Nozomi Networks Reviews

I am a service provider handling the portal for Nozomi Networks across 35 different sites. I use the dashboard, Vantage, Guardian, and CMC. I have configured everything and use the system as both a provider and a user because I need to share all alerts and notifications with my clients. I share asset inventory and vulnerability management details. We collaborate on what the architecture will be and what alerts or incidents are being reported, as well as how we resolve them. When it comes to vulnerabilities and patching, we mitigate all those risks from both a management and technical perspective.

The most valuable features are asset inventory management and vulnerability management.

I appreciate the level of detail provided when all the ingested traffic and asset details are displayed, including vendor information, firmware details, name, IP address, MAC address, and protocol type. There are maps showing what kind of communication is happening between devices. I get all the details about the overall traffic being received.

There is a live option where I can click and see real-time data. There are numerous dashboards that provide traffic analysis, vulnerability management, and asset details. Nozomi Networks also has an AI version with IQ where I can ask for all the details I need. There are query sections where I can query things and export all the required data. The vulnerability dashboards give me an overview of what assets have exploitable critical CVEs, open CVEs, high scores, likelihood, different scopes, how many sites have them, and graphs based on criticality and exploitability. I like the threat intelligence of Vantage that Nozomi Networks has. They also have site-wide distribution showing all the CVEs and their risk scores. Every section has details about sensors, alerts, and assets. This kind of detailed analysis is very comfortable for me with Nozomi Networks. I believe it is the best. I can recommend Nozomi Networks and Claroty to my clients. This is great.

On the negative side, I believe their AI, which is IQ, could be more improved. For example, when I export any data, there are only 50 columns available. What if there were more columns? Nozomi Networks does not provide that data, so I have to go to the query section. The AI is currently useful for writing queries in English that are converted into their coding language for queries. Sometimes it provides the correct data, and sometimes it does not understand the request. From my attempts, I would say 50 percent of the time it has given me the proper data, and 50 percent of the time it might need improvement. Every day or week, new threat intelligence and AI upgrades are being released for Vantage, and all those upgrades are being implemented. Things are getting better, but I believe there are areas of improvement.

I have been using Nozomi Networks for one to one and a half years.

Nozomi Networks is stable, but sometimes disruptions occur at sites. Sensors can be down, so I cannot see what is happening in the network. Network connectivity is always a critical consideration. In an OT environment, there are changes and maintenance windows. Sometimes the network is not stable, the firewall or DMZ is down, so the device is also down. I understand this is expected. Network connectivity is important, and Nozomi Networks should be placed where it is monitored. Nobody should be able to remove it. Sometimes vendors need to connect to the OT network, and if they know it is being monitored, they might remove the sensor to avoid detection of their activities. Nozomi Networks should be placed in a central location where it is monitored, and nobody should be allowed to access it without proper authorization.

Nozomi Networks depends on different sizing models. It depends on the assets, the facility size, how many assets there are, and how much traffic is ingested. The model varies depending on the assets and the sizing of the site. It is scalable. If there are more assets, I can purchase a bigger configuration of Nozomi Networks hardware. This is properly aligned. Nozomi Networks has different pricing models, so I can choose accordingly.

Nozomi Networks does provide help. When I am stuck somewhere, I raise tickets and they are resolved. However, it does take some time. Customer service could be more efficient. Sometimes they hesitate to come on a call. They have knowledge transfer documents and process documents. However, sometimes I have to explain what issues I am facing on chat, which can be difficult. Coming on a call and those kinds of interactions may take a little more time. This is something I felt could be resolved more quickly.

I have switched my company and I am not currently using Claroty. I am in the same domain, but I am using Armis in my current role and Nozomi Networks for my customers.

I have been using Armis for two years. I switched from Armis because of some demerits and moved to Nozomi Networks.

A year ago, I had been using Armis for one year, and because there were some demerits with Armis, I switched my customers to Nozomi Networks.

The setup depends on site to site. I have deployed it remotely, but I had people at each site who would deploy it. The configuration is medium difficulty, not very easy but not very tough. I should have some experience or an understanding of how the system works, how networks work, all the connections, what the architecture is about, and how to connect with the switch. I am now a Nozomi Networks certified engineer, so I know things accordingly. I am also certified with Claroty and Armis. If someone is new to Nozomi Networks, they might need guidance to install it. It is somewhat technical but not that difficult to learn.

