Kaspersky’s Industrial CyberSecurity for Networks now flags vulnerabilities in equipment and gives recommendations for their mitigation. Added support for the BACnet protocol allows the product to protect smart building systems. Automated learning mode for traffic monitoring, seamless protocol updates, and the new web console also simplify management and improve efficiency in fighting industrial threats.
Recent Kaspersky research has shown that 39% of industrial control systems’ (ICS) computers were subjected to cyberattacks in 2020. To ensure these attacks don’t affect critical industrial processes, the protection should cover the entire heterogeneous OT environment, with diverse equipment and customised systems. It is also important to be aware of vulnerabilities in ICS software, to prevent them from being used for advanced threats, to reduce the attack surface and minimise possible consequences of a cybersecurity breach.
The new version of Kaspersky Industrial CyberSecurity for Networks enables vulnerability management to help customers learn about new weaknesses in their equipment and patch or mitigate them in time. The accurate and comprehensive details, such as CVE-ID, criticality, exploitation conditions, possible consequences and guidance for mitigation, are available in the product management console, so there is no need to inspect dedicated reports in multiple third-party sources that may not necessarily include all background information and practical recommendations. The data is provided by Kaspersky Industrial Control Systems’ Cyber Emergency Response Team (ICS CERT), a global project devoted to identifying potential and existing threats that target industrial automation systems and industrial IoT.
To ensure protection of diverse OT environments and devices, the platform enhances protocol support and adds new ones, such as MICOM, Profinet, TASE.2, DirectLogic, and BACnet, thanks to which, Kaspersky Industrial CyberSecurity for Networks can now be used for smart building automation system protection. The new protocols and DPI (deep packet inspection) algorithms for traffic inspection are being delivered seamlessly through automatic database updates.
In terms of incident prevention, the enhanced product significantly simplifies the task of rules creation to detect deviations in OT traffic. During the new learning mode, Kaspersky Industrial CyberSecurity for Networks analyses how the manufacturing process parameters (tags) change and automatically creates the rule for normal work of the equipment. This is so the IT security operator doesn’t need to create them manually.
Kaspersky Industrial CyberSecurity also suggests numerous usability and manageability enhancements. A brand new web console offers extended incident visualisation capabilities for more detailed threat analysis. Information about detected incidents is now mapped to MITRE ATT&CK for ICS attacks tactics and techniques, so security experts can have additional insights for attack investigation. In the web console, the administrator can quickly deploy the platform to new industrial equipment and add connectors to third-party systems, such as SIEM, firewalls or SCADA via REST API.
“Proper protection for OT environments can require fine-tuning and many manual steps. Our goal in this update was to simplify this task for IT security teams: make security management more convenient, improve equipment coverage, and automate functions. The added vulnerability management also simplifies this traditionally daunting task. Indeed, unlike IT devices, OT cannot always be updated at the click of a mouse and without consequences for neighboring systems. But it is still important to find ways for patching or mitigation, with which Kaspersky Industrial CyberSecurity for Networks now helps,” comments Andrey Strelkov, Product Manager, Enterprise Products, Kaspersky.
“Continuous vulnerability assessment is one of the cornerstones of any enterprise cybersecurity. You must be aware of a vulnerability to address it. At the same time, patching its ICS is very challenging for an industrial facility, for several reasons.
“The main reason lies in the fact that it is only possible to identify vulnerable devices in the control system of an operating enterprise by passive means, and this requires highly accurate information about the vulnerability (an exact list of vulnerable versions of products and their configurations). Such exact data makes it clear whether an asset is vulnerable. Additionally, it gives the opportunity to plan compensatory measures in case a patch is not available or could not be installed in a timely manner. Unfortunately, this level of detail is not always available when dealing with public sources of information on ICS vulnerabilities – it can often be insufficient.
KICS for Networks automates continuous vulnerability assessment, by passively detecting vulnerable versions of ICS products in the industrial network, based on our exclusive private ICS vulnerability database. It could be the first effective solution for the vulnerability management problems that industrial enterprises face today” comments Evgeniy Goncharov, Head of Kaspersky ICS CERT.
Read the latest edition of PCR’s monthly magazine below: