Nozomi Networks Reviews

I am a service provider handling the portal for Nozomi Networks across 35 different sites. I use the dashboard, Vantage, Guardian, and CMC. I have configured everything and use the system as both a provider and a user because I need to share all alerts and notifications with my clients. I share asset inventory and vulnerability management details. We collaborate on what the architecture will be and what alerts or incidents are being reported, as well as how we resolve them. When it comes to vulnerabilities and patching, we mitigate all those risks from both a management and technical perspective.

The most valuable features are asset inventory management and vulnerability management.

I appreciate the level of detail provided when all the ingested traffic and asset details are displayed, including vendor information, firmware details, name, IP address, MAC address, and protocol type. There are maps showing what kind of communication is happening between devices. I get all the details about the overall traffic being received.

There is a live option where I can click and see real-time data. There are numerous dashboards that provide traffic analysis, vulnerability management, and asset details. Nozomi Networks also has an AI version with IQ where I can ask for all the details I need. There are query sections where I can query things and export all the required data. The vulnerability dashboards give me an overview of what assets have exploitable critical CVEs, open CVEs, high scores, likelihood, different scopes, how many sites have them, and graphs based on criticality and exploitability. I like the threat intelligence of Vantage that Nozomi Networks has. They also have site-wide distribution showing all the CVEs and their risk scores. Every section has details about sensors, alerts, and assets. This kind of detailed analysis is very comfortable for me with Nozomi Networks. I believe it is the best. I can recommend Nozomi Networks and Claroty to my clients. This is great.

On the negative side, I believe their AI, which is IQ, could be more improved. For example, when I export any data, there are only 50 columns available. What if there were more columns? Nozomi Networks does not provide that data, so I have to go to the query section. The AI is currently useful for writing queries in English that are converted into their coding language for queries. Sometimes it provides the correct data, and sometimes it does not understand the request. From my attempts, I would say 50 percent of the time it has given me the proper data, and 50 percent of the time it might need improvement. Every day or week, new threat intelligence and AI upgrades are being released for Vantage, and all those upgrades are being implemented. Things are getting better, but I believe there are areas of improvement.

I have been using Nozomi Networks for one to one and a half years.

Nozomi Networks is stable, but sometimes disruptions occur at sites. Sensors can be down, so I cannot see what is happening in the network. Network connectivity is always a critical consideration. In an OT environment, there are changes and maintenance windows. Sometimes the network is not stable, the firewall or DMZ is down, so the device is also down. I understand this is expected. Network connectivity is important, and Nozomi Networks should be placed where it is monitored. Nobody should be able to remove it. Sometimes vendors need to connect to the OT network, and if they know it is being monitored, they might remove the sensor to avoid detection of their activities. Nozomi Networks should be placed in a central location where it is monitored, and nobody should be allowed to access it without proper authorization.

Nozomi Networks depends on different sizing models. It depends on the assets, the facility size, how many assets there are, and how much traffic is ingested. The model varies depending on the assets and the sizing of the site. It is scalable. If there are more assets, I can purchase a bigger configuration of Nozomi Networks hardware. This is properly aligned. Nozomi Networks has different pricing models, so I can choose accordingly.

Nozomi Networks does provide help. When I am stuck somewhere, I raise tickets and they are resolved. However, it does take some time. Customer service could be more efficient. Sometimes they hesitate to come on a call. They have knowledge transfer documents and process documents. However, sometimes I have to explain what issues I am facing on chat, which can be difficult. Coming on a call and those kinds of interactions may take a little more time. This is something I felt could be resolved more quickly.

I have switched my company and I am not currently using Claroty. I am in the same domain, but I am using Armis in my current role and Nozomi Networks for my customers.

I have been using Armis for two years. I switched from Armis because of some demerits and moved to Nozomi Networks.

A year ago, I had been using Armis for one year, and because there were some demerits with Armis, I switched my customers to Nozomi Networks.

The setup depends on site to site. I have deployed it remotely, but I had people at each site who would deploy it. The configuration is medium difficulty, not very easy but not very tough. I should have some experience or an understanding of how the system works, how networks work, all the connections, what the architecture is about, and how to connect with the switch. I am now a Nozomi Networks certified engineer, so I know things accordingly. I am also certified with Claroty and Armis. If someone is new to Nozomi Networks, they might need guidance to install it. It is somewhat technical but not that difficult to learn.

I did use AWS cloud for remote management. I deployed Nozomi Networks on AWS cloud and also used it for CMC. I have used AWS as an integration of cloud to host the server of Nozomi Networks for both. It does require some integrations and alignment of the networks, but it can be done.

I was about to create the ROI for Nozomi Networks. I believe it provides strong value. We have detailed analysis of breach scenarios, the total number of breaches that happened, and the risk categories that Nozomi Networks is detecting. Nozomi Networks OT impact includes asset enumeration, lateral movement, PLC or HMI accesses, remote access misuse, and credential guessing. We have details about the business consequences, such as malware propagation, loss of process integrity, or any manipulation that might happen. The OT environment is vulnerable to process manipulations and insider or external compromises, depending on what external devices are connecting to the OT network or whether IT-OT segmentation exists. These details create budgetary considerations that are important. We also have vulnerabilities, both open and exploitable, with critical and high scores with CVSS scores of more than nine or more than seven, and which have known exploits. I get these kinds of details in Nozomi Networks portal.

