Automated learning, vulnerability management, and more in new Kaspersky Industrial CyberSecurity for Networks
May 2021 by Marc Jacob
Kaspersky has launched the new edition of its industrial network visibility and security platform, Kaspersky Industrial CyberSecurity for Networks. In addition to operational technology (OT) traffic monitoring, which reveals unauthorised activity, Kaspersky Industrial CyberSecurity for Networks now flags vulnerabilities in equipment and gives recommendations for their mitigation. Added support for the BACnet protocol allows the product to effectively protect smart building systems. Automated learning mode for traffic monitoring, seamless protocol updates, and the new web console also simplify management and improve efficiency in fighting industrial threats.
Recent Kaspersky research has shown that 39% of industrial control systems’ (ICS) computers were subjected to cyberattacks in 2020. To ensure these attacks don’t affect critical industrial processes, the protection should cover the entire heterogeneous OT environment, with diverse equipment and customised systems. It is also important to be aware of vulnerabilities in ICS software, to prevent them from being used for advanced threats, to reduce the attack surface and minimise possible consequences of a cybersecurity breach. The new version of Kaspersky Industrial CyberSecurity for Networks enables vulnerability management to help customers learn about new weaknesses in their equipment and patch or mitigate them in time. The accurate and comprehensive details, such as CVE-ID, criticality, exploitation conditions, possible consequences and guidance for mitigation, are available in the product management console, so there is no need to inspect dedicated reports in multiple third-party sources that may not necessarily include all background information and practical recommendations. The data is provided by Kaspersky Industrial Control Systems’ Cyber Emergency Response Team (ICS CERT), a global project devoted to identifying potential and existing threats that target industrial automation systems and industrial IoT.
To ensure protection of diverse OT environments and devices, the platform enhances protocol support and adds new ones, such as MICOM, Profinet, TASE.2, DirectLogic, and BACnet, thanks to which, Kaspersky Industrial CyberSecurity for Networks can now be used for smart building automation system protection. The new protocols and DPI (deep packet inspection) algorithms for traffic inspection are being delivered seamlessly through automatic database updates.
In terms of incident prevention, the enhanced product significantly simplifies the task of rules creation to detect deviations in OT traffic. During the new learning mode, Kaspersky Industrial CyberSecurity for Networks analyses how the manufacturing process parameters (tags) change and automatically creates the rule for normal work of the equipment. This is so the IT security operator doesn’t need to create them manually.
Kaspersky Industrial CyberSecurity also suggests numerous usability and manageability enhancements. A brand new web console offers extended incident visualisation capabilities for more detailed threat analysis. Information about detected incidents is now mapped to MITRE ATT&CK for ICS attacks tactics and techniques, so security experts can have additional insights for attack investigation. In the web console, the administrator can quickly deploy the platform to new industrial equipment and add connectors to third-party systems, such as SIEM, firewalls or SCADA via REST API.