KASPERSKY LAB in Industrial Control Systems Security Solutions

The company offers the following products in the ICS security market:

• Anomaly Detection
• Integrity Control
• Antimalware
• Firewall and IPS
• Application Control
• Centralized Management
• Forensic Tools

The company offers the following services in the ICS security market:

Education and Intelligence

• Cybersecurity Training
• Awareness Programs
• Intelligence Reporting

Expert Services

• Cybersecurity Assessment
• Solution Integration
• Incident Response

Kaspersky Industrial CyberSecurity for Nodes

KICS for Nodes explicitly addresses dangers at administrator level in ICS conditions. It verifies ICS/SCADA servers, HMIs, and designing workstations from the different kinds of cyber threats that can result from human elements, conventional malware, and directed assaults or damage.

Uprightness control innovations highlighted in KICS for Nodes include:

• Control of utilization establishment and start-up as indicated by whitelisting (best practice for mechanical control organizes) or boycotting arrangements
• Control of utilization access to working framework assets: records, envelopes, and framework library
• Control of a wide range of executable running in Windows conditions, including .exe, .dll, .ocx, drivers, ActiveX, contents, direction line translators, and part mode drivers
• Updating utilization notoriety information
• Pre-characterized and client characterized application classifications to oversee controlled application records
• Fine-tuning of utilization controls for various clients
• Prevention or location just modes: obstructing any application that isn't whitelisted or, in 'watching' mode, permitting applications which aren't whitelisted to run

Device Control

Based on family, device category, and specific device ID, management of access to removable devices, peripherals, and system busses.

• Support for both whitelisting and blacklisting approaches
• Granular, per-computer, and per-user policy assignment to a single user or a group of users.
• Prevention or detection-only mode

Host-based Firewall

Some of the key functionalities:

• Restricted ports and networks can be accessed.
• Discovery and blocking of network attacks launched from internal sources which may introduce malware that can scan and infect the host.

Wi-Fi Network Control

Connectivity to any unauthorized Wi-Fi networks can be monitored. Based on Default Deny technology, the Wi-Fi Control task is blocks connections to any Wi-Fi network in the task settings.

PLC Respectability Check

This empowers extra command over PLC arrangements by periodical checks against a chose, Kaspersky Lab-verified server. The subsequent checksums are looked at against spared 'Etalon' values, and any deviations are accounted for.

Document Integrity Monitor

This element is intended to follow activities performed inside determined records and organizers in the checking extensions indicated in the assignment settings. It can be utilized to recognize document changes that may show a security rupture on the ensured server – like changes to SCADA ventures put away on a SCADA server.

Advanced Anti-malware Protection

Kaspersky Lab’s proactive malware detection and prevention technologies are improved and re-designed to meet heavy resource consumption and system availability requirements. Advanced anti-malware protection is designed to work effectively in a static environment. Some of the technologies offered by the Kaspersky Lab:

• Signature-based malware detection
• On-access and on-demand detection
• In-memory (resident) detection
• Ransomware detection via special Anti-Cryptor technology
• Kaspersky Security Network (KSN) and Kaspersky Private Security Network (KPSN), enabling the ultimate malware detection service

Trusted Updates

There is no impact of Kaspersky Lab security updates on the availability of the protected system when compatibility checks are performed before both database/component releases and process control system software/configuration updates. Potential resource consumption issues can be addressed through a number of ways:

• Compatibility tests can be performed with industrial automation vendor software on the Kaspersky Lab test bed.
• IAV performs compatibility checks.
• Kaspersky Lab checks security database updates: SCADA server, workstation, and HMI images are integrated into Kaspersky Lab’s test bed.
• Kaspersky Security Center automate and test the Kaspersky Lab security updates.

Kaspersky Industrial CyberSecurity for Networks

Kaspersky Lab's framework level security course of action works at the advanced correspondence tradition (Modbus, IEC stack, and ISO) layer, examining mechanical traffic for inconsistencies by methods for forefront DPI (Deep Packet survey) development.

KICS for Networks passes on inert framework traffic checking of variations from the norm and framework security while remaining imperceptible to potential aggressors. KICS for Networks has a specific designing – sensors can be sent autonomously from a central control unit.

KICS for Networks offers a trusted platform that can monitor process control command flow and telemetry data, and enabling, among other things to industrial users:

• Detection of any command which would reconfigure a PLC or change the PLC state
• Control parameter changes in technology processes
• Mitigation from of ‘advanced’ insider interference from engineers, SCADA operators, or other internal staff with direct access to systems as well as protection from outside threats

Kaspersky Industrial CyberSecurity

Security across enterprises should operate at both node and network levels to ensure the highest levels of protection from attacks. KICS  is controlled through a single management console, Kaspersky Security Center, enabling:

• Centralized management of security policies - different protection settings can be set for different nodes and groups.
• Facilitate testing of updates before roll-out onto the network, thereby integrating the full process.
• Role-based access aligned with security policies and urgent actions. Ease of control and visibility at multiple sites are enabled by the Kaspersky Security Center.