Nozomi Networks and Claroty are on the expensive end of the market, so the client should have those budgets available.

I have used all of them, but I would suggest Nozomi Networks if it is for a large client. For critical systems or critical sites such as oil and gas, nuclear facilities, or water treatment plants, I would recommend Nozomi Networks and Claroty. For smaller size organizations, Armis and Dragos can be used. For detailed analysis and when the systems and the site are more critical, I would suggest and prefer Nozomi Networks and Claroty.

Asset details are convenient because I have lots of information with respect to assets. Whenever I receive any alert, I check what the asset is about. For example, with any incident such as network scanning or multiple successful logins, there are all the details regarding what happened. It tells me what the possible cause was and what the solution will be. The details show what source is involved, what site and zone, what label, IP or MAC address, what ports are involved, TCP/IP or any other protocols. I can see if there is any user assigned to it with respect to site spokes. I can see the destination and all those destination site details. I can determine if it is internal traffic, external traffic going out from IT to OT, or traffic from any other site or any external devices. I can see what communication protocol is being used, the transport protocol, the threat severity, the network exposure, and the attack tactics. All these details are available. I have additional details such as when the attack happened or when the incident was reported, how the device was captured, which port it was detected on, and whether it is an easy attack that is not relevant so I can acknowledge it or trigger it. I have timeline details and can also leave comments about whether something is recurring so I can ignore certain attacks or incidents. All these details provide a proper audit trail for companies. For customer support, I would rate it at eight point five out of ten. I would also rate the overall product experience at eight point five. I would rate Nozomi Networks at nine points overall. When looking at the OT monitoring tool market, Nozomi Networks wins. Nozomi Networks and Claroty are both excellent solutions, which is why I rate it as nine out of ten.

For the utility company named KenGen, Nozomi Networks is used for their OT security. They monitor their power infrastructure within the power stations located in Olkaria. We are currently connected to about four different power stations and all interconnected to the head office within the same area.

Right now they use it to monitor all their IoT and OT networks within the power grid. For example, they have most of their IoT sensors which are used to monitor the geothermal power plant where they have steam wells which have been dug in different areas and they use IoT connectivity which is connected via 4G network and LTE. Before Nozomi Networks, they had no visibility of all these remote sites. With Nozomi Networks, they have been able to monitor and see every single packet that passes through all these IoT networks and it is all consolidated at the head office and now they have full visibility of these wells, which had been a challenge for quite some time. This particular use case has benefited them greatly.

For now, we are in discussions with the only oil and gas company in Kenya. They deliver oil and petroleum products all the way from the Mombasa port into Kenya, all the way to Uganda, which is a neighboring country and beyond. They are seeing the value of also monitoring and securing their SCADA networks which is also one of the use cases that Nozomi Networks shines a lot in delivering value for all the other oil and gas companies they have worked with. From my perspective, that could be a great next use case that we are really pursuing and hoping to bring extensive value into their organization.

The best features for Nozomi Networks include the fact that Nozomi Networks is able to offer more visibility on particular protocols that using current IT-focused security solutions, they are not able to monitor. The fact that it is able to integrate the IT and OT side of customer networks brings a lot of value to them and that is one feature I would say is the best currently within this particular market.

The one thing that we noticed with the current customer who is using the solution is that once we initially took them through the first training, they actually appreciated it very much and we did not need to keep redoing it, which shows the ease of use for the technical team as well as the way they are able to break down the reports. It is very easy to do various custom reports for the management, senior management, for the engineer levels, and for those who are actually on the ground. All this is done from a single pane of glass. It is not necessary to keep on initiating and drafting new reports. You are able to easily export and specify this is for the managerial level, they get a custom type of report. For those who are below, they are able to get different types of reports. The engineers get now more technical details about what is going on in the network.

Since we deployed the solution almost over three years back, it has to be three years by next year. The organization has gained greatly from the particular solution that we deployed. They have mitigated quite a number of attacks and incidents and ever since we started running the solution, there have not been any OT-based security breaches. The training has helped to avoid any in-house concerns that would be resulting from internal users making mistakes. The solution has been really well absorbed and utilized well to secure their infrastructure.

Customer support is something I think there is a slight challenge on responses on email. But on escalating with the team in Dubai, then we get things solved. If the support could be improved on that, that would be a good thing.

The pricing was quite high based on the end customer's perspective. They negotiated, but they would have preferred a cheaper option. Though Nozomi Networks offered all the features that they needed and they had to invest in that. So also the partners had to reduce our margins, which was quite painful for us, but we still delivered the solution. If something can be done on pricing, that can be quite good, especially for the African region.

I have used Nozomi Networks for almost five years.

We were not using any other solutions. Nozomi Networks was the first OT security solution. The customers had considered Darktrace, but they did not want any cloud offering. So we had to pitch Nozomi Networks for their on-premises offering.

Running a proof of concept is always the best way to go, to enable us to clearly see the depth of the particular scope of the deployment. This way now we are able to understand how many Guardians are needed, how many remote collectors are needed, and what type of connectivity will be used and gives us more insight on the IP allocation and the likes. That would be a good place to start from my perspective.

