Page 24 - EngineerIT October 2022
P. 24

CYBERSECURITY


                    Kaspersky Industrial Cyber


          Security now delivers EDR and risk



         and compliance assessment of OT








                ith new EDR functionality in Kaspersky Industrial Cyber Security, customers
                can now gain instant visibility on operational technology (OT) security
        Wincidents and run response actions. The solution also helps reveal hidden
        weaknesses in networks, be they vulnerabilities, misconfigurations or non-compliance
        with policies and regulations. With the new features of active polling and a physical
        topology map, organisations can see even more of the assets in their OT network
        and how they interconnect. These new capabilities and the deeper integration of
        Kaspersky Industrial Cyber Security for Nodes and Kaspersky Industrial Cyber Security
        for Networks greatly enhance the OT visibility, control, compliance and threat
        protection.
           IT and OT convergence brings a growing number of connections, equipment
        and services to industrial organisations. Maintaining control, availability, security
        and compliance will require a new generation of dedicated cyber security solutions.
        According to IDC Worldwide IT/OT Convergence 2022 Predictions, by 2024, 30% of
        industrial enterprises will incorporate centralised security management tools to   Andrey Strelkov
        bridge the IT/OT gap. The renewed Kaspersky Industrial Cyber Security platform comes
        alongside this trend.                                                       The updated Kaspersky Industrial
                                                                                  Cyber Security for Nodes is able to
        EDR for OT to get rapid insights on incidents                             automatically audit OT hosts or a
        With EDR in Kaspersky Industrial Cyber Security for Nodes, a cyber security team can   group of hosts for vulnerabilities in
        track malicious activity, analyse the root cause through attack spread path visualisation   the software, misconfigurations, and
        and run response actions on SCADA computers and operator work stations. The product   compliance with local or international
        provides a wide range of response actions that do not impact the industrial process   regulations and corporate policies. The
        unless there is explicit operator intervention, including quarantining or removing a   product uses open vulnerability and
        malicious object, prohibition of running a malicious process in the future, and so on.   assessment language (OVAL) content
        To ensure the threat does not spread to other machines, security specialists can create   to assess hosts. By default, the product
        indicators of compromise (IoCs) or artifacts to indicate a system has been breached and   provides a SCADA vulnerability data base
        run a cross-endpoint response based on these IoCs.                        from Kaspersky ICS-CERT in OVAL format.
           The EDR functionality is delivered as part of KICS for Nodes without the need to   Any OVAL data base can be used, be
        install additional hardware. It works on any operating system, including Windows XP,   it the NIST, CIS or other regulations or
        and is optimal for industrial networks as it doesn’t overload them with traffic and has   custom samples.
        no impact on ICS hosts. On top of this, it doesn’t require any specific skills from IT or OT
        security administrators.                                                  Network visibility and machine
                                                                                  scanning to keep control and
        Risk and compliance assessment to address hidden threats                  react on incidents
        With Kaspersky Industrial Cyber Security for Networks, customers can implement a   Network and device visibility is enhanced
        risk-oriented approach to cyber security. The product can now detect weaknesses that   thanks to active polling and the industrial
        can potentially put OT integrity at risk or cause technology process disruption. The   network physical topology map in
        areas covered include vulnerable network architecture (access to external networks,   Kaspersky Industrial Cyber Security
        lack of segmentation, multi-homed devices); weak host security settings (open ports,   for Networks. Active polling helps to
        lack of authorisation, disabled firewalls); obsolete, vulnerable, unwanted, unencrypted   identify assets in OT systems and their
        protocols and anomalies in network protocols; outdated OS; unauthorised devices and   configuration, while a topology map
        vulnerabilities in the PLCs. All risks are scored for severity in the management console,   visualises the network architecture:
        so security teams can focus on the most critical ones first.              how assets are physically connected and


                                                  EngineerIT | October 2022 | 22
   19   20   21   22   23   24   25   26   27   28   29