I did use AWS cloud for remote management. I deployed Nozomi Networks on AWS cloud and also used it for CMC. I have used AWS as an integration of cloud to host the server of Nozomi Networks for both. It does require some integrations and alignment of the networks, but it can be done.

I was about to create the ROI for Nozomi Networks. I believe it provides strong value. We have detailed analysis of breach scenarios, the total number of breaches that happened, and the risk categories that Nozomi Networks is detecting. Nozomi Networks OT impact includes asset enumeration, lateral movement, PLC or HMI accesses, remote access misuse, and credential guessing. We have details about the business consequences, such as malware propagation, loss of process integrity, or any manipulation that might happen. The OT environment is vulnerable to process manipulations and insider or external compromises, depending on what external devices are connecting to the OT network or whether IT-OT segmentation exists. These details create budgetary considerations that are important. We also have vulnerabilities, both open and exploitable, with critical and high scores with CVSS scores of more than nine or more than seven, and which have known exploits. I get these kinds of details in Nozomi Networks portal.

Nozomi Networks and Claroty are on the expensive end of the market, so the client should have those budgets available.

I have used all of them, but I would suggest Nozomi Networks if it is for a large client. For critical systems or critical sites such as oil and gas, nuclear facilities, or water treatment plants, I would recommend Nozomi Networks and Claroty. For smaller size organizations, Armis and Dragos can be used. For detailed analysis and when the systems and the site are more critical, I would suggest and prefer Nozomi Networks and Claroty.

Asset details are convenient because I have lots of information with respect to assets. Whenever I receive any alert, I check what the asset is about. For example, with any incident such as network scanning or multiple successful logins, there are all the details regarding what happened. It tells me what the possible cause was and what the solution will be. The details show what source is involved, what site and zone, what label, IP or MAC address, what ports are involved, TCP/IP or any other protocols. I can see if there is any user assigned to it with respect to site spokes. I can see the destination and all those destination site details. I can determine if it is internal traffic, external traffic going out from IT to OT, or traffic from any other site or any external devices. I can see what communication protocol is being used, the transport protocol, the threat severity, the network exposure, and the attack tactics. All these details are available. I have additional details such as when the attack happened or when the incident was reported, how the device was captured, which port it was detected on, and whether it is an easy attack that is not relevant so I can acknowledge it or trigger it. I have timeline details and can also leave comments about whether something is recurring so I can ignore certain attacks or incidents. All these details provide a proper audit trail for companies. For customer support, I would rate it at eight point five out of ten. I would also rate the overall product experience at eight point five. I would rate Nozomi Networks at nine points overall. When looking at the OT monitoring tool market, Nozomi Networks wins. Nozomi Networks and Claroty are both excellent solutions, which is why I rate it as nine out of ten.

I primarily use Nozomi Networks for two main use cases in our environment: OT asset visibility and inventory management, as well as threat detection and anomaly monitoring, which is very important for our operations.

For OT asset visibility, in our compressor stations, we are connected to Nozomi via a span port in the Nozomi collector, and that collector sends data to Guardian, which we use there. With this setup, we can easily investigate our alert triggers. For threat detection at our pipeline block valve station, which is very useful for us, the baseline is the SCADA system, specifically the Honeywell SCADA we use. In this SCADA, periodical read commands on RTUs arrive, and sometimes these commands are unusual. For anomaly control command detection, which identifies unauthorized sources from different places, Nozomi is very helpful with Guardian as well as the CMC, which also shows us the dashboard.

Additional high-impact use cases for Nozomi Networks that I see in pipeline operations include Nozomi flagging some PLCs receiving new types of commands that we sometimes have never seen before. The inbuilt root cause analysis incidents and the IT/OT attack path vector detection are features I need to add to our use cases, making it much easier to maintain our window validation and related processes.

Regarding the learning curve for new users of Nozomi Networks in my organization, training is required, but the platform is user-friendly. I recommend training for all site locations, which is very helpful. The learning curve is moderate, and users can learn effectively with the necessary training.

