Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Industrial Cybersecurity Firm Nozomi Launches Research Department

Industrial cybersecurity solutions provider Nozomi Networks on Tuesday announced the formal launch of the company’s research department, Nozomi Networks Labs.

Industrial cybersecurity solutions provider Nozomi Networks on Tuesday announced the formal launch of the company’s research department, Nozomi Networks Labs.

While this is the formal launch of its research department, Nozomi has already conducted detailed analysis of some major threats targeting industrial control systems (ICS), including the GreyEnergy and Triton/Trisis malware families. The company has also created and released some tools that may be useful to defenders.

In the past year, Nozomi says it has also identified and reported over a dozen vulnerabilities affecting ICS products, including flaws that can lead to safety incidents or disruptions to production.

With the official launch of Nozomi Networks Labs, the company plans on dedicating even more resources to research efforts and also draw on the expertise of the broader cybersecurity community, including staff working for its customers, ICS threat intelligence and data analytics partners, universities, and individual researchers who might be interested in collaborations.

“Research, community collaboration and giving back have always been part of Nozomi Networks’ DNA,” said Andrea Carcano, co-founder and chief product officer of Nozomi. “Nozomi Networks Labs will allow us to make an even greater contribution to the ICS cyber security community.”

Learn More About ICS Research at SecurityWeek’s 2019 ICS Cyber Security Conference

Nozomi also announced on Tuesday that it has made some contributions to the open source fuzzing tool Radamsa in an effort to make it easier and faster to discover vulnerabilities in PLCs, RTUs and other devices that communicate over industrial networks.

Radamsa, developed by Aki Helin of Finland’s University of Oulu, is a general-purpose fuzzing tool designed for uncovering security flaws without too much human input. Nozomi says it has been using the tool since the company was founded and it recently submitted some changes that make it more efficient for industrial systems.

“Our enhancement tests the robustness of protocol stacks,” explained Moreno Carullo, co-founder and CTO of Nozomi. “This is an area where PLC, RTU and, in general, OT-device software, needs more focus. Higher quality is required to help prevent zero-day vulnerabilities and other security issues.”

Related: Schneider Electric Teams With Nozomi on Critical Infrastructure Security

Related: Fuzzing Tests Show ICS Protocols Least Mature

Related: Many Vulnerabilities Found in OPC UA Industrial Protocol

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.