Nozomi Networks Platform
OT and IoT security with AI-powered threat detection and network-to-endpoint visibility.
Vendor Information
Nozomi Networks Platform Overview
Nozomi Networks Platform is an OT, IoT, and cyber-physical systems security solution from Nozomi Networks, founded in 2013 by Andrea Carcano (Co-Founder & CPO), Moreno Carullo (Co-Founder & CTO), and Edgard Capdevielle (President & CEO), and headquartered in San Francisco, CA with R&D in Mendrisio, Switzerland. The company raised $266M in total funding across 8 rounds from 22 investors including GGV Capital, Lux Capital, Energize Capital, Mitsubishi Electric, and Schneider Electric before being acquired by Mitsubishi Electric in September 2025 for approximately $1 billion (largest OT/IoT security acquisition to date). The company has been recognized as Leader in the 2025 Forrester Wave for IoT Security Solutions and received awards from Cyber Defense Magazine, Gartner, Fast Company, and Crossfire Media.
The platform uniquely combines network and endpoint visibility through Guardian passive network monitoring sensors, Guardian Air wireless spectrum visibility, Arc endpoint agents for host-based systems, and Vantage cloud-native SaaS platform with Central Management Console (CMC) for unified management. AI-powered capabilities include Asset Intelligence for automatic device classification achieving near 100% accuracy, Threat Intelligence with continuously updated IoCs and OT/IoT zero-day vulnerability research from Nozomi Labs, Smart Polling for safe active discovery without disrupting operations, and Vantage IQ AI/ML security engine for extended analytics and automation. The platform supports hundreds of industrial protocols (Modbus, DNP3, BACnet, EtherNet/IP, S7, OPC-UA) with advanced anomaly detection identifying deviations from baselines to detect known threats and zero-day attacks.
The solution has achieved SOC 2 Type II attestation, ISO 9001:2015, and ISO 27001:2022 certification, with built-in compliance reporting for NIS2, NERC CIP, TSA Security Directives, ISA/IEC 62443, NIST CSF, CMMC, and FedRAMP Moderate (In Process for Vantage for Government). The platform serves critical infrastructure including electric utilities (Enel, Trust Power, Vermont Electric), airports, pharmaceutical manufacturers, maritime operators, mining companies, and water/wastewater facilities across transportation, healthcare, federal government, manufacturing, oil & gas, retail, and smart cities, deployed at thousands of locations protecting millions of devices including the 2024 Paris Olympics and major global airports.
Key Capabilities
Standardized capabilities mapped to this product's security niche
Performs deep packet inspection across a range of industrial protocols: Modbus, DNP3, IEC 61850, EtherNet/IP, PROFINET, OPC-UA, BACnet. Coverage breadth and inspection depth (command-level function code analysis vs. packet-level header parsing) both vary across ICS security products and are primary evaluation criteria.
Maps network topology, identified vulnerabilities, and detected anomalies to IEC 62443 zone and conduit requirements and security level targets.
Provides a single platform for monitoring both enterprise IT and OT network segments, enabling unified SOC operations without separate monitoring tooling for each domain.
Monitors ICS network traffic by analyzing span port or tap data without injecting any traffic, critical for environments where active probing can cause PLC faults or safety system trips.
Models expected behavior of safety-instrumented systems (SIS) separately from process control systems, preventing false alerts on normal SIS state machine transitions.
Identifies device vulnerabilities by fingerprinting asset type, firmware version, and protocol implementation from passive traffic observation, no active scan that could disrupt device operation.
Performs deep packet inspection on industrial protocols (Modbus, DNP3, EtherNet/IP, PROFINET, IEC 61850, OPC-UA), for behavioral monitoring of OT environments alongside IT network analysis.
Integrates with firewalls, NAC platforms, and switches to automatically block or quarantine hosts and traffic flows in response to confirmed detections, without requiring analyst-initiated action.
Extends network detection to cloud VPC traffic using VPC flow log analysis, cloud-native sensors, or mirroring, covering east-west traffic between cloud workloads.
Forwards enriched alerts with full session metadata, PCAP context, and network topology to SIEM platforms in CEF, LEEF, or native API formats.
Monitors lateral movement traffic between internal network segments and hosts, distinct from perimeter monitoring. Requires network tap or span port placement on internal switch infrastructure.
Detects threats in TLS-encrypted traffic using JA3/JA3S fingerprinting, certificate anomaly detection, and traffic behavioral analysis, without requiring decryption.
Builds per-device and per-application baselines of normal network communication patterns and detects deviations, enabling detection of novel C2 channels, data staging, and lateral movement.
Integrations
Compatible tools and platforms
Solution Details
Compliance & Certifications
Regulatory frameworks and security certifications
Deployment Options
Where and how this solution can be deployed
Support Channels
Available support and communication options
Pricing Model
How this solution is priced
How to buy
This profile hasn’t been claimed yet. Contact the vendor directly for pricing and purchasing options.
Is this your company?
Claim Your Profile