Singapore – Kaspersky, a cybersecurity firm, has recently announced the latest enhancements to its industrial cybersecurity platform, aiming to address the challenges and increasing threats among operational technologies and critical infrastructure.
According to the firm, one of the significant updates to Kaspersky Industrial CyberSecurity (KICS) introduces a native XDR platform, crafted for industrial enterprises. This solution defends OT and critical infrastructure from cyber-based threats.
KICS provides comprehensive protection through the integration of KICS for Nodes, thereby securing endpoints in distributed control systems, and KICS for Networks. This move oversees the network security of automation systems and shields equipment from network-related threats.
With this update, the platform now offers improved configuration and change management for OT infrastructure, offering a predefined set of configurations for all supported asset types that can be collected manually or in scheduled mode.
The accumulated configuration archive remains always available for review, allowing for change monitoring and analysis of any detected inconsistencies.
Another crucial benefit of the update also concerns new asset types for enhanced context during incident investigations. This enables automatic change management and alerts when deviations are detected.
In particular, the aggregated lists of software and users greatly simplify the incident investigation process, enabling security professionals to easily identify all hosts with suspicious executables or find specific user actions in registered events.
Next is a scheduled active polling and automated network topology visualisation, which now supports scheduling, to automate the creation of this map and keep connection data, asset attributes, and security settings up to date.
Each scheduled run is supplemented with a detailed report, including query results and any identified issues.
Apart from these benefits, the company also noted increased capabilities to detect anomalies in digital substations. The recently upgraded KICS platform now enables the import of SCD (substation configuration description) files to analyse configurations, the extraction of asset attributes, and the review of IEC 61850 settings. It also provides a report of identified errors and misconfigurations. 7
By monitoring substation networks based on reference configurations, it then enables the detection of unauthorised network connections, anomalous activity, and failures or errors in IEC 61850 communications. This indicates improper operation or equipment misconfigurations.
Furthermore, the recently enhanced KICS provides a new architecture for geographically distributed infrastructures, enabling support for up to 100 monitoring points on a single KICS for Networks node.
SD-WAN technologies offer unlimited options to develop new software-defined wide area networks between company branches, enabling industrial traffic copies to be delivered from the source switch to the monitoring node.
Lastly, it also brings an updated portable scanner with improved audit, inventory, and inspection capabilities. With the update, it expands host inspection capabilities with new scanning technologies such as host inventory, vulnerability, compliance, and security settings inspection scans, and traffic capturing, which can also be configured to a classic anti-virus scan on the USB drive writing stage. The portable scanner now also supports anti-malware scanning of Windows 2000 SP4 hosts.
In addition, Kaspersky has also updated its managed detection and response, with enterprises now allowing outsourcing key cybersecurity functions such as threat monitoring, detection, threat hunting, and incident analysis to Kaspersky experts.
This strategic approach provides organisations with access to necessary expertise and reliable cybersecurity solutions. It also enables organisations to effectively counter the growing volume and complexity of cyberattacks on critical infrastructure and effectively allows them to optimise their internal resources when these resources are limited.
Andrey Strelkov, head of the industrial cybersecurity product line at Kaspersky, said, “We are always aiming to help customers build more reliable and converged protection of their IT and OT assets.”
“With the new KICS release, we introduced new features that can help to strengthen critical infrastructure, drastically improve visibility and control over assets in industrial networks, improve user experience, situational awareness, and deployment flexibility for geographically distributed OT networks. Moreover, we streamlined our MDR service, enabling businesses to engage with experts from our internal SOC to analyse incidents, prevent attacks, and receive relevant recommendations,” added Strelkov.
