Overview

Introducing Guardian

Guardian offers leading capabilities that have been proven to help power generators improve reliability, safety, cyber security, and operational efficiency in industrial control system (ICS) environments. Once deployed, Guardian automatically discovers OT network topologies and connected devices. The solution develops security and process profiles and monitors systems in real time to detect anomalies and unexpected changes.

Guardian offers a comprehensive blend of features:

  • Multi-faceted capabilities for detecting ICS threats, employing behavioral analysis and artificial intelligence-powered risk assessment
  • Automatic discovery of industrial assets and visibility into their vulnerabilities and cyber security risks
  • Continual monitoring of ICS networks and processes with real-time insights
  • Rapid, automated detection of cyber threats and process anomalies
  • Superior incident capture and tools that streamline troubleshooting and forensic efforts
  • Easy integration with existing IT and OT infrastructure
  • Enterprise-class scalability when deployed with the complementary Central Management Console

Asset inventory and network visualization

With Guardian, you can improve system and process awareness with a visualization interface that shows all assets and links. Guardian offers automated discovery of network assets, helping staff save time and gain up-to-date visibility. Using passive, non-intrusive deployment, Guardian connects to network devices via SPAN or mirror ports. In addition, the solution triggers automated alerts when it detects anomalies and changes and offers views that make it easy to drill down on asset information.

Featuring built-in and customizable dashboards, detailed reports, and ad-hoc querying capabilities, Guardian provides intuitive, real-time visibility that improves both cyber security and operational efficiency.

Anomaly and threat detection

Guardian provides the advanced features that enable your team to rapidly detect cyber security threats, risks, and process anomalies, and switches from learning to protection mode automatically, helping speed anomaly detection. Once in protection mode, you’ll be alerted to any changes in your environment.

The solution employs multi-faceted capabilities to identify threats through built-in behavior-based anomaly detection and contextual threat information from the OT ThreatFeed service. OT ThreatFeed is an additional subscription service that includes rules, signatures, and other indicators to help you detect new and emerging threats. With this ICS security solution, your team can detect:

  • Malware, ransomware, and other malicious software
  • Zero-day attacks
  • Complex threats and attacks
  • Man-in-the-middle attacks
  • Brute-force and DDoS attacks
  • Unauthorized behavior

Easy integration with IT and OT environments

Guardian offers built-in integration with:

  • SIEMs, including Baseline Security Center, HPE ArcSight, IBM QRadar, LogRhythm, and Splunk.
  • Firewalls from such vendors as Cisco, Check Point, Fortinet, Palo Alto Networks, and more.
  • User authentication directories, including Active Directory and LDAP.
  • Ticketing systems, including ServiceNow for case management.
  • Endpoint security tools, including antivirus and host intrusion detection systems.

Guardian is a registered trademark of Nozomi Networks