Definitely there are fewer employees needed, so there is savings on that. Now that monitoring is real-time and more dispatched, the actions are such that notifications come in promptly and the engineering team is able to act on any issue that comes up faster. There is a lot of time saved in terms of incident response and also the reduced number of incidents. The efficiency of the organization, the fewer employees needed, and the time saved has greatly offered the customer a decent return on investment on this particular solution.

Darktrace was the only other contender which was considered. We only reviewed Darktrace and Nozomi Networks, and Nozomi Networks came out the winner in this particular case.

In terms of response time, it has greatly improved because they have notifications and emails which are always sent when there is any incident that has happened. The notifications are very prompt and very specific to particular staff and personnel who are able to approach and solve and deal with a particular issue immediately. The response time has increased by about 70% based on how it was. Before, it was a very manual way of doing it and until there is a breakdown or something has happened and sending an engineer to the ground, that part has been eliminated. The notifications are quite direct and straight. This has really improved their delivery. In terms of incidents, before, they were not even monitored, but now incidents have actually, in the plant, there is no security incident that has come up that has caused the plant to be maybe out of commission or any part of the network which is negatively affected. For the entire time Nozomi Networks has been running within the network, incidents have reduced by almost 50-60%.

Nozomi Networks has really offered a stellar performance within the organization and there is not any specific part that needs improvement for now.

The AI aspect is quite secure for now, so long as the AI is not connected to the internet, there is a lot of security because most of these customers, even in the country, these are utility, government, national infrastructure organizations. The security and connectivity out, just being on-premises and all the models are running within the network really helps to offer that additional security. In terms of the governance side, we just need more education to be done to the end customers just to make sure they align to the governance of the organization when it comes to AI.

The accuracy of Nozomi Networks is quite standard. It is quite good. The accuracy is above 90%. I have not experienced any breakdowns or issues, so the reliability is quite good. The output is quite specific for the end customer, which is quite beneficial and I commend Nozomi Networks for delivering that.

The scalability is quite easy. The remote collectors can be deployed across regions and also there is the vantage offering which offers for organizations distributed across different geographical regions. The scalability is quite easy and straightforward to achieve.

So far, we may need a bit more marketing within the market, because I think of the price of the solution, we have a very limited range of customers to offer the solution to due to the cost implication. If there is an option which is a cheaper option for Nozomi Networks that could come up with to offer the enterprise market within Kenya and the East African region, that would be a better way now of getting the solution into enterprise-level organizations like the banks and maybe hospitals and the like. I would rate this review overall as a 9.

On-premises

Other

I primarily use Nozomi Networks for two main use cases in our environment: OT asset visibility and inventory management, as well as threat detection and anomaly monitoring, which is very important for our operations.

For OT asset visibility, in our compressor stations, we are connected to Nozomi via a span port in the Nozomi collector, and that collector sends data to Guardian, which we use there. With this setup, we can easily investigate our alert triggers. For threat detection at our pipeline block valve station, which is very useful for us, the baseline is the SCADA system, specifically the Honeywell SCADA we use. In this SCADA, periodical read commands on RTUs arrive, and sometimes these commands are unusual. For anomaly control command detection, which identifies unauthorized sources from different places, Nozomi is very helpful with Guardian as well as the CMC, which also shows us the dashboard.

Additional high-impact use cases for Nozomi Networks that I see in pipeline operations include Nozomi flagging some PLCs receiving new types of commands that we sometimes have never seen before. The inbuilt root cause analysis incidents and the IT/OT attack path vector detection are features I need to add to our use cases, making it much easier to maintain our window validation and related processes.

Regarding the learning curve for new users of Nozomi Networks in my organization, training is required, but the platform is user-friendly. I recommend training for all site locations, which is very helpful. The learning curve is moderate, and users can learn effectively with the necessary training.

Nozomi Networks plays a critical role in my environment for incident response and remediation by providing early detection, deep visibility, and actionable insights. In an OT environment, where responses must be controlled and careful, Nozomi proves to be invaluable, and I appreciate its capabilities.

Nozomi Networks has positively impacted our organization since we are in the asset owner environment. The first thing I noticed before was the lack of full OT visibility, which is the biggest impact to gain and understand more deeply our asset-related environment, and it is also facilitating faster threat detection and response, which I appreciate. This capability enables me to create a stronger incident response capability or response procedure for our OQGN environment, which is very helpful in reducing operational risks and enhancing our OQGN environment.

Regarding the reduction in operational risk, I have seen a significant example where the mean time to detect has reduced to minutes. Before, the mean time to detect was almost 30 minutes to one hour, but now it typically takes five to ten minutes, which is substantial. The response time has also reduced by 50 to 60 percent after implementing Nozomi Networks; those are the two key improvements I observe before and after its implementation.

Nozomi Networks significantly supports collaboration between IT and OT teams in my organization by providing a unified visibility platform. Both teams are able to see everything Nozomi offers on a single platform, the CMC, which I mentioned earlier. This facilitates our collaboration and provides actionable insights to our IT teams, helping maintain the operational context of our OT environment and coordinate effectively with the SIEM.

I have seen a clear return on investment with Nozomi Networks, as it measures and manages our risk reduction as well as operational continuity and efficiency. It significantly aids in time-saving; for example, before Nozomi, identifying the root cause of network or process issues took several hours or even days, especially with limited visibility for IT or OT teams. After implementing Nozomi Networks, those issues are resolved within minutes rather than hours due to real-time visibility and traffic analysis enabled by Nozomi Networks.