Nozomi Networks plays a critical role in my environment for incident response and remediation by providing early detection, deep visibility, and actionable insights. In an OT environment, where responses must be controlled and careful, Nozomi proves to be invaluable, and I appreciate its capabilities.

Nozomi Networks has positively impacted our organization since we are in the asset owner environment. The first thing I noticed before was the lack of full OT visibility, which is the biggest impact to gain and understand more deeply our asset-related environment, and it is also facilitating faster threat detection and response, which I appreciate. This capability enables me to create a stronger incident response capability or response procedure for our OQGN environment, which is very helpful in reducing operational risks and enhancing our OQGN environment.

Regarding the reduction in operational risk, I have seen a significant example where the mean time to detect has reduced to minutes. Before, the mean time to detect was almost 30 minutes to one hour, but now it typically takes five to ten minutes, which is substantial. The response time has also reduced by 50 to 60 percent after implementing Nozomi Networks; those are the two key improvements I observe before and after its implementation.

Nozomi Networks significantly supports collaboration between IT and OT teams in my organization by providing a unified visibility platform. Both teams are able to see everything Nozomi offers on a single platform, the CMC, which I mentioned earlier. This facilitates our collaboration and provides actionable insights to our IT teams, helping maintain the operational context of our OT environment and coordinate effectively with the SIEM.

I have seen a clear return on investment with Nozomi Networks, as it measures and manages our risk reduction as well as operational continuity and efficiency. It significantly aids in time-saving; for example, before Nozomi, identifying the root cause of network or process issues took several hours or even days, especially with limited visibility for IT or OT teams. After implementing Nozomi Networks, those issues are resolved within minutes rather than hours due to real-time visibility and traffic analysis enabled by Nozomi Networks.

The best feature Nozomi Networks offers, in my opinion, is deep OT protocol intelligence, which is very effective for our OT environment. The second important feature is the agentless and passive OT visibility, which creates a very crucial role in critical environments because if you set up something inbuilt in your environment, it is not worth and not acceptable for all asset owners. Due to this reason, the third feature is the behavioral baseline with very low false positive alerts, which detects issues and does not show false alarms on the CMC dashboard.

Overall, Nozomi Networks is effective at identifying unknown threats or zero-day vulnerabilities. It has strong performance in that area, although I did encounter one case where something abnormal was not detected immediately. However, overall, it is strong for zero-day detection and unknown threat visibility, though the false positives remain a challenge that all organizations face, especially in the initial stages.

I see challenges with Nozomi Networks mainly as a detection or visibility tool, but it does not actively block traffic by design for safety reasons. If it detects any abnormalities, it suggests using firewalls, NAC, or manual actions at the time of threat detection. For deeper asset context beyond the network layer, it does not provide that for engineering systems, and sometimes it falls short in SMTP. The main challenges I have noted are cost and scaling considerations; sometimes, clients directly deny requests for additional integration due to Nozomi Networks' high costs.

Regarding Nozomi Networks' AI capabilities, I have a mixed opinion. On one hand, I think it is very effective and helpful in strengthening Nozomi Networks itself, but on the other hand, I see potential risks and gaps in governance that are easily detectable. For AI in governance, I recommend creating strong controls along with privacy awareness, data security, operational safety, and most importantly, AI transparency. Much transparency with limited external visibility would be beneficial.

Integrating Nozomi Networks with our existing systems was relatively easy at level three due to established tie-ups, but I faced issues when integrating at level two with some OEMs, like Emerson, who do not allow deep dives for monitoring and collecting all data from Nozomi Networks from the tap one.

I have been using Nozomi Networks for almost more than four years.

Nozomi Networks has proven to be very stable and comfortable in my experience.

In terms of scalability, Nozomi Networks is well-suited for large-scale OT environments, accommodating hundreds and thousands of assets and nodes. This suitability applies particularly to the oil and gas sector as well as manufacturing and utilities, so my recommendation is that it has very high scalability capacity, ease of scaling, and flexibility.

