Kaspersky has launched the new edition of its industrial network visibility and security platform, Kaspersky Industrial CyberSecurity for Networks. In addition to operational technology (OT) traffic monitoring, which reveals unauthorized activity, Kaspersky Industrial CyberSecurity for Networks now flags vulnerabilities in equipment and gives recommendations for their mitigation. Added support for the BACnet protocol allows the product to effectively protect smart building systems. Automated learning mode for traffic monitoring, seamless protocol updates, and the new web console also simplify management and improve efficiency in fighting industrial threats.
Recent Kaspersky research has shown that 39% of industrial control systems’ (ICS) computers were subjected to cyberattacks in 2020. To ensure these attacks don’t affect critical industrial processes, the protection should cover the entire heterogeneous OT environment, with diverse equipment and customized systems. It is also important to be aware of vulnerabilities in ICS software to prevent them from being used for advanced threats, to reduce the attack surface and minimize possible consequences of a cybersecurity breach.
The new version of Kaspersky Industrial CyberSecurity for Networks enables vulnerability management to help customers learn about new weaknesses in their equipment and patch or mitigate them in time. The accurate and comprehensive details, such as CVE-ID, criticality, exploitation conditions, possible consequences and guidance for mitigation, are available in the product management console. This eliminates the need to inspect dedicated reports in multiple third-party sources that may not necessarily include all background information and practical recommendations. The data is provided by Kaspersky Industrial Control Systems’ Cyber Emergency Response Team (ICS CERT), a global project devoted to identifying potential and existing threats that target industrial automation systems and industrial IoT.
To ensure protection of diverse OT environments and devices, the platform enhances protocol support and adds new ones such as MICOM, Profinet, TASE.2, DirectLogic, and BACnet, thanks to which, Kaspersky Industrial CyberSecurity for Networks can now be used for smart building automation system protection. The new protocols and DPI (deep packet inspection) algorithms for traffic inspection are being delivered seamlessly through automatic database updates.
In terms of incident prevention, the enhanced product significantly simplifies the task of rules creation to detect deviations in OT traffic. During the new learning mode, Kaspersky Industrial CyberSecurity for Networks analyzes how the manufacturing process parameters (tags) change and automatically creates the rule for normal work of the equipment. This is so the IT security operator doesn’t need to create them manually.
Kaspersky Industrial CyberSecurity for Networks also suggests numerous usability and manageability enhancements. A brand new web console offers extended incident visualization capabilities for more detailed threat analysis. Information about detected incidents is now mapped to MITRE ATT&CK for ICS attacks tactics and techniques, so security experts can have additional insights for attack investigation. In the web console, the administrator can quickly deploy the platform to new industrial equipment and add connectors to third-party systems such as SIEM, firewalls or SCADA via REST API.
“Proper protection for OT environments can require fine-tuning and many manual steps,” comments Andrey Strelkov, product manager for enterprise products at Kaspersky. “Our goal in this update was to simplify this task for IT security teams: make security management more convenient, improve equipment coverage, and automate functions. The added vulnerability management also simplifies this traditionally daunting task. Indeed, unlike IT devices, OT cannot always be updated at the click of a mouse and without consequences for neighboring systems. But it is still important to find ways for patching or mitigation, with which Kaspersky Industrial CyberSecurity for Networks now helps,”