Kaspersky announces that its Industrial
CyberSecurity (KICS) offering now provides customers with automated
centralized compliance audit functions. The updated platform also promotes
deeper integration of KICS for Nodes and KICS for Networks, provides advanced
Extended Detection and Response (XDR) and Network Traffic Analysis (NTA) capabilities
and contains a new design for easy management. These additions come in response
to the increasing numbers of attacks on operational technology (OT)
infrastructure.
The threat landscape is rapidly changing with new,
complicated computer-based systems being introduced into the OT infrastructure.
According to Kaspersky ICS CERT, malicious objects were
blocked on 34% of ICS computers in the first half of 2023. As
industrial companies steadily ramp up digitalization and extend connectivity,
they must pay more attention to their cybersecurity and use effective solutions
to provide InfoSec professionals with the latest information on potential
threats. The updated Kaspersky Industrial CyberSecurity platform is a direct
response to this trend.
Kaspersky Industrial CyberSecurity is a native XDR Platform
for industrial enterprises that is made and certified to protect OT and
critical infrastructure equipment and networks from cyber-initiated threats.
Designed to comprehensively secure the industrial automation and control
systems it consists of KICS for Nodes that is aimed at endpoints of distributed
control systems and KICS for Networks that monitors automation system network
security.
Deeper integration of KICS components and advanced XDR
capabilities
This new release allows KICS for Nodes to be used as an
endpoint sensor for KICS for Networks, thus enabling network alerts enriched
with data about the host, its processes, logged-in users and even host network
communications with previously unattainable precision IT/OT security teams,
Security Operation Center (SOC) analysts and Supervisory Control and Data
Acquisition (SCADA) engineers now have more visibility over suspicious actions
and can provide a quick and correct response.
Enhanced with XDR capabilities, customers can now manage the
KICS installation database from a single console and scale the OT Security
Operations to a many of large, diverse, and geographically distributed sites.
Companies can integrate different solutions from both Kaspersky and third-party
vendors, collect all the telemetry and respond to threats from the same place.
They can also implement Threat Intelligence Portals for an event enrichment
process.
Automated security audit to address hidden threats
Kaspersky Industrial CyberSecurity now provides automated
centralized security audit for Windows, Linux nodes, network devices. Using
this new feature, customers can automatically audit OT hosts or a group of
hosts for software vulnerabilities, misconfigurations, and compliance with
local or international regulations and corporate policies. KICS uses open
vulnerability and assessment language (OVAL) and Extensible Configuration
Checklist Description Format (XCCDF) content to assess hosts.
Enriched with Kaspersky ICS CERT database, KICS provides
automated compliance that enables the analysis of SCADA vulnerabilities. With
the help of Kaspersky industrial data feeds, customers can receive the latest
information about potential and already existing cyber risks regularly under
configured parameters. All reports are saved in the KICS for Networks asset
base.
Network Traffic Analysis for better incident
investigation
Network Traffic Analysis (NTA) systems analyze traffic both
at the perimeter and in the infrastructure and use a combined set of
technologies. To detect attacks, they employ methods such as behavioral
analysis, detection rules, indicators of compromise, and protocol inspection.
With the new release, KICS is improving its industrial NTA
and now provides better detection of attacks like brute, spoofing and temporal
anomalies by using a static analyzer. The Kaspersky platform displays network
sessions providing users with information on session status, destinations,
protocols and traffic data, it stores the traffic archive and allows advanced
settings to save the information. KICS uploads PCAPs files to
investigate incidents providing traffic data by node, protocol, time range and
session.
"Kaspersky Industrial Cybersecurity is a crucial element of
Kaspersky OT Cybersecurity ecosystem. With this new release, we allow our
customers to build more reliable and converged protection of their IT and OT
assets," said Claudio Martinelli, managing director for the Americas at
Kaspersky. "Through the seamless integration of all components in the ecosystem,
we continue to develop unique cross-product scenarios applicable to industrial
enterprises. Following the extended detection and response concept we provide
advanced and flexible features to manage cybersecurity systems for our
customers."