The best feature Nozomi Networks offers, in my opinion, is deep OT protocol intelligence, which is very effective for our OT environment. The second important feature is the agentless and passive OT visibility, which creates a very crucial role in critical environments because if you set up something inbuilt in your environment, it is not worth and not acceptable for all asset owners. Due to this reason, the third feature is the behavioral baseline with very low false positive alerts, which detects issues and does not show false alarms on the CMC dashboard.

Overall, Nozomi Networks is effective at identifying unknown threats or zero-day vulnerabilities. It has strong performance in that area, although I did encounter one case where something abnormal was not detected immediately. However, overall, it is strong for zero-day detection and unknown threat visibility, though the false positives remain a challenge that all organizations face, especially in the initial stages.

I see challenges with Nozomi Networks mainly as a detection or visibility tool, but it does not actively block traffic by design for safety reasons. If it detects any abnormalities, it suggests using firewalls, NAC, or manual actions at the time of threat detection. For deeper asset context beyond the network layer, it does not provide that for engineering systems, and sometimes it falls short in SMTP. The main challenges I have noted are cost and scaling considerations; sometimes, clients directly deny requests for additional integration due to Nozomi Networks' high costs.

Regarding Nozomi Networks' AI capabilities, I have a mixed opinion. On one hand, I think it is very effective and helpful in strengthening Nozomi Networks itself, but on the other hand, I see potential risks and gaps in governance that are easily detectable. For AI in governance, I recommend creating strong controls along with privacy awareness, data security, operational safety, and most importantly, AI transparency. Much transparency with limited external visibility would be beneficial.

Integrating Nozomi Networks with our existing systems was relatively easy at level three due to established tie-ups, but I faced issues when integrating at level two with some OEMs, like Emerson, who do not allow deep dives for monitoring and collecting all data from Nozomi Networks from the tap one.

I have been using Nozomi Networks for almost more than four years.

Nozomi Networks has proven to be very stable and comfortable in my experience.

In terms of scalability, Nozomi Networks is well-suited for large-scale OT environments, accommodating hundreds and thousands of assets and nodes. This suitability applies particularly to the oil and gas sector as well as manufacturing and utilities, so my recommendation is that it has very high scalability capacity, ease of scaling, and flexibility.

In the Middle East, the customer support provided by Nozomi Networks is very good. However, I personally faced some minor delays a couple of times, but they were acceptable and not much of an issue.

I worked with different organizations and used various solutions previously, including Armis, Microsoft Defender for IoT, and Claroty. There was no particular reason to switch solutions because I simply changed organizations, which used different solutions for their IDS and IPS.

Nozomi Networks is easy to manage updates and maintenance for since it is deployed on-premises, providing us internal control. This offers flexibility, but it also requires proper planning and coordination with Nozomi Networks vendors and teams directly involved in integration. This makes it helpful to manage manual efforts effectively and supports our critical infrastructure environment.

My experience with Nozomi Networks in terms of pricing and licensing is that it is generally a premium solution, not a standard one for all organizational needs. It is more than a typical premium solution, specifically focused on IT and OT systems in our critical infrastructure environment. The pricing is slightly high, which influences smaller organizations' decisions against implementing Nozomi Networks.

Prior to choosing Nozomi Networks, I evaluated a few options, including Claroty, which I deemed not considerable in the Middle East. I also looked at Armis, where I found limited visibility and poor service in the region, and Dragos, which has higher pricing compared to Nozomi Networks. Therefore, I recommended implementing Nozomi Networks for our needs at OQGN.

I rate Nozomi Networks overall a nine out of ten.

I give it a nine because, while it excels not just for asset inventory detection and related areas, there is one gap I have noted and shared with you. That is why I deduct a point, making my rating nine out of ten.

For me, Nozomi Networks has high reliability and moderate to high accuracy, which I believe is the right trade-off for our OT environment.

I advise others looking into using Nozomi Networks that it is scalable and provides excellent support and services, so I recommend configuring Nozomi Networks in your environment, whether for large-scale or small-scale industries.

On-premises

My main use case for Nozomi Networks is that I have experience with implementation, designing, and configuration.

The best feature of Nozomi Networks is that it has built OT-oriented protocols such as OPC UA, DNP3, Modbus, and Siemens S7. For these protocols, Nozomi Networks identifies them very perfectly. They have designed this specifically for OT-based protocols.

The second valuable feature is network visualization. It provides you a complete graph of all assets connected across the system, showing which nodes are connected, which systems are connected, how many nodes each system has, and how many network elements exist.

Nozomi Networks allows you to customize IDS and IPS. Additionally, there is a tool called YARA, which is used for threat detection over the file system. Asset inventory in Nozomi Networks is useful for OT compliance processes.

With the Asset Intelligence license, the system will start polling each asset and collect complete information about it, including software version, firmware, hardware, and model details. It also has an AI model built in.

The potential area of improvement I see for Nozomi Networks is that there are many unknown malwares that cannot be identified because they are not updated in the National Vulnerability Database. Those malwares can infiltrate your system, which Nozomi Networks cannot identify.

