Kaspersky Bolsters Industrial Cybersecurity Defenses

In response to the growing challenges and increasing threats to operational technologies (OT) and critical infrastructure, Kaspersky has upgraded its Kaspersky Industrial CyberSecurity (KICS) platform. The platform now incorporates enhanced features, functioning as a native extended detection and response (XDR) solution specifically for industrial enterprises. These improvements are designed to provide advanced detection and real-time response to threats across industrial environments, making it a robust tool for protecting complex systems.

Additionally, Kaspersky has streamlined its Managed Detection and Response (MDR) services for Industrial Control Systems (ICS). This service assists organizations, particularly those lacking dedicated cybersecurity personnel, by managing key Security Operations Center (SOC) functions. This proactive approach ensures timely threat detection, analysis, and mitigation, helping to secure industrial infrastructure against emerging cyber threats.

The industrial sector is facing a new reality driven by IT-OT convergence, strict regulatory demands, and a significant rise in cyberattacks targeting industrial infrastructures. Kaspersky’s ICS CERT reports that in the second half of 2024, malicious objects were blocked on 23.5% of Industrial Control Systems (ICS) computers, underscoring the persistent level of threats in the sector. This highlights the need for industrial companies to prioritize cybersecurity and deploy solutions that are specifically designed to protect critical infrastructure.

In response, Kaspersky has tailored its core offerings to meet these challenges. Its enhanced Kaspersky Industrial CyberSecurity (KICS) and Managed Detection and Response (MDR) services are now equipped to provide industrial companies with real-time threat detection, response, and protection against the growing number of sophisticated attacks. These solutions address the entire cybersecurity landscape of industrial environments, ensuring the safety of both IT and OT systems, and allowing industrial operators to meet regulatory standards while safeguarding assets and processes. 

Kaspersky Industrial CyberSecurity enhancing OT and critical infrastructure platform introduces the following enhanced capabilities:

#  Improved configuration and change management for OT infrastructure

KICS enables security settings inspection and change monitoring through agent-based or agentless polling for Windows and Linux hosts, network devices, and PLCs to collect configurations. A predefined set of configurations is provided out of the box for all supported asset types and can be collected manually or in scheduled mode. The accumulated configuration archive is always available for review, and can be used to monitor change and analyze identified discrepancies.

# New asset types for enhanced context during incident investigations

KICS for Networks now supports the reception and aggregation of additional types of assets including installed software, patches, local users and discovered executables. When KICS for Nodes is installed on a host (both in Windows and Linux), it automatically transmits this information to KICS for Networks with periodic updates. This provides automatic change management and alerts when deviations are detected. The aggregated lists of software and users greatly simplify the incident investigation process, allowing security professionals to easily identify all hosts with suspicious executables or find specific user actions in registered events.

#  Scheduled active polling and automated network topology visualization

KICS provides a topology map that displays real-time information about asset connections and manages security state changes for devices without installed agents, such as computers and switches. Active polling tasks now support scheduling, to automate the creation of this map and keep connection data, asset attributes and security settings up to date. Each scheduled run is supplemented with a detailed report, including query results and any identified issues.

# Increased capabilities to detect anomalies in digital substations

KICS for Networks now supports the import of SCD (substation configuration description) files[2] to analyze configurations, the extraction of asset attributes, and the review of IEC 61850 settings. It also provides a report of identified errors and misconfigurations. By monitoring substation networks based on reference configurations it enables the detection of unauthorized network connections, anomalous activity, and failures or errors in IEC 61850 communications. This indicates improper operation or equipment misconfigurations.

# SD-WAN sensor for monitoring OT networks traffic at geographically distributed sites

The updated KICS provides a new architecture for geographically distributed infrastructures, enabling support for up to 100 monitoring points on a single KICS for Networks node. When KICS for Networks sensors cannot be placed at remote sites due to the equipment size or connectivity limits, traffic from remote sites can be transferred directly to a KICS for Networks node located at a central office. SD-WAN technologies provide unlimited options to establish new software-defined wide area networks between company branches allowing industrial traffic copies to be delivered from the source switch to the monitoring node.

# Updated Portable Scanner with improved audit, inventory and inspection capabilities

The KICS Portable Scanner expands host inspection capabilities with new scanning technologies such as host inventory, vulnerability, compliance and security settings inspection scans, and traffic capturing, which can also be configured to a classic anti-virus scan on the USB drive writing stage. The portable Scanner now also supports anti-malware scanning of Windows 2000 SP4 hosts.