Kaspersky introduces enhanced solutions to secure industrial companies

0

In response to the increased challenges and escalating threats facing operational technologies (OT) and critical infrastructure, Kaspersky has enhanced its Kaspersky Industrial CyberSecurity (KICS), a native XDR Platform for industrial enterprises, and streamlined Managed Detection and Response (MDR) for Industrial Control Systems (ICS), a service that helps to perform key SOC functions for organisations that may lack dedicated personnel.

The new reality for owners and operators of industrial infrastructures is shaped by IT-OT convergence, high regulatory requirements, and the rise of cyberattacks in the industrial sector. According to Kaspersky ICS CERT, malicious objects were blocked on almost one quarter (23.5%) of ICS computers in the second half of 2024. This highlights the persistent and significant level of threats, underscoring the need for companies to prioritise their cybersecurity strategy and implement comprehensive, reliable solutions to protect all their assets and processes. To meet this growing demand, Kaspersky has tailored its key solutions specifically designed to safeguard industrial companies.

Kaspersky Industrial CyberSecurity enhancing OT and critical infrastructure
The first significant update concerns Kaspersky Industrial CyberSecurity (KICS), a native XDR Platform designed specifically for industrial enterprises. It is certified to protect OT and critical infrastructure equipment and networks from cyber-initiated threats. Designed to comprehensively secure the industrial automation and control systems, it consists of KICS for Nodes, which focuses on endpoints in distributed control systems, and KICS for Networks, which monitors automation system network security and protects automation system equipment from network-initiated threats.

With the new release, the platform introduces the following enhanced capabilities:
1. Improved configuration and change management for OT infrastructure
KICS enables security settings inspection and change monitoring through agent-based or agentless polling for Windows and Linux hosts, network devices, and PLCs to collect configurations. A predefined set of configurations is provided out of the box for all supported asset types and can be collected manually or in scheduled mode. The accumulated configuration archive is always available for review, and can be used to monitor change and analyse identified discrepancies.

2. New asset types for enhanced context during incident investigations
KICS for Networks now supports the reception and aggregation of additional types of assets including installed software, patches, local users and discovered executables. When KICS for Nodes is installed on a host (both in Windows and Linux), it automatically transmits this information to KICS for Networks with periodic updates. This provides automatic change management and alerts when deviations are detected. The aggregated lists of software and users greatly simplify the incident investigation process, allowing security professionals to easily identify all hosts with suspicious executables or find specific user actions in registered events.

3. Scheduled active polling and automated network topology visualisation
KICS provides a topology map that displays real-time information about asset connections and manages security state changes for devices without installed agents, such as computers and switches. Active polling tasks now support scheduling, to automate the creation of this map and keep connection data, asset attributes and security settings up to date. Each scheduled run is supplemented with a detailed report, including query results and any identified issues.

4. Increased capabilities to detect anomalies in digital substations
KICS for Networks now supports the import of SCD (substation configuration description) files to analyse configurations, the extraction of asset attributes, and the review of IEC 61850 settings. It also provides a report of identified errors and misconfigurations. By monitoring substation networks based on reference configurations it enables the detection of unauthorised network connections, anomalous activity, and failures or errors in IEC 61850 communications. This indicates improper operation or equipment misconfigurations.

5. SD-WAN sensor for monitoring OT networks traffic at geographically distributed sites
The updated KICS provides a new architecture for geographically distributed infrastructures, enabling support for up to 100 monitoring points on a single KICS for Networks node. When KICS for Networks sensors cannot be placed at remote sites due to the equipment size or connectivity limits, traffic from remote sites can be transferred directly to a KICS for Networks node located at a central office. SD-WAN technologies provide unlimited options to establish new software-defined wide area networks between company branches allowing industrial traffic copies to be delivered from the source switch to the monitoring node.

6. Updated Portable Scanner with improved audit, inventory and inspection capabilities
The KICS Portable Scanner expands host inspection capabilities with new scanning technologies such as host inventory, vulnerability, compliance and security settings inspection scans, and traffic capturing, which can also be configured to a classic anti-virus scan on the USB drive writing stage. The portable Scanner now also supports anti-malware scanning of Windows 2000 SP4 hosts.

LEAVE A REPLY

Please enter your comment!
Please enter your name here