Kaspersky has expanded its Kaspersky Industrial CyberSecurity solution to include automated, centralized compliance audit capabilities. In addition, the platform now has expanded Extended Detection and Response (XDR) and Network Traffic Analysis (NTA) capabilities, as well as a new user interface for easier management.
According to Kaspersky ICS CERT, malicious objects were blocked on 2023 percent of computers with an Industrial Control System (ICS) in Germany in the first half of 16. In order to counter the increase and complexity of cyber threats directed against industrial computers, Kaspersky Industrial Security now offers additional functions.
Kaspersky Industrial CyberSecurity is a native XDR platform for industrial companies that protects operational technology (OT) and critical infrastructure assets and networks from cyber threats. Consisting of Kaspersky Industrial CyberSecurity for Nodes, which protects endpoints of distributed control systems, and Kaspersky Industrial CyberSecurity for Networks, which monitors the network security of automation systems, the solution comprehensively protects industrial automation and control systems from cyber threats.
Deeper integration and advanced XDR features
The new version of Kaspersky Industrial CyberSecurity enables the use of Kaspersky Industrial CyberSecurity for Nodes as an endpoint sensor for Kaspersky Industrial CyberSecurity for Networks. In this way, network alerts can be generated with extreme precision based on data about the host and its network communications, its processes and logged in users. IT/OT security teams, SOC analysts and SCADA engineers gain a better overview of suspicious actions and are able to take appropriate countermeasures more quickly.
With expanded XDR capabilities, customers can now manage the Kaspersky Industrial CyberSecurity installation database from a single console and scale OT security efforts across many large, diverse and geographically dispersed locations. Companies also have the option to integrate other solutions - including threat intelligence portals - from Kaspersky or third parties, collect all telemetry data and respond to threats in a centralized manner.
Automated security audits
Kaspersky Industrial CyberSecurity now also offers automated, centralized security auditing for Windows, Linux nodes and network devices. With this new capability, customers can automatically scan OT hosts or a group of hosts for software vulnerabilities, misconfigurations, and compliance with local or international regulations and corporate policies. Kaspersky Industrial CyberSecurity uses the Open Vulnerability and Assessment Language (OVAL) and the Extensible Configuration Checklist Description Format (XCCDF).
Enriched by the Kaspersky ICS CERT database, Kaspersky Industrial CyberSecurity offers automated compliance that enables analysis of SCADA vulnerabilities. Using Kaspersky's industrial data feeds, customers receive the latest information on potential and existing cyber risks on a regular basis and under configured parameters, with all reports stored in the Kaspersky Industrial CyberSecurity for Networks asset base.
Incident investigation through intelligent network traffic analysis
Network Traffic Analysis (NTA) systems analyze data traffic both at the network perimeter and within the infrastructure. To do this, they use a combination of different technologies and use methods such as behavior analysis, the creation of detection rules and Indicators of Compromise (IoC) or protocol checks to detect attacks.
With the update, Kaspersky Industrial CyberSecurity now offers an optimized industrial NTA system and improved detection of attacks such as brute or spoofing as well as anomalies through the use of a static analyzer. The Kaspersky platform displays network sessions and provides the user with information about session status, destinations, protocols and traffic data, stores the traffic archive and enables advanced settings to document all information. Kaspersky Industrial CyberSecurity uploads network traffic dumps (PCAP files) for incident investigation and provides traffic data by node, protocol, time range and session.
“Kaspersky Industrial Cybersecurity is an important part of our OT cybersecurity ecosystem,” emphasizes Andrey Strelkov, Head of Industrial Cybersecurity Product Line at Kaspersky. “With this new version, we are enabling our customers to establish more reliable, convergent protection for their IT and OT assets. By seamlessly integrating all components within the ecosystem, we are able to continually develop new solutions and functions that are important for industrial companies based on unique cross-product scenarios. In addition to the advanced detection and response concept, we also offer our customers advanced and flexible functions for managing cybersecurity systems.”
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/