Latest news with #AntonShipulin
Tahawul Tech
15-05-2025
- Business
- Tahawul Tech
Nozomi Networks enhances critical infrastructure security amid evolving cyber threats
The cybersecurity landscape is rapidly changing, with digital technologies increasingly integrated into industrial control systems. This digital transformation has introduced new risks, especially with the rise of AI-driven cyber threats. Nozomi Networks is leading the way in securing critical infrastructure, offering solutions that ensure comprehensive protection across OT, IoT, IT, and wireless assets. In this interview, Anton Shipulin, Industrial Cybersecurity Evangelist at Nozomi Networks, discusses how the company addresses these evolving threats and helps organisations comply with stringent regulatory requirements while safeguarding critical and renewable infrastructure. How does Nozomi secure critical infrastructure in the region amid evolving cybersecurity threats, and how does it contribute to improving operational efficiency? Critical infrastructure is vital for a nation's cybersecurity and the functioning of the country. Essential services such as water, electricity, and oil and gas energy rely heavily on these systems, and it is crucial to ensure their continuous, uninterrupted operation. With the rapid digital transformation and the integration of advanced technologies into control systems managing critical infrastructure, these systems are increasingly dependent on digital components. However, this dependence introduces new risks. Unauthorised access and potential cyberattacks pose significant threats to these systems, as malicious actors can exploit vulnerabilities to gain control. It is crucial to monitor these systems closely and identify any deviations from normal operations. Detecting cyberattacks, process anomalies, or other irregular behaviours at an early stage is essential for maintaining security and ensuring the longevity of these facilities. Nozomi Networks addresses these challenges by providing real-time monitoring of network traffic, process telemetry, vulnerabilities, and asset changes within industrial control systems. This approach allows for the timely detection of anomalies and attacks, enabling prompt responses to safeguard critical infrastructure and ensure its resilience. How can organisations achieve full-spectrum protection across OT, IoT, IT, and wireless assets, and what solutions does Nozomi offer to address these complex security challenges? Our primary focus is on securing industrial control systems and cyber-physical systems, including the Internet of Things (IoT). When it comes to industrial control systems, they often comprise a variety of components, including pure OT elements like controllers and PLCs, as well as IT components such as network devices, routers, switches, PCs, laptops, and servers running traditional operating systems like Windows. It is critical not to focus solely on protecting OT systems. Rather, organisations must ensure protection across all components surrounding these critical systems. To address this, our solution expands beyond just supporting OT protocols. While we excel in supporting OT protocols with deep packet inspection for anomaly detection and attack identification, we also support IT systems and the most common IT protocols like DNS, SNMP, and others. This is achieved through passive network monitoring, which ensures visibility across both OT and IT environments. For enhanced asset visibility and discovery, we've added active discovery components, including smart polling, which queries devices for details. Additionally, we've expanded our solutions to incorporate various types of sensors, including network sensors and recently, endpoint sensors. These endpoint sensors can be deployed on systems such as Windows, Linux, and MacOS, especially in areas where network sensors cannot be installed. Furthermore, with the increasing adoption of wireless networks in industrial environments, it is essential to monitor and protect these networks to prevent unauthorised access. In some cases, clients may prohibit wireless networks entirely. However, even in such scenarios, monitoring wireless communications remains vital to detect unauthorised devices, such as rogue wireless access points or USB dongles, that could pose a security risk. Overall, Nozomi offers a comprehensive solution that ensures protection across wireless networks, wired networks, and endpoints, providing organisations with full-spectrum security across their OT, IoT, IT, and wireless assets. With the rise of AI-driven cyber threats, how do you see the threat landscape evolving, and what steps is Nozomi taking to stay ahead of these emerging risks? The rise of AI technologies is both a beneficial and accelerating force for cybersecurity, but unfortunately, it is also being exploited by cybercriminals to enhance their attacks. Attackers leverage AI for tasks such as vulnerability scanning, spam generation, and even coding attacks. This makes it easier for them to create new and more sophisticated attacks, accelerating the pace of the threat landscape. For organisations, this presents a significant challenge, as AI-driven threats allow attackers to quickly evolve their methods, making it critical for asset owners to detect these attacks in a timely and precise manner. This is where Nozomi Networks focuses its efforts. Our solution is not only designed for network detection but also for understanding industrial and IoT protocols, which is crucial in accurately identifying attacks. As the frequency and complexity of attacks grow, the amount of data that needs to be processed