Nozomi Networks Expands OT Security with ARC Embedded Sensors

Nozomi Networks has announced its latest innovation: ARC Embedded – the first security sensor embedded directly within Mitsubishi Electric PLCs. This new capability allows real-time monitoring and protection at the PLC level, providing additional visibility into operational technology (OT) environments.

Why it matters

Solving Encryption Challenges. Traditional IDS systems are limited by encryption, making it almost impossible to monitor network traffic effectively. ARC Embedded circumvents this by collecting data directly within devices, allowing it to gather critical data without being hindered by encryption.

Announcement Details

• East-West Traffic Monitoring: The ARC Embedded solution monitors lateral network traffic within OT environments, providing critical insights into communication patterns, configuration changes, and device health.
• AI-Driven Protection: Leveraging AI, ARC Embedded enhances the detection of known and unknown vulnerabilities, continuously monitoring for signs of malicious activity at the PLC level.

The Big Picture – A shift to Embedded Security.  

This marks a broader industry trend towards embedding security directly into operational devices, rather than relying on network-based monitoring alone. As OT environments become more interconnected, this shift will be crucial for maintaining security and operational integrity.

This could push other vendors to adopt similar embedded security strategies.

Bridging IDS and EDR: Nozomi is effectively bridging the gap between traditional IDS systems and Endpoint Detection and Response (EDR) solutions by integrating device-level monitoring, expanding its capabilities across both categories.

Competing with EDR Vendors.  By embedding security within PLCs, Nozomi is positioning itself to compete more directly with EDR vendors, offering a comprehensive solution that integrates both network and device-level security.

What does this mean for Process-Oriented OT Cybersecurity?

While ARC Embedded monitors processes at the PLC level (Level 1), it does not provide direct Level 0 data. True Level 0 data comes directly from the physical processes themselves, which are more difficult for attackers to manipulate. However, ARC Embedded brings security closer to Level 0 by focusing on the devices that control these processes.