Kaspersky Industrial CyberSecurity Enhances Security with XDR Platform

Kaspersky Industrial CyberSecurity is a dedicated XDR Platform designed to safeguard industrial enterprises, OT, and critical infrastructure from cyber threats. Specifically created and certified to protect industrial automation and control systems, it includes KICS for Nodes, targeting distributed control system endpoints, and KICS for Networks, ensuring network security for automation systems.

With the rapid integration of complex computer-based systems into the OT infrastructure, the threat landscape is evolving swiftly. In the first half of 2023, Kaspersky ICS CERT reported blocking malicious objects on 34% of ICS computers. As industrial companies increasingly digitize and expand connectivity, prioritizing cybersecurity is essential. Effective solutions are crucial to provide InfoSec professionals with up-to-date information on potential threats. The updated Kaspersky Industrial CyberSecurity platform aligns seamlessly with this growing trend.

Deeper integration of KICS components and advanced XDR capabilities

The latest update enables KICS for Nodes to function as an endpoint sensor for KICS for Networks. This integration enhances network alerts by providing detailed information about the host, including processes, logged-in users, and host network communications with unprecedented precision. IT/OT security teams, Security Operation Centre (SOC) analysts, and Supervisory Control and Data Acquisition (SCADA) engineers now have increased visibility into suspicious activities, empowering them to respond swiftly and accurately.

With added XDR capabilities, users can now oversee the KICS installation database through a unified console and expand OT Security Operations across numerous large, varied, and geographically dispersed sites. Businesses have the flexibility to integrate various solutions from Kaspersky and third-party vendors, gather telemetry, and address threats all from one location. Additionally, they can implement Threat Intelligence Portals to enhance the event enrichment process.

Automated security audit to address hidden threats

Kaspersky Industrial CyberSecurity XDR Platform introduces automated centralized security audits for Windows, Linux nodes, and network devices. This new feature enables customers to automatically assess OT hosts or groups of hosts for software vulnerabilities, misconfigurations, and compliance with local or international regulations and corporate policies. KICS utilizes open standards like Vulnerability and Assessment Language (OVAL) and Extensible Configuration Checklist Description Format (XCCDF) content to evaluate hosts effectively.

Leveraging the Kaspersky ICS CERT database, KICS offers automated compliance features for analyzing SCADA vulnerabilities. Through Kaspersky XDR platform industrial data feeds, customers can receive timely updates on potential and existing cyber risks based on configured parameters. All reports are stored in the KICS for Networks asset base.

Network Traffic Analysis for better incident investigation

Network Traffic Analysis (NTA) systems scrutinize traffic at both perimeter and infrastructure levels, employing a blend of technologies. These systems detect attacks through methods like behavioral analysis, detection rules, indicators of compromise, and protocol inspection.

In its latest update, KICS enhances its industrial Network Traffic Analysis (NTA), offering improved detection of attacks such as brute force, spoofing, and temporal anomalies using a static analyzer. The Kaspersky XDR platform showcases detailed network sessions, providing users with information on session status, destinations, protocols, and traffic data. It archives traffic, allowing advanced settings for data preservation. KICS uploads PCAP files to investigate incidents, providing traffic data categorized by node, protocol, time range, and session.

“Kaspersky Industrial Cybersecurity is a crucial element of the Kaspersky OT Cybersecurity ecosystem. With this new release, we allow our customers to build more reliable and converged protection of their IT and OT assets. Through the seamless integration of all components in the ecosystem we continue to develop unique cross-product scenarios applicable to industrial enterprises. Following the extended detection and response concept we provide advanced and flexible features to manage cybersecurity systems for our customers,” comments Andrey Strelkov, Head of Industrial Cybersecurity Product Line at Kaspersky.