increases exponentially, making it harder to correlate and analyse all the relevant information. To address this challenge, we integrate AI and machine learning into our platform for alert correlation and generating insights. These technologies help us manage and analyse vast amounts of data, allowing us to detect threats more effectively. Moreover, as more industrial automation vendors and cloud providers implement AI-based systems, it is essential to protect these components from potential threats. AI-based systems themselves are now vulnerable, and our focus includes monitoring attempts to attack these systems, ensuring that they are adequately safeguarded. Nozomi is adapting to the evolving threat landscape by incorporating AI and machine learning for better threat detection and data processing, while also expanding our focus to protect AI-based systems in industrial automation and cloud environments. Could you share insights into Nozomi's complete cyber-physical protection offerings, particularly in securing critical and renewable infrastructure? How do your solutions enable compliance in highly regulated sectors? Nozomi's solution focuses on comprehensive monitoring across a wide range of environments, including wireless networks, endpoint activities, and IoT systems. Our offerings include a diverse set of sensors for network, wireless, and endpoint monitoring, alongside management components for on-premises environments and cloud-based components for information collection and analysis. By providing real-time visibility and continuous monitoring, our solutions ensure that critical infrastructure, including renewable energy systems, is secured against potential cyber threats. Furthermore, our solutions help organisations meet the compliance requirements of highly regulated sectors by ensuring that all systems are continuously monitored, vulnerabilities are detected early, and appropriate actions are taken to mitigate risks in real time. How does Nozomi ensure compliance with highly regulated sectors, especially considering the growing number of cybersecurity frameworks and regulations globally? Compliance with cybersecurity regulations is increasingly important, with various frameworks emerging across the globe, such as those in Europe, the United States (e.g., New York City's cybersecurity regulations), and other regions. One of the key elements of compliance is ensuring proper asset discovery, asset management, threat detection, and vulnerability management. To help organisations meet these regulatory requirements, Nozomi offers comprehensive solutions that focus on asset discovery, threat detection, and vulnerability identification. By addressing these key components, our solutions ensure the security of critical networks and data, enabling organisations to comply with regulations while also enhancing their overall cybersecurity posture. Image Credit: Nozomi Networks
TECHx
10-05-2025
- Business
- TECHx
Think Your OT Is Safe? Nozomi Networks Says It's Not
Home » GISEC » GISEC 2025 » Think Your OT Is Safe? Nozomi Networks Says It's Not We spoke with Anton Shipulin, Industrial Cybersecurity Evangelist at Nozomi Networks , to explore what sets their presence apart this year, how AI is reshaping industrial cybersecurity, and why strategic partnerships and events like GISEC remain essential. TECHx: What makes your presence at GISEC unique compared to other trade shows you've attended? GISEC occupies a special place on our calendar because it's not only one of the largest cybersecurity events in the region, but it's also deeply focused on the unique challenges of the Gulf, Middle East, and Africa markets. Unlike more generalized trade shows, GISEC brings together regulators, critical-infrastructure operators, and regional integrators under one roof. Every year, we see a high concentration of organizations managing oil & gas, utilities, transportation, and manufacturing sectors where operational technology (OT) security is mission-critical. This year, we've made a concerted effort to bring almost our entire Middle East team not just sales and marketing, but also professional services, pre-sales engineers, and local R&D specialists. That means every visitor to our booth can have a deep, technical discussion in Arabic or English, schedule on-the-spot proof of value sessions, and even see live demonstrations in a sandbox environment. We believe that level of local expertise, combined with a global product roadmap, distinguishes Nozomi at GISEC. TECHx: What new solutions and innovations are you showcasing on your booth this year? We've expanded our platform in two key dimensions: Industrial W ireless & Point Sensors: Traditionally, OT threat detection required tapping into wired network segments. Now, with the rise of 802.11ax in industrial environments, we've developed lightweight wireless optimized agents and purpose-built point sensors that can be deployed on conveyors, robotic arms, and remote RTUs without long cabling runs. These devices deliver packet-level visibility and metadata directly into our analytics engine, enabling full asset inventory, vulnerability scanning, and anomaly detection even in hard-to-reach field sites. AI-Driven Correlation & Insights: Our R&D team has integrated new machine-learning models that correlate network threat events with process-level telemetry. For example, if a PLC receives a malformed Modbus payload and downstream temperature sensors show anomalous behavior, our AI will surface that correlation in real time, prioritizing it as a high-risk incident. We're also rolling out a 'What-If' sandbox within our portal customers can simulate