Strengthening OT Security: Nozomi Networks and Cynalytica Unite to Protect Operational Technologies

By Richard Robinson | May 31st 2023

Securing operational technologies (OT) has become increasingly crucial in today’s interconnected world. I am excited to announce that Nozomi Networks and Cynalytica have joined forces to deliver a groundbreaking solution that extends visibility, situational awareness, and threat detection across operational technologies. This partnership now offers the unique capability to monitor both IP and non-IP based ICS/SCADA and OT communications.

By combining expertise, Nozomi Networks and Cynalytica have created a comprehensive solution that enhances visibility into OT networks. Traditional ICS/SCADA and OT security solutions often focus solely on IP-based communications, leaving non-IP protocols vulnerable to attacks. This partnership now enables comprehensive and integrated monitoring of both IP and non-IP based ICS/SCADA communications. This holistic approach ensures that all communication channels are monitored, providing organizations with a complete view of their OT infrastructure and potential security threats.

The ability to monitor both IP and non-IP based ICS/SCADA communications empowers organizations with unparalleled situational awareness in OT environments. Nozomi Networks and Cynalytica’s partnership now equips organizations with the tools to better detect cyber-physical anomalies, indicators of compromise, and potential vulnerabilities across all communication channels. This real-time visibility enables organizations to respond swiftly and effectively to security incidents, minimizing the risk of operational disruptions and ensuring business continuity.

As technology continues to advance, so do the methods employed by cybercriminals to exploit vulnerabilities in critical infrastructure systems. Often forgotten, or ignored, is the fact that a significant amount of our current OT environments and safety systems still rely on connected Serial and Analog communications.

Cyber-attacks on Programmable Logic Controllers (PLCs) that utilize serial communications and other non-IP communications are probably more common than most are currently aware of. Understanding the evolution of these attacks is crucial for enhancing the security of industrial systems and mitigating potential risks.

In the early days of PLCs, serial communications were commonly used for data transfer between devices. This reliance on serial protocols, such as Modbus and DNP3, became the target of various cyber-attacks. These attacks primarily focused on gaining unauthorized access, manipulating process data, or disrupting critical operations.

The easy stuff, infection through serial connections and converters. Attackers realized early that compromising a PLC through a serial connection could provide them with a foothold within a larger industrial network. By exploiting vulnerabilities in the serial communications protocols, attackers gained unauthorized access to critical systems.

 If you’re not monitoring these connections and communications, you will be blind to this activity, regardless of everything else you may be doing to secure your network. This is the conundrum, if you are not monitoring then how can you confirm that it isn’t happening? How long are adversaries sitting in environments that are being monitored on the IP side? Historically quite a while, several months to years.

With the advent of more sophisticated malware, attackers began targeting PLCs through infected software or firmware updates. Once deployed, these malicious programs exploit vulnerabilities in the serial communications protocols to gain control over the targeted PLCs. This is happening.

Attackers have also been able to manipulate the data exchanged via serial communications to deceive operators and manipulate the behavior of industrial processes. By modifying process values or sending false signals, attackers can disrupt operations or cause physical damage. Again, happening.

The Nozomi Networks and Cynalytica partnership now helps close the capabilities gap in complete monitoring and securing OT for operators and helps address the most critical problems; safely and securely monitoring legacy systems and addressing the lack of full OT visibility.

The partnership and solution offer organizations comprehensive threat detection and mitigation. By combining the monitoring of IP and non-IP based communications, the joint solution addresses many of the unique security challenges posed by OT environments. The advanced analytics and machine learning capabilities of the combined solutions also help enable the identification of both known and unknown threats. This proactive approach empowers organizations to take prompt action and mitigate risks before they escalate into major security incidents.

Nozomi Networks and Cynalytica’s collaboration provides organizations with a unified security strategy. The joint solution allows for streamlined operations by managing the monitoring and detection of IP and non-IP based ICS/SCADA communications within a cohesive system. This simplifies security management, reduces complexity, and ensures consistent threat detection across all communication channels. By unifying their efforts, Nozomi Networks and Cynalytica enable organizations to strengthen their overall security posture and protect critical infrastructure more effectively.

More to come.

See the Nozomi Networks and Cynalytica Solutions Brief:

Learn more about the Cynalytica AnalytICS Platform:

Subscribe to Newsletter