Enhancing Cybersecurity for Industrial Enterprises: Kaspersky’s Latest Innovations
In an era where operational technologies (OT) and critical infrastructure face unprecedented cyber threats, Kaspersky has stepped up its game with significant enhancements to its Kaspersky Industrial CyberSecurity (KICS) platform. This native Extended Detection and Response (XDR) solution is tailored specifically for industrial enterprises, addressing the unique challenges posed by the convergence of IT and OT, stringent regulatory requirements, and the alarming rise in cyberattacks targeting the industrial sector.
The Growing Threat Landscape
The urgency for robust cybersecurity measures in industrial environments cannot be overstated. According to Kaspersky’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT), nearly 23.5% of ICS computers encountered malicious objects in the latter half of 2024. This statistic underscores the critical need for organizations to prioritize cybersecurity strategies and implement comprehensive solutions to safeguard their assets and processes. Kaspersky’s enhancements to KICS are a direct response to this pressing demand.
Key Enhancements to Kaspersky Industrial CyberSecurity
1. Improved Configuration and Change Management
One of the standout features of the updated KICS is its enhanced configuration and change management capabilities. The platform allows for thorough inspection of security settings and monitoring of changes across OT infrastructure. With both agent-based and agentless polling options for Windows and Linux hosts, network devices, and Programmable Logic Controllers (PLCs), KICS can collect configurations efficiently. A predefined set of configurations is available out of the box, ensuring organizations can easily monitor changes and analyze discrepancies in their systems.
2. Expanded Asset Type Support for Incident Investigations
KICS for Networks has been upgraded to support a broader range of asset types, including installed software, patches, local users, and discovered executables. This enhancement allows for automatic change management and alerts when deviations are detected. By simplifying the incident investigation process, security professionals can quickly identify suspicious executables or trace specific user actions, significantly improving response times to potential threats.
3. Automated Network Topology Visualization
The updated KICS platform now includes a topology map that provides real-time insights into asset connections and security state changes for devices without installed agents. Scheduled active polling tasks automate the creation of this topology map, ensuring that connection data, asset attributes, and security settings remain current. Each scheduled run generates a detailed report, offering valuable insights into query results and any identified issues.
4. Enhanced Anomaly Detection in Digital Substations
KICS for Networks has introduced capabilities to import Substation Configuration Description (SCD) files, allowing for detailed analysis of configurations and IEC 61850 settings. This feature enables the detection of unauthorized network connections, anomalous activities, and communication failures within digital substations. By monitoring these networks against reference configurations, KICS can identify misconfigurations and operational issues, enhancing overall system reliability.
5. SD-WAN Sensor for Distributed OT Networks
For organizations with geographically distributed infrastructures, Kaspersky has implemented a new architecture that supports up to 100 monitoring points on a single KICS for Networks node. When physical sensors cannot be deployed at remote sites, traffic can be routed directly to a central KICS for Networks node. This innovative use of Software-Defined Wide Area Network (SD-WAN) technologies allows for seamless monitoring of industrial traffic, ensuring that organizations can maintain oversight across all locations.
6. Upgraded Portable Scanner for Comprehensive Audits
The KICS Portable Scanner has received significant upgrades, expanding its host inspection capabilities. New scanning technologies include host inventory, vulnerability assessments, compliance checks, and security settings inspections. Additionally, the scanner can capture traffic and perform anti-malware scans, even on legacy systems like Windows 2000 SP4. This versatility ensures that organizations can conduct thorough audits and maintain robust security postures across their entire infrastructure.
Conclusion
As the industrial sector grapples with an evolving threat landscape, Kaspersky’s enhancements to its Industrial CyberSecurity platform represent a proactive approach to safeguarding critical infrastructure. By addressing the unique challenges posed by IT-OT convergence and the increasing sophistication of cyberattacks, Kaspersky is equipping industrial enterprises with the tools they need to protect their assets and ensure operational continuity. With these advancements, organizations can not only respond to current threats but also build a resilient cybersecurity framework for the future.