My suggestion is that Nozomi Networks' operating system should be inbuilt with AI and machine learning. Even though many malwares exist, modern malware can bypass endpoint detection and all security elements. Those malwares should be identified with advanced AI and machine learning. I believe Nozomi Networks needs to work on this continuously.

Regarding the functionality of Nozomi Networks, the query syntax is very complicated. The syntax of the queries is very complex, so sometimes you will not get what you want. The command line functionality is not as good as it could be.

I have been working with Nozomi Networks SCADA Guardian for three to four years.

I would rate the stability of Nozomi Networks as eight out of ten.

I would rate the scalability of Nozomi Networks as good because whatever hardware you use, it would be Nozomi Networks-based and scale accordingly.

I would rate Nozomi Networks' technical support as ten out of ten.

I would describe the initial setup of Nozomi Networks as very simple. Within three to four hours, you can complete the setup.

It is easy to integrate Nozomi Networks with third-party systems. It supports Cisco, Fortinet, Palo Alto, and Juniper, and it can be integrated with CrowdStrike, SIEM solutions, and Microsoft Sentinel. One feature I found valuable in Nozomi Networks is that there is a built-in vulnerability assessment feature, whereas in IT we typically use Nessus or Qualys for vulnerability assessment.

People use Nozomi Networks for OT cybersecurity. There is a subscription called Vintage that, if purchased, will provide you AIML-based threat detection and threat identification. Different subscriptions and licenses are available.

The pricing of Nozomi Networks is good. I would rate it as nine. Compared to Dragos, Nozomi Networks offers good value.

I am working with Nozomi Networks in both deployment models: hybrid and fully cloud-based.

In OT environments, the barriers that exist for using a cloud-based model with Nozomi Networks are regulatory restrictions. We cannot go directly to the cloud because of these regulations and cannot access the cloud in certain contexts.

I am not aware of how to integrate Nozomi Networks with AWS and Azure. Since Azure and AWS deal with IT components, when it comes to OT components, you need to create a barrier between IT and OT. You need to create DMZs and some kind of filtering.

My overall review rating for Nozomi Networks is nine out of ten.

Hybrid Cloud

Other

My main use case for Nozomi Networks is visibility into the OT network.

For visibility into my OT network, I usually find that if the OT network is not built on a Purdue model or layered approach as segmentation or conduits, whatever you want to use with it, IEC 62443 says conduits, then you don't know which traffic is talking to what, and the security model for OT is not well established. I put in a Nozomi Networks device, start building, and gather the asset inventory. It has special pages that show the communication between cross-layers and all that, and I start segmentation. It helps me with segmentation, shows me what is happening in my network, which device is communicating what, and then I can use that to do threat hunting in the OT network.

Nozomi Networks has positively impacted our organization by giving us more visibility into our OT network. Now we know what is happening in our OT network, and we can find things which were never there before and which we did not know before. Even at times, the variable monitoring in the OT by Nozomi Networks has helped us to know if there's something wrong with any of the field devices.

Regarding a specific example or a measurable outcome, I can say that SCADA is already there, and the teams are monitoring what is happening in OT. However, the way Nozomi Networks generates alerts is really helpful. For example, we give them a range of a variable, for example the temperature should not go below a certain degree. In a SCADA network, you always have those alarms, the lights, they pop up, but the alerts that Nozomi Networks gives me are much more valuable than those which I see in there.

Nozomi Networks offers a lot more depth knowledge about the industrial OT protocols compared to any other, and the best thing I appreciate about Nozomi Networks is that it's straightforward. It does not go into irregular steps to perform the things required, so it's straightforward, plain passive integration. I just need a network port, and then it starts doing its analysis, baselining, and then I start adding logic to it, then alerts and all that. Nozomi Networks hardware and software have a very good training program, which enables me to start working on things and really go into the depth knowledge if I want to pass it.

The depth knowledge Nozomi Networks has of the OT protocols is the feature I find most valuable day-to-day because it enables it to do the man-in-the-middle attack, or maybe if some device is not responding as it should be, it helps me in all that. This is what I use mostly in OT every day.

I cannot comment on how Nozomi Networks can be improved because I'm not an implementer or a researcher. However, I think that the more AI-enabled enabling happens in OT, that might help things.

I have been using Nozomi Networks since December 2021.

My advice for others looking into using Nozomi Networks is that they should do a deep dive into their own network and what they want to achieve. Then they should decide whether Nozomi Networks is the best solution for them or Clarity. If they look into what they want to do with it, then they will be able to make a better decision based on that. I would rate this product an 8 out of 10.

Private Cloud

Amazon Web Services (AWS)

In Zambia, I provide Nozomi Networks primarily to the mining sector, as it is very popular with the mines due to the geographical nature of the country being a mining community. I have worked with three to four flagship mines, and I have also had business discoveries with oil and gas companies as well, but the main focus has been on the mining industry.

One specific example of how Nozomi Networks is used at one of these mining companies is that, given that mines are extensive with a lot of technologies integrated into them, the major challenge is having clear visibility on all their OT networks. Nozomi Networks provides that clear visibility, managing numerous assets in the large environment, making it the best in the industry for this purpose.

