Kaspersky Industrial CyberSecurity for Networks: Cyber security expert presents new functionalities such as intelligent vulnerability management with recommendations for eliminating potential attack points, automated learning functions for monitoring data traffic and much more.
Kaspersky introduces the new version of its platform for the visibility and security of industrial networks: Kaspersky Industrial CyberSecurity for Networks. From now on, this not only monitors the data traffic in the operating technology (OT) and detects unauthorized activities, but also indicates weak points in devices and gives recommendations for their elimination. The additional support of the BACnet protocol enables intelligent building systems to be protected effectively. An automatic learning mode for monitoring traffic, seamless log updates and the new web console also simplify administration and improve efficiency in combating industrial threats.
Industrial control systems in the attack focus
Current Kaspersky research shows that 39 percent of all computers in industrial control systems (ICS) were exposed to cyber attacks in 2020. So that these attacks do not affect critical industrial processes, the protection should cover the entire heterogeneous OT environment with various devices and customer-specific systems. It is also important to be aware of the vulnerabilities in ICS software [3] to prevent them from being used for advanced threats. This reduces the attack surface and minimizes the possible consequences of a compromise.
Integrated vulnerability management for more security
The new version of Kaspersky Industrial CyberSecurity for Networks includes integrated vulnerability management that informs customers about new vulnerabilities in their devices and enables them to patch or mitigate them in good time. Comprehensive details such as CVE ID, criticality, utilization conditions, possible consequences and information on mitigation are available in the product management console. It is no longer necessary to examine dedicated reports in multiple third-party sources that do not necessarily contain all the background information and practical recommendations. The data for this is provided by Kaspersky ICS CERT (Industrial Control Systems Cyber Emergency Response Team). This is a global project dedicated to identifying potential and existing threats targeting industrial automation systems and the IoT in this sector.
Many protocols support
To ensure the protection of various OT environments and devices, the platform strengthens the support of protocols and adds new ones - such as MICOM, Profinet, TASE.2, DirectLogic and BACnet. This means that Kaspersky Industrial CyberSecurity for Networks can now also be used to protect intelligent building automation systems. The new protocols and DPI (Deep Packet Inspection) algorithms for checking data traffic are seamlessly provided via automatic database updates.
Simple introduction of rules, optimized usability
With regard to the prevention of incidents, the new version significantly simplifies the creation of rules for the detection of deviations in OT traffic. In the new learning mode, Kaspersky Industrial CyberSecurity for Networks analyzes how the parameters of the manufacturing process (tags) change and automatically creates a set of rules for normal plant operation. IT security officers no longer have to set this up manually.
Kaspersky Industrial CyberSecurity for Networks. The platform presents new functionalities, such as intelligent vulnerability management (picture Kaspersky).
Kaspersky Industrial CyberSecurity also offers numerous improvements in usability and manageability. A new web console can now be used to use the extended functions for visualizing incidents for a more detailed threat analysis. Information about detected incidents is now mapped to MITER ATT & CK for ICS attacks tactics and techniques [4], so that security experts have additional knowledge for the investigation of attacks. In the web console, the administrator can quickly provide the platform for new industrial plants and add connectors to third-party systems such as SIEM, firewalls or SCADA via REST API.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/