In the Middle East, the customer support provided by Nozomi Networks is very good. However, I personally faced some minor delays a couple of times, but they were acceptable and not much of an issue.

I worked with different organizations and used various solutions previously, including Armis, Microsoft Defender for IoT, and Claroty. There was no particular reason to switch solutions because I simply changed organizations, which used different solutions for their IDS and IPS.

Nozomi Networks is easy to manage updates and maintenance for since it is deployed on-premises, providing us internal control. This offers flexibility, but it also requires proper planning and coordination with Nozomi Networks vendors and teams directly involved in integration. This makes it helpful to manage manual efforts effectively and supports our critical infrastructure environment.

My experience with Nozomi Networks in terms of pricing and licensing is that it is generally a premium solution, not a standard one for all organizational needs. It is more than a typical premium solution, specifically focused on IT and OT systems in our critical infrastructure environment. The pricing is slightly high, which influences smaller organizations' decisions against implementing Nozomi Networks.

Prior to choosing Nozomi Networks, I evaluated a few options, including Claroty, which I deemed not considerable in the Middle East. I also looked at Armis, where I found limited visibility and poor service in the region, and Dragos, which has higher pricing compared to Nozomi Networks. Therefore, I recommended implementing Nozomi Networks for our needs at OQGN.

I rate Nozomi Networks overall a nine out of ten.

I give it a nine because, while it excels not just for asset inventory detection and related areas, there is one gap I have noted and shared with you. That is why I deduct a point, making my rating nine out of ten.

For me, Nozomi Networks has high reliability and moderate to high accuracy, which I believe is the right trade-off for our OT environment.

I advise others looking into using Nozomi Networks that it is scalable and provides excellent support and services, so I recommend configuring Nozomi Networks in your environment, whether for large-scale or small-scale industries.

My main use case for Nozomi Networks is that I have experience with implementation, designing, and configuration.

The best feature of Nozomi Networks is that it has built OT-oriented protocols such as OPC UA, DNP3, Modbus, and Siemens S7. For these protocols, Nozomi Networks identifies them very perfectly. They have designed this specifically for OT-based protocols.

The second valuable feature is network visualization. It provides you a complete graph of all assets connected across the system, showing which nodes are connected, which systems are connected, how many nodes each system has, and how many network elements exist.

Nozomi Networks allows you to customize IDS and IPS. Additionally, there is a tool called YARA, which is used for threat detection over the file system. Asset inventory in Nozomi Networks is useful for OT compliance processes.

With the Asset Intelligence license, the system will start polling each asset and collect complete information about it, including software version, firmware, hardware, and model details. It also has an AI model built in.

The potential area of improvement I see for Nozomi Networks is that there are many unknown malwares that cannot be identified because they are not updated in the National Vulnerability Database. Those malwares can infiltrate your system, which Nozomi Networks cannot identify.

My suggestion is that Nozomi Networks' operating system should be inbuilt with AI and machine learning. Even though many malwares exist, modern malware can bypass endpoint detection and all security elements. Those malwares should be identified with advanced AI and machine learning. I believe Nozomi Networks needs to work on this continuously.

Regarding the functionality of Nozomi Networks, the query syntax is very complicated. The syntax of the queries is very complex, so sometimes you will not get what you want. The command line functionality is not as good as it could be.

I have been working with Nozomi Networks SCADA Guardian for three to four years.

I would rate the stability of Nozomi Networks as eight out of ten.

I would rate the scalability of Nozomi Networks as good because whatever hardware you use, it would be Nozomi Networks-based and scale accordingly.

I would rate Nozomi Networks' technical support as ten out of ten.

I would describe the initial setup of Nozomi Networks as very simple. Within three to four hours, you can complete the setup.

It is easy to integrate Nozomi Networks with third-party systems. It supports Cisco, Fortinet, Palo Alto, and Juniper, and it can be integrated with CrowdStrike, SIEM solutions, and Microsoft Sentinel. One feature I found valuable in Nozomi Networks is that there is a built-in vulnerability assessment feature, whereas in IT we typically use Nessus or Qualys for vulnerability assessment.

People use Nozomi Networks for OT cybersecurity. There is a subscription called Vintage that, if purchased, will provide you AIML-based threat detection and threat identification. Different subscriptions and licenses are available.