Regarding the use of Nozomi Networks, my clients really appreciate the network visibility and the threat detection it provides, especially for asset discoveries of devices that have gone rogue. Nozomi Networks excels in vulnerability management, which is crucial since most OT technology relies on older systems that some products may overlook. Its capabilities are also helpful for risk assessment, allowing mines to check their risk against ISO standards if they want certification, as well as for incident response.

The best features that Nozomi Networks offers, in my opinion, include asset discovery, asset inventory, network visibility, threat detection, vulnerability management, risk assessment, and incident response. Asset discovery is particularly crucial considering the size of mines and the multitude of devices within them, and those features are vital for efficient cybersecurity management.

Out of all the features, asset discovery stands out as the most valuable for my clients in the mining sector because understanding what devices you have is fundamental to defending against threats. Additionally, vulnerability management, particularly for devices on older operating systems, is significant. Clients often feel overworked due to the sheer number of devices, so once I install the sensors, their eyes light up with appreciation for the solution that provides that visibility.

Nozomi Networks has positively impacted my organization, particularly as I began to pitch it to clients in Zambia's mining industry. The appreciation for Nozomi Networks' capabilities, such as asset discovery and vulnerability management, stands out given that older OT technologies create cumbersome challenges for IT teams. One specific outcome I have seen is the emphasis on asset discovery, which, as I often point out, is underrated. Monitoring network environment and traffic increases visibility, making IT personnel more effective.

Since implementing Nozomi Networks, I have noticed improvements in risk posture, as visibility reduces the likelihood of oversight that can lead to costly mistakes in the high-risk OT environment. Time saved in troubleshooting is substantial, as the dashboard allows me to pinpoint issues quickly. While I cannot put a specific number on assets discovered, Nozomi Networks effectively identifies all IoT assets in the environment, integrating well with existing infrastructure such as SOCs and SIEMs.

In terms of improvements for Nozomi Networks, I believe clients have mentioned experiencing alert fatigue due to the high volume of notifications once they install the system in a previously unmonitored OT environment. Some also report that asset identification can be somewhat slow, particularly with legacy equipment, and there is feedback for a more automated response system within Nozomi Networks itself.

Clients have suggested enhanced visualizations in the user interface, reflecting a collective desire for improvements in how information is presented. Those enhancements would likely contribute to a better user experience.

I have been using Nozomi Networks since 2023.

Nozomi Networks has been stable during my experience without issues related to downtime or reliability, although I do acknowledge areas for improvement, especially regarding automation.

Nozomi Networks is scalable and designed to handle larger environments and sudden growth, especially in sectors such as mining, oil, gas, and healthcare, where the technology addresses extensive requirements effectively.

Customer support for Nozomi Networks has been favorable; clients usually reach out to me first, as I serve as a safety blanket while interacting with Nozomi Networks team to resolve any issues. The client experience during projects has been positive, with Nozomi Networks providing guidance throughout the deployment process.

Most companies I have worked with have never used another OT solution prior to Nozomi Networks. I have encountered Cisco's upcoming OT technology at an expo, but I believe Nozomi Networks is currently ahead in the market.

One thing that surprised our clients about Nozomi Networks is the ease of deployment. Clients often worry about the complexity of installing technology in their vast environments, but Nozomi Networks has a very good deployment process. Clients appreciate how quickly I can integrate the sensors into their systems, making it easier and more efficient compared to other technologies.

The deployment experience has been positive overall, as I recently deployed Nozomi Networks in a large organization in Zambia, and the service from Nozomi Networks team has been very helpful. They guide me through how to deploy and monitor the network traffic while setting rules, holding my hand to ensure proper understanding of the technology, and they invest in training their partners, leading to multiple engineers in my team obtaining Nozomi Networks certifications.

The return on investment from Nozomi Networks is substantial, particularly concerning time saved. I would estimate a return on investment in the range of forty-five percent or higher, particularly because implementing an IoT solution such as Nozomi Networks reduces the need for multiple additional solutions, saving money and time in the long run.

My experience with Nozomi Networks' pricing is that it can be on the high side, as OT technology is relatively new in our region. However, considering the robust features it offers, the pricing is fair, particularly for larger clients in sectors such as mining and oil, where return on investment is evident.

Before adopting Nozomi Networks, I did consider other options such as Splunk and IBM's QRadar, but after experiencing Nozomi Networks firsthand, it clearly took the top position with its technology and training.

For anyone considering Nozomi Networks, it is crucial to look for an operational technology solution that is efficient and capable of delivering return on investment. I recommend checking reviews and testimonies, as many industries have found value in adopting Nozomi Networks, and ongoing evaluations continue to showcase its effectiveness. I would rate this review a seven out of ten.

On-premises

Microsoft Azure

My main use case for Nozomi Networks involves asset discovery and vulnerability management in OT environments.

For asset discovery and vulnerability management in my OT environments, I started using the passive mode and configured a SPAN port on a switch in the particular VLANs that I wanted to see. Then I collected that data, fed it to Nozomi Networks Guardian, and then figured out how to use active and Arc embedded to also see more assets in the field, including the Arc sensor.

In terms of my main use case and how I use Nozomi Networks day-to-day, I see many things that I do not expect. What is very handy within Nozomi Networks is that I can see the communication between the assets, clearly identifying what ports they are communicating on and what protocols they are using. It is really very insightful.

