on SolarWinds, Codecov, and thousands of other companies. Most firms that generate code have implemented continuous integration and delivery (CI/CD) techniques to automate their software development during the last few years, helping them to speed up product and feature releases while maintaining a competitive edge over their markets. As a result, they’ve become a target for supply chain attacks.

“Argon’s solution enables companies to secure their software supply chain against the risks of supply chain attacks effectively. Our unique and in-depth security technology allows us to cross-check and validate actions across the pipeline and prevent damage to the company’s infrastructure, code or application from supply chain attacks. Such consolidated multi-layer coverage is not available in the market today under a single solution,” said Eran Orzel, Argon’s chief revenue and customer officer.

CYE and OTORIO partners to offer a single-pane solution to tackle the rise of industrial ransomware

CYE, the industry leader in cybersecurity optimization platforms, announced a partnership with OTORIO, a company that provides next-generation OT cyber and digital risk management solutions, to offer an integrated solution to businesses with converged IT/OT/IOT environments looking for prompt ransomware protection. This collaboration intends to assist clients in turning more stringent US government laws for critical pipeline owners and operators into practical cybersecurity plans, as well as developing practical actions to improve their cyber hygiene and overall security postures.

Ransomware cyberattacks on industrial enterprise firms and essential infrastructure have increased significantly in recent months, notably the Colonial Pipeline attack, which created fuel shortages across the East Coast of the United States for almost a month and resulted in a $4.4 million ransom payment. Other essential industries, such as water utilities, hospitals, and financial organizations, have also been impacted by these accidents. In response, the US National Security Council released a report urging cyber leaders to help protect against the threat of ransomware, emphasizing the private sector’s unique role in supporting the federal government in securing critical assets against attack, and highlighting that no company, no matter how large, is immune to attack.

One of the most significant issues facing pipeline operators today is gaining a comprehensive awareness of network assets, including those who have access to their infrastructure. CYE and OTORIO give cyber visibility across all IT, OT, and IOT environments, assessing risks, identifying exposures, and developing long-term cybersecurity best practices, based on the principle that you can’t defend what you can’t see. The solution is fully automated, making compliance and risk management much easier. Furthermore, CYE and OTORIO enable enterprises to drastically minimize risks while lowering costs by proactively identifying exposure and potential attack vectors and fixing them before they become breaches.    

“The partnership with OTORIO comes at a time when we see a significant uptick in ransomware attacks on companies providing critical services to the public. CYE  aims to alleviate the burden on companies that can’t afford operational downtime, while giving them peace of mind that they are protected against any future need to pay a heavy ransom,” said Reuven Aronashvili, CEO and founder of CYE.

“Cybercriminals have become as powerful as nation-state adversaries, posing a real threat to operational continuity,” said Daniel Bren, CEO and co-founder of OTORIO. “Building on OTORIO’s extensive experience protecting industrial and mission-critical environments, our joint solution simplifies cybersecurity for converged IT/OT/IOT environments by adopting a proactive risk-reduction approach instead of traditional intrusion detection and response methods.” 

Claroty Announces Research Arm Team82, Discovers Critical Vulnerabilities In Cloud-Based ICS Management Platforms

Claroty, an industrial cybersecurity firm, announced Team82, a new research arm that will provide crucial vulnerability and threat research to Claroty clients and industrial network defenders throughout the world. In addition, Team82 released new research on severe vulnerabilities discovered in cloud-based management platforms for industrial control systems (ICS), underlining the growing requirement to protect cloud applications in industrial environments.

Team82, originally known as The Claroty Research Team, has won numerous awards for its fast development of industrial threat signatures, unique protocol analysis, and ICS vulnerability finding. With a total of 146 vulnerability findings and disclosures to date, the team is the leading player in ICS vulnerability research and was the first to build and publish signatures for the infamous Ripple20 and Wibu-Systems CodeMeter vulnerabilities, as well as the threat actors who target them. The team works directly with key industrial automation companies to analyze the security of their systems, and it has the industry’s most advanced ICS testing facility.

“Team82’s latest research was motivated by the reality that organizations in the Industry 4.0 era are incorporating cloud technology into their OT and IIoT for simplified management, better business continuity, and improved performance analytics. In order to fully reap these rewards, organizations must implement stringent security measures to secure data in transit and at rest, and lock down permissions. We thank the CODESYS and WAGO teams for their swift response, updates, and mitigations that benefit their customers and the ICS domain” said Amir Preminger, VP research at Claroty.

OPSWAT Announces Acquisition of Bayshore Networks to Enhance Critical Infrastructure Protection Capabilities to OT/ICS Environments

OPSWAT, the global leader in Critical Infrastructure Protection (CIP), announced that it has acquired all assets of Bayshore Networks, the leading provider of active industrial cybersecurity protection solutions specifically designed for Operational Technology (OT) and Industrial Control Systems (ICS) environments, automation engineers, and plant operators. As part of the acquisition, OPSWAT will incorporate Bayshore Networks products and teams, extending OPSWAT’s CIP capabilities to OT/ICS environments.

OPSWAT, the world leader in Critical Infrastructure Protection (CIP) declared that it has acquired Bayshore Networks, the leading provider of active industrial cybersecurity protection solutions designed especially for Operational Technology (OT) and Industrial Control Systems (ICS) environments, plant operators and automation engineers,.  OPSWAT will integrate Bayshore Networks’ products and employees as part of the acquisition, boosting OPSWAT’s CIP capabilities to OT/ICS environments.

From the Colonial Pipeline attack to the Florida water supply hack, there has been a substantial increase in the number of cybersecurity and ransomware attacks in the industrial infrastructure. This has prompted a higher level of security concern, as these types of attacks may have disastrous consequences. This asset acquisition will enhance OPSWAT’s mission to provide best-in-class cybersecurity solutions to protect critical infrastructure by adding kay features in unidirectional/bidirectional secure data transmission in critical networks, intrusion prevention for industrial systems, and secure remote access for OT assets.

“This acquisition furthers our commitment to provide organizations worldwide with the most comprehensive critical infrastructure protection solutions available today. Over the last few months, we have hit several corporate and product milestones, including raising a $125 million round of financing, expanding our channel program to over 80 countries, and introducing our breakthrough cybersecurity kiosk for critical infrastructure protection. Today’s acquisition extends our CIP mission to operational technology and will drive continued growth and momentum at OPSWAT,” said Benny Czarny, OPSWAT founder and CEO.

“We are excited to bring two industry leaders together,” stated Kevin Senator, former CEO of Bayshore Networks and current OPSWAT Consultant. “Over the last decade, Bayshore Networks has provided state-of-the-art cybersecurity solutions for OT/ICS environments. Extending OPSWAT’s powerful platform to OT is a natural next step for both companies. Not only will we meet very specific cybersecurity demands in the industry, but the synergy between our companies will be truly extraordinary. I have no doubt that our employees and our technology will thrive at OPSWAT.”