The pricing of Nozomi Networks is good. I would rate it as nine. Compared to Dragos, Nozomi Networks offers good value.

I am working with Nozomi Networks in both deployment models: hybrid and fully cloud-based.

In OT environments, the barriers that exist for using a cloud-based model with Nozomi Networks are regulatory restrictions. We cannot go directly to the cloud because of these regulations and cannot access the cloud in certain contexts.

I am not aware of how to integrate Nozomi Networks with AWS and Azure. Since Azure and AWS deal with IT components, when it comes to OT components, you need to create a barrier between IT and OT. You need to create DMZs and some kind of filtering.

My overall review rating for Nozomi Networks is nine out of ten.

We use Nozomi Networks as an intrusion detection system for OT deployments, automation systems, and IoT systems such as medical equipment to protect medical systems and smart meters. We detect any anomalies in the network, whether in operation networks, IoT networks, or IT networks, and it is the best intrusion detection solution with its intelligence.

We work with Nozomi Networks real-time visibility feature and deploy the solution for our customers.

The real-time visibility from Nozomi Networks helps with threat detection for our customers because almost all customers have integrated this IDS into their SOC, so they are getting full visibility on any anomalies in the network and immediate intelligence on that.

Integrating Nozomi Networks with third-party systems gives visibility in the network. We connect this with a SOC and SIEM solutions, and they have better visibility on the entire network.

Nozomi Networks brings the main benefits of visibility and control, asset tracking with full visibility of the assets in the network, and threat intelligence with anomaly detection, so they have peace of mind and the system is always on watch.

We are utilizing the machine learning in Nozomi Networks, which is part of the Nozomi Networks package. We are deploying it for the customers and they take care of the operation side. We do the implementation only.

Nozomi Networks has the best AI-based detection and intrusion detection solution. It is very robust, easy to deploy, and easy to use with a very user-friendly GUI and good support in terms of product and after-sales support. They have vendor support in our region, and they are the best when it comes to IDS solutions.

I would like to see improvements in Nozomi Networks, probably more AI-based integration and better native integration with SOC and SOAR platforms.

I would like to see specific features included in the next releases of Nozomi Networks, such as improvements in threat intelligence. They have competition from Dragos, which I believe is better in threat intelligence.

I do not have much of an answer about the key differences of Nozomi Networks in comparison to other cyber defense solutions because I only work with Nozomi Networks. However, I heard from the market that they might lack in threat intelligence compared to Dragos. Other than that, I see Nozomi Networks as the best platform for customers, easy to manage, deploy, and operate. The cons might be that they lack some threat intelligence features that Dragos offers.

We have been working with Nozomi Networks for four years.

We have faced downtimes, crashes, or performance issues with certain implementations. We had certain device card issues, but those were rectified immediately as an RMA was issued and addressed promptly. It is not that there are no issues at all, but they have been addressed, and that matters most.

Nozomi Networks is scalable. You can add more locations with more devices and integrate with the CMC, and that is not a problem at all. You can also have high availability if you want.

My experience with the technical support and customer service teams of Nozomi Networks is very good. That is one good part of Nozomi Networks.

Positive

We did not face many issues during the deployment process with Nozomi Networks. We did multiple implementations and it was all smooth.

For threat detection, we have an IPS solution for intrusion prevention. Nozomi Networks works as an intrusion detection system, and we have a prevention system with TXOne that can do virtual locking, along with many features. This is part of Trend Micro, so we sell it as an IPS and as a firewall with different technologies, including portable inspectors and their own threat intelligence platform.

I assess the impact of potential threats detected by Nozomi Networks as high because it is mostly deployed in critical infrastructure. It is a very critical technology that customers are using to be safe, ensuring business continuity, and that matters most for the industry.

Given my very rich experience with Nozomi Networks technologies, I would advise organizations considering it to look primarily into ICS system cybersecurity and IoT. They can also enhance their focus on enterprise IT security. I rate this product an eight out of ten.

Positive

The tool's visibility is good. We can see the traffic flow. 

Nozomi Networks should improve its pricing. 