The best features Nozomi Networks offers, in my experience, are how quick it is to set up and how fast it can discover assets in the network.

The quick setup and fast asset discovery help me in my work by allowing me to see how OT assets are communicating, what versions I have on certain assets, and what vulnerabilities are present. With this information, I can figure out how to segment the network, enforcing firewalls between the VLANs based on the communication patterns I have identified.

Nozomi Networks has positively impacted my organization by allowing me to build a roadmap based on what I see, ultimately leading to a better security posture, which includes knowing what is inside the network and what vulnerabilities exist. Additionally, by making use of Vantage, I can query my asset database, which is very handy to discover what I should address first and how I can speed up the security posture of my OT networks.

To improve Nozomi Networks, I believe that it is less useful without Vantage if I have a multi-site setup. I really need Nozomi Networks Vantage and Vantage IQ to make the most of it. Additionally, the Arc sensor as well as the active polling features are subscription-based, whereas competitors often offer a one-size-fits-all subscription allowing immediate access to all features. With Nozomi Networks, it is often an add-on, which is sometimes a disadvantage when competing.

Regarding needed improvements, particularly around licensing and pricing, the add-on nature of the licensing could be improved. Vantage is rather expensive in comparison to the competition, and while the features are great, the licensing structure could be enhanced.

Concerning Nozomi Networks' AI capabilities, I think its governance and security are good, but it also requires a paying add-on, so while it looks great based on my experience, the need for payment is a disadvantage.

There's also room for improving on # of integrations. 

I have been using Nozomi Networks for about two years.

In my experience, Nozomi Networks is stable.

Nozomi Networks is scalable if I purchase the Vantage part.

The customer support for Nozomi Networks is great, demonstrating good response times and providing the right solutions. It is easy to work together with them.

Previously, I used Claroty but switched to Nozomi Networks because I could perform asset inventory and vulnerability scanning in my setup.

My experience with pricing, setup cost, and licensing is overall positive; it is a really straightforward process, not too difficult to set up, with great training material provided. The downside is that I also need to pay for some features, but overall, NNCE is a great course.

In terms of specific outcomes or metrics showing how Nozomi Networks improved my security posture and sped up my processes, I have saved time, and I have also gotten compliance reports regarding compliance with IEC 62443, which is very handy in terms of the assets I see.

Since I started seeing what is inside the network, I transitioned from just guessing what was there to having a clear view. This clarity makes me better prepared for setting up and segmenting the environment as well as managing how communication flows to keep things up and running.

Before choosing Nozomi Networks, I evaluated options including Claroty, Nozomi Networks, and Armis.

I would rate the customer support an eight on a scale of one to ten.

My advice for others looking into using Nozomi Networks is to start with a small setup and then expand. You can trust that the active polling operates effectively.

I would rate Nozomi Networks an eight out of ten because it is a great product, but it is missing some features, such as secure remote access, so that is why I cannot give a maximum score.

Regarding Nozomi Networks' AI capabilities, I find its accuracy and reliability of output to be rather reliable; I have not discovered big inaccuracies or issues, so that is acceptable.

My overall review rating for Nozomi Networks is eight out of ten.

On-premises

We use Nozomi Networks as an intrusion detection system for OT deployments, automation systems, and IoT systems such as medical equipment to protect medical systems and smart meters. We detect any anomalies in the network, whether in operation networks, IoT networks, or IT networks, and it is the best intrusion detection solution with its intelligence.

We work with Nozomi Networks real-time visibility feature and deploy the solution for our customers.

The real-time visibility from Nozomi Networks helps with threat detection for our customers because almost all customers have integrated this IDS into their SOC, so they are getting full visibility on any anomalies in the network and immediate intelligence on that.

Integrating Nozomi Networks with third-party systems gives visibility in the network. We connect this with a SOC and SIEM solutions, and they have better visibility on the entire network.

Nozomi Networks brings the main benefits of visibility and control, asset tracking with full visibility of the assets in the network, and threat intelligence with anomaly detection, so they have peace of mind and the system is always on watch.

We are utilizing the machine learning in Nozomi Networks, which is part of the Nozomi Networks package. We are deploying it for the customers and they take care of the operation side. We do the implementation only.

Nozomi Networks has the best AI-based detection and intrusion detection solution. It is very robust, easy to deploy, and easy to use with a very user-friendly GUI and good support in terms of product and after-sales support. They have vendor support in our region, and they are the best when it comes to IDS solutions.

I would like to see improvements in Nozomi Networks, probably more AI-based integration and better native integration with SOC and SOAR platforms.

I would like to see specific features included in the next releases of Nozomi Networks, such as improvements in threat intelligence. They have competition from Dragos, which I believe is better in threat intelligence.

I do not have much of an answer about the key differences of Nozomi Networks in comparison to other cyber defense solutions because I only work with Nozomi Networks. However, I heard from the market that they might lack in threat intelligence compared to Dragos. Other than that, I see Nozomi Networks as the best platform for customers, easy to manage, deploy, and operate. The cons might be that they lack some threat intelligence features that Dragos offers.

We have been working with Nozomi Networks for four years.

We have faced downtimes, crashes, or performance issues with certain implementations. We had certain device card issues, but those were rectified immediately as an RMA was issued and addressed promptly. It is not that there are no issues at all, but they have been addressed, and that matters most.

