Nozomi Networks Inc., the leader in OT and IoT security, today announced it has been recognized by the CVE Program as an authorized CVE Numbering Authority (CNA), assigning CVEs in the area of OT & IoT vulnerabilities. The CVE Program is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and operated by MITRE. It is the de facto international standard for identifying and naming cybersecurity vulnerabilities. Nozomi Networks joins an elite group of 136 CNA organizations spanning 24 countries and is the first OT & IoT security specialist to join the program.
“We are pleased to grant Nozomi Networks CVE Numbering authority,” said Scott Lawler, CEO LP3 and CVE Board Member. “In addition to a deep commitment to ensuring the security of their own products, a team of researchers in Nozomi Networks Labs also works to identify vulnerabilities in other industrial equipment and software. Nozomi Networks leads their industry in the number of responsible disclosures made to the United States ICS-CERT. They’ve consistently demonstrated a high level of professionalism and expertise in helping impacted customers and vendors quickly address identified vulnerabilities. Their specialized expertise in OT and IoT cybersecurity and the processes they have established to ensure the cybersecurity of their own products make them a valued member of the CNA team.”
As a CNA, Nozomi Networks can now assign CVE numbers to newly identified vulnerabilities and publicly disclose information about these vulnerabilities. This includes assigning CVE numbers to vulnerabilities found in the company’s own products as well as third-party automation and industrial products not covered by another CNA.
Since 2013, Nozomi Networks researchers have made more than a dozen responsible disclosures, which to date have resulted in 13 CISA ICS-CERT Advisories. The company uses the MITRE ATT&CK Framework for ICS terminology in its detection and alerting capabilities, providing immediate context for any detected activity and reducing the need for additional research to understand the significance of the behavior. Nozomi Networks products are ISO 9001: 2015 certified. Additionally Nozomi Networks’ Product Security Incident Response Team (PSIRT) supports solidly defined procedures for managing product vulnerabilities.
“We are honored to receive CNA status,” said Nozomi Networks Co-founder and CTO Moreno Carullo. “Our passion for helping our customers and the industry as a whole fuels Nozomi Networks’ history of innovation and success. This is a significant milestone that allows us to do even more in our efforts to strengthen the security of the operational infrastructure that people rely upon around the world.”
For more information read the Nozomi Networks blog post: CISA-sponsored CVE Program Grants Nozomi Networks CNA Status.
About Nozomi Networks Nozomi Networks is the leader in OT and IoT security and visibility. We accelerate digital transformation by unifying cybersecurity visibility for the largest critical infrastructure, energy, manufacturing, mining, transportation, building automation and other OT sites around the world. Our innovation and research make it possible to tackle escalating cyber risks through exceptional network visibility, threat detection and operational insight. www.nozominetworks.com
About the CVE Program
Common Vulnerabilities and Exposures (CVE®) is an international, community-based effort that maintains a community-driven, open data registry of vulnerabilities. The CVE IDs assigned through the registry enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks. The CVE Program currently has 136 CNA’s in 24 countries, globally across technologies and services.