With the new EDR functionality in Kaspersky Industrial CyberSecurity, customers can now gain instant visibility into operational technology (OT) security events and execute response actions. The solution also helps uncover hidden vulnerabilities in networks, such as vulnerabilities, misconfigurations, and non-compliance with policies and regulations. With the new features of active polling and physical topology mapping, organizations can see more assets in their OT networks and see how they are connected. These new capabilities and the deep integration of Kaspersky Industrial CyberSecurity for Nodes and Kaspersky Industrial CyberSecurity for Networks significantly improve OT visibility and control, compliance and threat protection.

The convergence of IT and OT is introducing industrial organizations to an increasing number of connectivity devices and services. To maintain control, availability, security and compliance in such an environment, advanced cybersecurity solutions are required. IDC Global IT/OT Convergence 2022 ForecastsAccording to , by 2024, 30 of industrial enterprises will adopt centralized security management tools to close the IT/OT gap. The updated Kaspersky Industrial CyberSecurity platform responds to this trend.

Get quick insight into events: EDR for OT

With EDR in Kaspersky Industrial CyberSecurity for Nodes, a cybersecurity team can monitor malicious activity, analyze root cause by visualizing attack propagation path, and perform response actions on SCADA computers and operator workstations. The product provides a wide range of response actions that do not affect the industrial process unless there is explicit operator intervention, including quarantining or deleting the malicious object, prohibiting the execution of future malicious operations. To prevent the threat from spreading to other machines, security professionals can create security breach indicators (IoCs) or artifacts to indicate that a system has been compromised and perform a cross-endpoint response based on these IoCs.

EDR functionality is available as part of KICS for Nodes without the need to install additional hardware. The solution can run on any operating system, including Windows XP, making it an ideal solution for industrial networks as it does not overload industrial networks with traffic and has no effect on ICS hosts. In addition, it does not require any special skills from IT or OT security administrators.

Risk and compliance assessment to address hidden threats

Kaspersky Industrial CyberSecurity for Networks enables customers to approach cybersecurity with a risk-based approach. The product can detect vulnerabilities that could compromise OT integrity or cause technological process interruptions. Vulnerable network architecture (access to external networks, lack of segmentation, multilink devices); weak host security settings (open ports, lack of authorization, disabled firewalls); obsolete, vulnerable, unwanted, unencrypted protocols and network protocol anomalies; old OS version; unauthorized devices and security vulnerabilities in PLCs. All risks are scored by severity in the management console, so security teams can focus on the most critical ones first.

The updated Kaspersky Industrial CyberSecurity for Nodes can automatically monitor OT hosts or a group of hosts for software vulnerabilities, misconfigurations, compliance with local or international regulations, and company policies. The product uses Vulnerability and Evaluation Language (OVAL) content to evaluate hosts. By default, the product provides a SCADA database of vulnerabilities in OVAL format of Kaspersky ICS-CERT. Any OVAL database can be used be it NIST, CIS or other regulations or custom samples.

Network visibility and machine scanning to monitor and respond to incidents

Increased network and device visibility of the product thanks to active searches and the physical topology map of the industrial network in Kaspersky Industrial CyberSecurity for Networks. Active polling helps identify assets in OT systems and their configuration, while the organized topology map visualizes the network architecture and reveals how assets are physically connected and communicating with each other. With this data, OT operators or security teams can quickly understand where the problem occurred in the network and what physical object it points to in production, helping to resolve issues faster.

Kaspersky Industrial CyberSecurity for Nodes also provides OT security professionals with a portable USB scanner for use on machines where policies restrict the installation of software, including cybersecurity products. They can be used on old endpoints with outdated software or systems that are too critical to install on them. Another use case is based on outsourced equipment that the customer can use within the OT network. OT security professionals can use a simple USB flash drive to download the scanner from KICS for Nodes and scan this isolated machine. In this method, the scanner does not install anything on the machine, but provides information about the threats found on it. This allows security teams to plan the necessary actions.

As a platform, Kaspersky Industrial CyberSecurity provides native integration of all its components, including KICS for Nodes for Windows and Linux, KICS for networking and orchestration, through a single management platform. The deep integration of KICS for Nodes and KICS for Networks enables network alerts enriched with data about a host, its processes and which user initiated them. IT/OT security teams, SOC analysts, and SCADA operators can gain insight into suspicious activity and make decisions that clarify the response phase.

Kaspersky Senior Product Manager Andrei Strelkov, say:“With this update, we are providing our customers with an OT security management platform focused on risk and compliance. Kaspersky Industrial CyberSecurity sheds light on incidents, hidden vulnerabilities, misconfigurations and other vulnerabilities to minimize the risk of disruption to critical industrial processes. Along with its enterprise cybersecurity products, Kaspersky Industrial CyberSecurity is an essential part of the ecosystem for industrial organizations to protect their assets against threats that leverage IT or OT. We are gradually implementing the comprehensive detection and response (XDR) concept for industrial cybersecurity across our portfolio, with local integration of all components in the ecosystem and a single management platform.”

Source: (BYZHA) – Beyaz News Agency