Nozomi Networks is scalable. You can add more locations with more devices and integrate with the CMC, and that is not a problem at all. You can also have high availability if you want.

My experience with the technical support and customer service teams of Nozomi Networks is very good. That is one good part of Nozomi Networks.

Positive

We did not face many issues during the deployment process with Nozomi Networks. We did multiple implementations and it was all smooth.

For threat detection, we have an IPS solution for intrusion prevention. Nozomi Networks works as an intrusion detection system, and we have a prevention system with TXOne that can do virtual locking, along with many features. This is part of Trend Micro, so we sell it as an IPS and as a firewall with different technologies, including portable inspectors and their own threat intelligence platform.

I assess the impact of potential threats detected by Nozomi Networks as high because it is mostly deployed in critical infrastructure. It is a very critical technology that customers are using to be safe, ensuring business continuity, and that matters most for the industry.

Given my very rich experience with Nozomi Networks technologies, I would advise organizations considering it to look primarily into ICS system cybersecurity and IoT. They can also enhance their focus on enterprise IT security. I rate this product an eight out of ten.

On-premises

My main use case for Nozomi Networks is asset tracking. I use Nozomi Networks day-to-day primarily for threat detection.

For threat detection in my work, I track vulnerability based on CVE codes and easily manage the status of the required patch.

The best features Nozomi Networks offers include its querying capabilities.

The querying and searching capabilities are most valuable to me, which makes my job easier when monitoring network traffic.

Nozomi Networks has positively impacted my organization by ensuring my assets remain secure.

Since using Nozomi Networks, it immediately identifies application patches and CVE codes, leading to fewer incidents and improved response times.

I do not have any suggestions for how Nozomi Networks can be improved.

I have been using Nozomi Networks for two years.

In my experience, Nozomi Networks is stable.

I believe Nozomi Networks' scalability may be a concern.

The customer support is good.

I would rate the customer support a 10 on a scale of 1 to 10.

I have not used a different solution before Nozomi Networks; I have only used Nozomi Networks.

I mention fewer employees needed when discussing the return on investment.

My experience with pricing, setup cost, and licensing for Nozomi Networks is that I think it is a bit expensive, but it is reliable.

Before choosing Nozomi Networks, I did not evaluate other options.

I would definitely recommend Nozomi Networks for security to others looking into using it.

I would rate this product a 10 on a scale of 1 to 10.

Private Cloud

Other

We have created many use cases dedicated to OT when using Nozomi Networks. It might expand from IT to OT, specifically looking at assets and alarms, and critical OT assets that require the highest attention. There are a number of use cases that we have created with Nozomi Networks that are working very well. Sometimes it requires tuning, but beyond that, it is very effective.

Specifically, when discussing a particular example of a use case with Nozomi Networks, it involves addressing the false positives that we receive from many assets. We have created a baseline in Emirates Electricity and Water division. Nozomi Networks helped us create and provide better visibility. There are use cases regarding credentials and where we log into particular accounts, and specifically with USB blocking. Those are some OT-specific use cases that we created, tested, and checked across various sources such as logging into the system, enabling access from other systems, mapping it, or attempting to spoof it. Nozomi Networks easily identifies these threats and provides very good results.

Nozomi Networks' best features include asset management as the top offering. It provides a wide range of capabilities. We also have vulnerability management with a very large and regularly updated PV data bank that provides the right direction with tested patches. Beyond that, it provides financial calculations and reports that you can create based on NIST and other frameworks, which helps you easily generate results. The dashboard provides better visibility. These are features that set Nozomi Networks apart from others.

When discussing the asset management feature in Nozomi Networks, it provides better alignment with the Purdue Model and offers better direction regarding which IP has been communicating, which IP has lost its feature, which IP is pinging, and which IP is in ghost mode. Features such as these provide better visibility and updated asset management. If an asset is reaching its end of life date, it gives you an alarm one month before to notify you that the asset is about to reach EOL. These features provide better visibility of how your assets are behaving.

Nozomi Networks provides a good dashboard that helps us create visibility. It generates summarized reports, daily reports, and monthly reports according to our requirements. This makes operations easier.

It provides faster compliance because it delivers a very clear image and picture. If there is a change in the baseline, it provides before and after snapshots. Compliance-wise, if there is any change, it triggers the right alert point so you know that something has occurred. Compliance is very good because it has been accepted across the globe. The time saving is significant because the dashboard and image that Nozomi Networks creates provide the best direction and optimal outcomes to resolve issues, whether through quick wins or larger wins.

Currently, I do not see any improvements needed in Nozomi Networks because I have been working with Microsoft Defender for IoT and Claroty. I think they are mostly on a similar large scale, but Claroty has an X-Dome feature that helps provide remote secure access, which is one thing. Beyond that, I think everything falls under the same umbrella.

Nozomi Networks should work on a specific feature for USB blocking, because currently we are doing this from the boot level and USB is something that customers really want to have blocked before it is plugged in. It should not be scanned; it should be directly blocked.

I have been using Nozomi Networks for the last five years.

I chose eight out of ten because their customer services are something lacking. That is why I feel eight out of ten.

This interview is good. You ask very good questions that address the technical aspects as well as the features that Nozomi Networks carries. My overall review rating for this product is eight out of ten.

On-premises