I have been working with the product for five years. 

I think it's a stable solution and don't foresee any problems in the future. It's a leading security platform and is widely used in Italy. This gives them full visibility of all devices, which is often difficult to achieve. IT managers usually lack visibility into all products and security solutions. However, this platform lets customers gain visibility of their entire device environment. I rate its stability an eight out of ten. 

My company has three customers for the product. 

My company has enough knowledge of security and hence hasn't contacted support yet. 

Positive

The solution's deployment is easy and requires only two days. 

The platform's impact is significant because it provides a clear vision of all devices, including non-standard ones. Usually, customers have no idea about their environment, machines, or operations, making it very difficult to achieve visibility across all devices in the network. This is the main scope of the platform.

There are noticeable cost savings for a company after implementing Nozomi Networks. With this solution, fewer technical resources are needed, and the people managing the data center or environment have fewer daily activities to handle. A robust security solution means fewer tickets to manage and more precise security. This leads to less configuration needed on network devices or firewalls. These are the main benefits of implementing this solution.

The operational and technical architects, NOC, and SOC teams usually use nodes to detect and remediate firewall issues. They prefer not to analyze the environment more deeply. Instead, they rely on alerts about threats or suspicious, malicious traffic flow in their network devices.

I would recommend it because it is easy to install and develop. It provides a deep analysis of devices, which helps manage security reviews and ensure compliance. Overall, it is a good solution for these main purposes.

I rate the overall product a nine out of ten. 

There are different use cases, and it depends on the product and the customer. Usually, it is used for asset management and other features. Sometimes it serves as an IDS solution instead.

It has impacted security operations in a better way.

The network visualization feature of Nozomi impacts security operations positively. It is valuable for asset management, although there are probably better solutions for that.

I would like more customizable options for configurations. Creating custom queries is time-consuming. It would be beneficial if more options were added for easier configurations.

Personally, I have been familiar with Nozomi Networks for a couple of years.

I am not involved in daily operations. As far as I know, Nozomi Networks is considered to be of good quality. The product is stable and doesn’t usually require frequent technical support interaction.

I don't deal with technical support on a daily basis. However, the product itself is stable, so there is usually no need to contact support.

Neutral

The initial setup is straightforward for a basic configuration. However, custom configurations can be quite complex and time-consuming.

It is probably mid-range in pricing. It's not cheap, yet it is also not super expensive either.

I'd rate the solution seven out of ten.

Nozomi Networks is an easy-to-use and powerful tool. The solution's network visualization feature helps you monitor and manage all your OT assets. It also helps review vulnerabilities and any critical issues.

I used the solution for about one year in my last job.

The solution provides good stability.

It is easy to scale the solution.

The solution's technical support is very good. We worked a lot with the local support team here in Mexico, and it was awesome. They visited us every month and were always ready to help us with everything we needed.

Positive

The solution’s initial setup is easy. Nozomi staff helped us run a couple of demos. The first time, we just observed everything. Later, we could install everything and run it, which was not very difficult.

The solution's pricing is good and cheaper than that of Claroty. Nozomi Networks is worth the money.

I would recommend the solution to other users.

Overall, I rate the solution ten out of ten.

I use this solution for vulnerability scanning in energy firms.

The time capsule feature is valuable.

I believe there is room for improvement regarding on-premises AI.

I have been using the solution for half a year.

The implementation was carried out by just two engineers.

I do not have ROI at the moment. It is too early to talk about it.

I considered alternative solutions such as Elastic and Curator.

I chose Nozomi because it is far ahead of other competitors, like Curator and Elastic. I would rate the overall solution nine out of ten.

We use Nozomi Networks for OT visibility.

The most valuable feature of Nozomi Networks is its security features.

The solution should include an integration library.

I have been using Nozomi Networks for four years.

Nozomi Networks is a scalable solution. Our clients for Nozomi Networks are big enterprise businesses.

The solution's technical support is quite good. If we need something, the support team complies and replies back to us.

Neutral

The solution’s initial setup is very straightforward.

We did a POC for Nozomi Networks, and its installation does not take too long.

Overall, I rate Nozomi Networks a nine out of ten.