Kaspersky Industrial CyberSecurity now provides customers with automated centralised compliance audit functions. The updated platform also promotes deeper integration of KICS for Nodes and KICS for Networks and provides advanced XDR and NTA capabilities.
The threat landscape rapidly changes as new complicated computer-based systems are brought into the OT infrastructure. Malicious objects were detected and blocked on 34% of Industrial Control System (ICS) related computers in the first half of 2023, according to the ICS CERT landscape report by Kaspersky. In the Middle East, attacks were detected on 36.8% of OT-related computers over this period, which is higher than the global average. The top industries under attack were energy (38.4%), oil & gas (31.0%), and manufacturing (21.4%). All these attacks were blocked after detection.
As industrial companies steadily ramp up digitalisation and extend connectivity, they must pay more attention to their cybersecurity and use effective solutions to provide InfoSec professionals with the latest information on potential threats. The updated Kaspersky Industrial CyberSecurity platform is in line with this trend.
Kaspersky Industrial CyberSecurity is a native XDR Platform for industrial enterprises that is made and certified to protect OT and critical infrastructure equipment and networks from cyber-initiated threats. Designed to secure the industrial automation and control systems comprehensively, it consists of two modules:
- KICS for Nodes that are aimed at endpoints of distributed control systems;
- KICS for Networks that monitor automation system network security.
Deeper integration of KICS components and advanced XDR capabilities
The new release allows KICS for Nodes to be used as an endpoint sensor for KICS for Networks, thus enabling network alerts with data about the host, its processes, logged-in users and even host network communications with previously unattainable precision. IT/OT security teams, Security Operation Center (SOC) analysts and Supervisory Control and Data Acquisition (SCADA) engineers now have more visibility over suspicious actions. They can provide a quick and correct response.
Enhanced with XDR capabilities, customers can now manage the KICS installation database from a single console and scale the OT Security Operations to many large, diverse, and geographically distributed sites. Companies can integrate different solutions from Kaspersky and third-party vendors, collect all the telemetry and respond to threats from the same place. They can also implement Threat Intelligence Portals for an event enrichment process.
Automated security audit to address hidden threats
Kaspersky Industrial CyberSecurity now provides automated centralised security audits for Windows, Linux nodes, and network devices. With this new feature, customers can automatically audit OT hosts or a group of hosts for software vulnerabilities, misconfigurations, and compliance with local or international regulations and corporate policies. KICS uses open exposure and assessment language (OVAL) and Extensible Configuration Checklist Description Format (XCCDF) content to assess hosts.
Enriched with the Kaspersky ICS CERT database, KICS provides automated compliance to analyse SCADA vulnerabilities. With the help of Kaspersky industrial data feeds, customers can regularly receive the latest information about potential and already existing cyber risks under configured parameters. All reports are saved in the KICS for the network’s asset base.
Network Traffic Analysis for better incident investigation
Network Traffic Analysis (NTA) systems analyse traffic at the perimeter and in the infrastructure and use a combined set of technologies. They employ methods such as behavioural analysis, detection rules, indicators of compromise, and protocol inspection to detect attacks.
With the new release, KICS is improving its industrial NTA and now provides better detection of attacks like brute, spoofing and temporal anomalies using a static analyser. The Kaspersky platform displays network sessions, providing users with information on session status, destinations, protocols and traffic data, it stores the traffic archive and allows advanced settings to save the information. KICS uploads PCAP files to investigate incidents, providing traffic data by node, protocol, time range and session.
“Kaspersky Industrial Cybersecurity is a crucial element of the Kaspersky OT Cybersecurity ecosystem. This new release allows our customers to build more reliable and converged IT and OT assets protection. Through the seamless integration of all components in the ecosystem, we continue to develop unique cross-product scenarios applicable to industrial enterprises. Following the extended detection and response concept, we provide advanced and flexible features to manage cybersecurity systems for our customers,” comments Andrey Strelkov, Head of the Industrial Cybersecurity Product Line at Kaspersky.