new rules or network changes against historical data to see how our AI would have responded. This predictive capability helps operations teams validate controls before they push changes live. Between these two areas flexible deployment at the edge and contextual, AI-powered analytics we're giving industrial organizations the tools to scale security monitoring across increasingly complex environments. TECHx: You spoke about AI. How is AI revolutionizing cybersecurity, and how are you applying it in your solutions? AI's role in cybersecurity can be unpacked into three overlapping domains: Weaponization by Threat Actors: Criminals and nation-state groups are using generative AI to accelerate reconnaissance, craft zero-day exploits, and even personalize spear-phishing campaigns at scale. During the MITRE Engenuity ATT&CK Evaluations, we witnessed AI-generated payloads that mutated faster than signature databases could keep up. Recognizing that threat actors will continue to leverage these tools, we've embedded proactive AI threat-hunting models that continually train on live traffic, looking for novel patterns rather than waiting for known indicators. Attack Surface of AI Systems Themselves: As organizations deploy AI for automation, those systems become high-value targets. We've invested in 'AI Security Assurance'a set of pre-built modules to detect model-poisoning attempts, adversarial-input attacks, and unauthorized model-drift in our own platform. This not only hardens our offering but provides best-practice templates customers can apply to protect their in-house AI pipelines. AI for Defense & Automation: On the defense side, our AI automatically triages thousands of OT events per minute, correlates them with IT-side alerts (e.g., SIEM or SOAR feeds), and surfaces the top 1% that truly require human intervention. We also use reinforcement learning to optimize firewall and NAC policies: our system can suggest micro-segmentation rules based on observed communication patterns, simulate their impact in a digital twin, and even push approved changes automatically. The result is a closed-loop architecture where AI not only detects but helps remediate and continuously improve the security posture. TECHx: How does Nozomi structure its partnership ecosystem, and why is a partner-first approach so important? We view partnerships as the lifeblood of our global reach, and we categorize them into: Service Partners: Certified system integrators and managed-security providers who deploy and operate our solutions on behalf of end customers. They undergo extensive training both in formal labs and in the field alongside our engineers to become OT-focused cybersecurity specialists. In regions like the UAE, Saudi Arabia, and South Africa, our service partners embed Nozomi as the heart of multi-vendor ICS-SOC operations. Certified system integrators and managed-security providers who deploy and operate our solutions on behalf of end customers. They undergo extensive training both in formal labs and in the field alongside our engineers to become OT-focused cybersecurity specialists. In regions like the UAE, Saudi Arabia, and South Africa, our service partners embed Nozomi as the heart of multi-vendor ICS-SOC operations. Technology Partners: Companies whose products and platforms we integrate with to form broader security ecosystems. This includes SIEM vendors (e.g., Splunk, QRadar), firewall and NAC providers (e.g., Palo Alto Networks, Cisco), and cloud-based orchestration tools. Through open APIs and pre-built connectors, we ensure our OT intelligence can enrich, and be enriched by, third-party data, enabling end-to-end automation. For instance, when our platform flags a critical vulnerability on a controller, we can automatically notify the ticketing system in ServiceNow and trigger a patch-testing workflow in HPE OneView. Because no single vendor can address every use case, our partner-first model ensures clients get a best-of-breed solution tailored to their existing investments and strategic roadmap. TECHx: Many vendors host their own exclusive events, why are broad industry conferences like GISEC still valuable? Vendor events are great for deep dives into a specific ecosystem, but industry conferences like GISEC offer three unique benefits: Cross-Pollination of Ideas: You're rubbing shoulders with CISOs from oil & gas, heads of threat intelligence from financial services, and policy-makers from the region's cybersecurity authorities. That diversity fuels innovation and helps uncover blind spots what works in one sector can often be adapted for another. Ecosystem Alignment: With so many moving parts in modern security architectures (cloud, edge, IoT/IIoT, 5G), no single event can cover all bases. GISEC's broad agenda from quantum-safe cryptography to the latest in drone security helps attendees map out how emerging technologies intersect, discover new standards, and align on best practices. Regulatory & Community Engagement: In the GCC region, governments and regulators play an outsized role in shaping cybersecurity requirements. GISEC brings those stakeholders to the same table as vendors and end customers. You get real-time updates on national strategies, compliance roadmaps (e.g., NESA in the UAE, NSA in Saudi), and can even participate in shaping them through working groups or speaking sessions. Despite advancements in technology, Nozomi Networks stresses that many OT systems remain vulnerable to cyberattacks. By leveraging cutting-edge AI and forming strategic partnerships, Nozomi Networks is working to bridge this gap, ensuring OT systems stay secure amid increasing threats.
