LLMpediaThe first transparent, open encyclopedia generated by LLMs

Nozomi Networks

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Modbus TCP Hop 5
Expansion Funnel Raw 60 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted60
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Nozomi Networks
NameNozomi Networks
TypePrivate
Founded2013
FoundersMarc ​Sasson; Andrea Carcano; Edgard Capdevielle
HeadquartersSan Francisco, California
IndustryIndustrial cybersecurity
ProductsOT and ICS security, network visibility, asset inventory, anomaly detection

Nozomi Networks is a private company specializing in industrial cybersecurity for operational technology (OT) and industrial control systems (ICS). Founded in 2013, the company develops network-monitoring, visibility, and threat-detection solutions aimed at critical infrastructure, manufacturing, energy, and transportation sectors. Its offerings combine passive network traffic analysis, machine learning, and threat intelligence to detect anomalies and support incident response across operational environments.

History

Nozomi Networks was established in 2013 by industry veterans including Marc Sasson, Andrea Carcano, and Edgard Capdevielle, launching during a period of rising attention to ICS incidents exemplified by the Stuxnet discovery and responses from institutions such as the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Early deployments targeted utilities influenced by regulatory developments involving agencies like the North American Electric Reliability Corporation (NERC) and standards such as those promoted by the International Electrotechnical Commission (IEC). Growth followed funding rounds and partnerships during the late 2010s in an environment shaped by high-profile incidents such as the Ukraine power grid cyberattack and policy debates in the United States Congress over infrastructure security. The company has expanded its global footprint with offices and customers across regions overseen by organizations like the European Network and Information Security Agency (ENISA) and national authorities in Japan and Australia.

Products and Technology

Nozomi Networks develops solutions for OT visibility and ICS security that integrate with enterprise systems from vendors such as Siemens, ABB, and Schneider Electric. Core products include network-monitoring appliances and cloud-based analytics that ingest telemetry compatible with protocols defined by standards bodies like the International Organization for Standardization (ISO) and the International Society of Automation (ISA). The company emphasizes passive monitoring to avoid disruption in environments where devices from Rockwell Automation and legacy systems in GE portfolios operate. Machine learning models trained on datasets curated alongside academic and industrial partners—including research groups associated with Massachusetts Institute of Technology (MIT) and ETH Zurich—aim to detect deviations comparable to indicators documented in advisories issued by Kaspersky Lab and Trend Micro.

Architecture and Components

The product architecture combines edge collectors, central management consoles, and cloud analytics. Edge components perform deep packet inspection and protocol parsers covering standards such as Modbus, DNP3, and IEC 60870-5-104, while cataloging assets similar to inventories maintained by organizations like Siemens Energy. Centralized consoles provide dashboards and reporting interoperable with security platforms including Splunk, ServiceNow, and Cisco security tools. Cloud services support threat intelligence ingestion from feeds produced by research entities such as CERT-EU and private labs like FireEye and Mandiant. Integration points include REST APIs and connectors used by teams organized under frameworks such as those promoted by the National Institute of Standards and Technology (NIST).

Deployments and Use Cases

Customers span electricity utilities, oil and gas operators, transportation authorities, and manufacturing firms. Deployments in substations and control centers address scenarios similar to incident responses led by entities like the Ukrainian CERT during the 2015-2016 grid attacks. In petrochemical facilities, visibility assists safety cases aligned with recommendations from Occupational Safety and Health Administration (OSHA) and industry groups like the American Petroleum Institute. Transportation deployments mirror threat assessments performed for networks managed by agencies comparable to the Federal Aviation Administration (FAA) and metropolitan transit authorities in cities such as London and New York City.

Security Research and Threat Intelligence

The company operates a research team that publishes findings on threats affecting OT and ICS, collaborating with academic labs and vendors noted above as well as with government incident-response organizations like CISA and national CERTs. Research outputs analyze malware families, vulnerability exploitation techniques, and threat actor tactics resonant with reports from Symantec, ESET, and CrowdStrike. Threat intelligence feeds incorporate indicators tied to campaigns attributed to actors monitored by international consortia such as the Five Eyes alliance and regional cybersecurity centers including ENISA.

Partnerships and Integrations

Nozomi Networks has established integrations and channel partnerships across the ecosystem, working with industrial automation suppliers like Honeywell and Mitsubishi Electric, managed service providers, and systems integrators that support clients regulated by agencies such as FERC and standards organizations like ISA. Technology alliances include interoperability with security orchestration platforms from companies like Palo Alto Networks and IBM and asset-management systems produced by firms such as AVEVA and OSIsoft (now part of AVEVA Group plc).

Corporate Structure and Funding

As a privately held company, the firm has completed venture funding rounds involving investors and firms active in technology and infrastructure finance, comparable to backers of startups in the cybersecurity sector such as Sequoia Capital and Accel Partners. Executive leadership comprises founders and senior leaders with backgrounds at companies like Cisco Systems, McAfee, and research institutions like Carnegie Mellon University. Governance and compliance activities align with frameworks and reporting often overseen by regulators like SEC for public companies and by auditing standards referenced by Big Four accounting firms.

Category:Industrial cybersecurity companies