NOZOMI ARC™

Security and Network Monitoring for OT Endpoints – Now with Threat Prevention

Reduce MTTR with Safe, Automated Endpoint Threat Prevention

Fueled by our OT‑specific threat intelligence enriched with the Threat Intelligence Expansion Pack from Mandiant, Nozomi Arc delivers automated cyber threat prevention without disrupting OT operations.

It keeps processes running safely while giving asset owners complete control via flexible threat response modes suited to diverse risk environments.

Detection Mode
Provides threat visibility without intervention
Quarantine Mode
Blocks the execution of malicious files and safely contains them for forensic analysis
Delete Mode
Immediately removes malicious files, stopping threats before they can cause harm

Sécurité des Endpoint

Nozomi Arc is a host-based security sensor that detects and defends against malicious or compromised endpoints. It sends collected data to Nozomi Guardian or Nozomi Vantage for further analysis and correlation.

USB Monitoring

Detect the use of USB devices and malicious HIDs

User Activity Correlation

Correlate events with user’s behavior

Local Behavior Analysis (Sigma)

Monitor local events for signs of suspicious activity

NEW
Threat Prevention (YARA & STIX)

Detect, quarantine or delete malware and malicious software

Continuous Asset Monitoring and VA

Collect endpoint inventory, security and performance data

Network Sensor

Arc also turns any endpoint into a lightweight network sensor by discovering nearby devices on the host’s subnet, tracking their behavior and detecting threats – without deploying Guardian sensors.

Continuous Traffic Monitoring

Passive analysis

Découverte

Discover neighboring devices

Smart Polling

Enrich asset data with  active queries

Top Use Cases for Host-based Sensors

By combining host-based detection and threat prevention with lightweight network sensing, Nozomi Arc extends coverage to protect assets where Nozomi Guardian and Guardian Air sensors can’t reach.

Crown Jewels

Protect critical assets where network monitoring would by be overkill

Remote Substations

Avoid limited maintenance windows to deploy and other network hassles

Low Bandwidth, High Latency

Ideal for cargo ships, mining sites and other networks where cabling is impractical

Insider Threats

Accelerate forensics by correlating suspicious user activity with specific devices

Contract Technicians

Monitor a single active session on the host device while they’re connected

Why Traditional Endpoint Security Agents Aren’t Suited for OT

Heavyweight & Disruptive

OT devices and controllers have limited computing power and memory to perform specific tasks.

Detect the Wrong Threats

Traditional agents are trained on IT environments. They don’t understand OT protocols or recognize OT baselines.

Kernel-Level Access

Unlike traditional EPP and EDR tools, Arc doesn’t operate at the kernel level and is light on system resources
ARC EmbeddedTM

Visibility All the Way Down to the Factory Floor

Arc Embedded is the first security sensor developed with OEMs to run inside industrial controllers, delivering unprecedented visibility and threat detection at Purdue levels 0-1. It monitors east-west communications, process variable readings and controller logic changes to detect threats and anomalies.

ARC EMBEDDED
Modifications du logiciel, du micrologiciel, de l'état du matériel, de la logique du programme, de l'utilisation des ressources et de l'état de fonctionnement
Accès physique, y compris les données de connexion des utilisateurs, l'utilisation de périphériques USB, les fichiers transférés, etc.
Visibilité de niveau 0-1 du modèle Purdue. Intelligence comportementale au niveau des capteurs, surveillance des dispositifs tels que les vannes, les capteurs, les pompes et les relais.

Prix et reconnaissance

Passez à l'étape suivante.

Découvrez à quel point il est facile d'identifier les cybermenaces et d'y répondre en automatisant la découverte, l'inventaire et la gestion de vos actifs OT et IoT .