Nozomi Networks Extends its Threat Intelligence Service to Third-Party Security Platforms
June 2022 by Marc Jacob
Nozomi Networks, Inc. announced its Threat Intelligence is now available for use with third-party cybersecurity platforms. Previously only available for use with Nozomi Networks Guardian and Vantage products, now other cybersecurity platforms can leverage the same Nozomi Networks research and intelligence to improve defenses against recent and emerging OT, IoT, phishing and ransomware threats.
Nozomi Networks Threat Intelligence Feed includes up to date information on malicious IP addresses or URLs, new indicators of compromise (IOC) signatures, threat sources, malware hashes, and methods and tactics to gain system access, all of which can serve to accelerate incident response and enhance security operations. With a subscription to the feed, customers can leverage a single, unified feed of threat intelligence across other layers of their security stack including:
• Integrating the feed into their security operations center (SOC)
• Complementing their existing threat research with a deeper level of OT and IoT intelligence
• Enhancing Security Information and Event Management (SIEM) environments to identify new IOCS, and
• Improving Security Orchestration, Automation and Response (SOAR) and firewall rules
For example, a global manufacturer in the healthcare industry is feeding Nozomi Networks Open Threat Intelligence into their Azure Sentinel SIEM to identify new IOCs. Their SOAR platform is then able to update their Palo Alto Networks firewalls with new isolation rules based on the IOCs. Nozomi Networks Guardian platform further updates the SOAR platform with the most recent asset information on the potentially compromised system, its security posture and quarantine status.
The new Nozomi Threat Intelligence feed is compliant with a wide range of security platforms from SIEM tools to next-generation firewalls and endpoint detection and response systems.