Implementing OT Network Traffic Analysis with Nozomi

When to Use

• When deploying passive OT network monitoring using Nozomi Networks Guardian sensors
• When requiring asset visibility without active scanning in sensitive ICS environments
• When building a Nozomi-based OT SOC with centralized management via Vantage or CMC
• When integrating OT network monitoring with Fortinet, Splunk, or ServiceNow ecosystems
• When monitoring compliance with IEC 62443 network segmentation policies

Do not use for active vulnerability scanning of OT devices (see performing-ot-vulnerability-scanning-safely), for environments standardized on Dragos (see implementing-dragos-platform-for-ot-monitoring), or for IT-only network monitoring.

Prerequisites

• Nozomi Networks Guardian sensor (hardware, VM, or container)
• Network TAP or SPAN port configured on monitored OT network segments
• Nozomi Vantage (cloud) or Central Management Console for multi-sensor management
• Nozomi Threat Intelligence subscription for updated detection signatures
• Network architecture documentation for sensor placement planning