Connect with us

Hi, what are you looking for?

HEADLINES

Kaspersky introduces enhanced solutions to secure industrial companies

Kaspersky has enhanced its Kaspersky Industrial CyberSecurity (KICS), a native XDR Platform for industrial enterprises, and streamlined Managed Detection and Response (MDR) for Industrial Control Systems (ICS), a service that helps to perform key SOC functions for organizations that may lack dedicated personnel.

The new reality for owners and operators of industrial infrastructures is shaped by IT-OT convergence, high regulatory requirements, and the rise of cyberattacks in the industrial sector. According to Kaspersky ICS CERT, malicious objects were blocked on almost one quarter (23.5%) of ICS computers in the second half of 2024. This highlights the persistent and significant level of threats, underscoring the need for companies to prioritize their cybersecurity strategy and implement comprehensive, reliable solutions to protect all their assets and processes.

To meet this growing demand, Kaspersky has tailored its key solutions specifically designed to safeguard industrial companies.

Kaspersky Industrial CyberSecurity enhancing OT and critical infrastructure

The first significant update concerns Kaspersky Industrial CyberSecurity (KICS), a native XDR Platform[1] designed specifically for industrial enterprises. It is certified to protect OT and critical infrastructure equipment and networks from cyber-initiated threats. Designed to comprehensively secure the industrial automation and control systems, it consists of KICS for Nodes, which focuses on endpoints in distributed control systems, and KICS for Networks, which monitors automation system network security and protects automation system equipment from network-initiated threats.

Advertisement. Scroll to continue reading.

With the new release, the platform introduces the following enhanced capabilities:

1.      Improved configuration and change management for OT infrastructure

KICS enables security settings inspection and change monitoring through agent-based or agentless polling for Windows and Linux hosts, network devices, and PLCs to collect configurations. A predefined set of configurations is provided out of the box for all supported asset types and can be collected manually or in scheduled mode. The accumulated configuration archive is always available for review, and can be used to monitor change and analyze identified discrepancies.

2.     New asset types for enhanced context during incident investigations

KICS for Networks now supports the reception and aggregation of additional types of assets including installed software, patches, local users and discovered executables. When KICS for Nodes is installed on a host (both in Windows and Linux), it automatically transmits this information to KICS for Networks with periodic updates. This provides automatic change management and alerts when deviations are detected. The aggregated lists of software and users greatly simplify the incident investigation process, allowing security professionals to easily identify all hosts with suspicious executables or find specific user actions in registered events.

Advertisement. Scroll to continue reading.

3.     Scheduled active polling and automated network topology visualization

KICS provides a topology map that displays real-time information about asset connections and manages security state changes for devices without installed agents, such as computers and switches. Active polling tasks now support scheduling, to automate the creation of this map and keep connection data, asset attributes and security settings up to date. Each scheduled run is supplemented with a detailed report, including query results and any identified issues.

4.     Increased capabilities to detect anomalies in digital substations

KICS for Networks now supports the import of SCD (substation configuration description) files[2] to analyze configurations, the extraction of asset attributes, and the review of IEC 61850 settings. It also provides a report of identified errors and misconfigurations. By monitoring substation networks based on reference configurations it enables the detection of unauthorized network connections, anomalous activity, and failures or errors in IEC 61850 communications. This indicates improper operation or equipment misconfigurations.

5.     SD-WAN sensor for monitoring OT networks traffic at geographically distributed sites

Advertisement. Scroll to continue reading.

The updated KICS provides a new architecture for geographically distributed infrastructures, enabling support for up to 100 monitoring points on a single KICS for Networks node. When KICS for Networks sensors cannot be placed at remote sites due to the equipment size or connectivity limits, traffic from remote sites can be transferred directly to a KICS for Networks node located at a central office. SD-WAN technologies provide unlimited options to establish new software-defined wide area networks between company branches allowing industrial traffic copies to be delivered from the source switch to the monitoring node.

6.     Updated Portable Scanner with improved audit, inventory and inspection capabilities

The KICS Portable Scanner expands host inspection capabilities with new scanning technologies such as host inventory, vulnerability, compliance and security settings inspection scans, and traffic capturing, which can also be configured to a classic anti-virus scan on the USB drive writing stage. The portable Scanner now also supports anti-malware scanning of Windows 2000 SP4 hosts.

Kaspersky MDR for ICS to perform cybersecurity functions in case of limited in-house security operations

Another update concerns Kaspersky Managed Detection and Response, a service that supports industrial companies experiencing staff shortages or skill gaps. Enterprises can now outsource the key cybersecurity functions such as threat monitoring, detection, threat hunting, and incident analysis to Kaspersky experts. This provides organizations with access to necessary expertise and reliable cybersecurity solutions. The service also allows the organizations to effectively counter the growing volume and complexity of cyberattacks on critical infrastructure, and effectively allows them to optimize their internal resources, when these resources are limited.

“We are always aiming to help customers build more reliable and converged protection of their IT and OT assets. With the new KICS release, we introduced new features that can help to strengthen critical infrastructure, drastically improve visibility and control over assets in industrial networks, improve user experience, situational awareness and deployment flexibility for geographically distributed OT networks. Moreover, we streamlined our MDR service, enabling businesses to engage with experts from our internal SOC to analyze incidents, prevent attacks, and receive relevant recommendations,” comments Andrey Strelkov, Head of the Industrial Cybersecurity Product Line at Kaspersky.

Advertisement. Scroll to continue reading.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

In rigorous evaluations conducted by prestigious cybersecurity testing organizations, Kaspersky Plus (starting in Q4 2024, Kaspersky Premium), Kaspersky Endpoint Security for Business (KESB), and...

HEADLINES

"Given the Philippines' high exposure to cyber threats, it's important for both individuals and businesses to stay vigilant," said Adrian Hia, Managing Director for...

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

Advertisement