WIXLIB

KasperskyIndustrialCyberSecurity:solution overview

Kaspersky IndustrialCyberSecurity: solution overviewIntroductionHistorically, industrial companies all over the world have approached cybersecurityin their IT and OT (operational technology) networks differently. Most companiesalready have mature breach detection and incident response measures in theircorporate infrastructure, but when it comes to OT they usually rely on an out ofdate air-gap approach. Industrial companies are becoming increasingly ‘digital’,investing more and more in smart technologies, new automation systems, and theadoption of digital transformation. That actually erases the gap between IT and OTenvironments that is used to prevent cyberthreats from reaching industrial controlsystems. According to Kaspersky ICS CERT, in the first half of 2021 the percentageof ICS computers on which malicious objects were detected reached 33.8%1.What are these threats?First of all, they include the risk of accidental infectionby conventional malware. You don’t have to be a target tobecome a victim. A single flash drive or phishing email witha banking Trojan or ransomware brought unintentionally intothe ICS environment can seriously affect the core businessof a company. Even if accidental infections do not occur thatoften, it is obvious that a motivated hacker can also penetrateOT networks and cause considerable damage to expensiveequipment or production, or steal valuable information.What are the proper OTcybersecurity measures?1. Industrial endpoint protection to prevent accidentalinfections and make motivated intrusion more difficult.2. OT network monitoring and anomaly detection to identifymalicious actions on the level of programmable logiccontrollers (PLCs).3. Training programs for employees to reduce accidentsand minimize the human factor.4. Dedicated expert services to investigate the infrastructure,conduct expert analytics or mitigate the impact of anincident.1T hreat landscape for industrial automation systems, H1 2021, Kaspesky ICS tems-statistics-for-h1-2021/1

What does Kaspersky provide?Kaspersky addresses all the cybersecurity needs of industrial organizations in its KasperskyIndustrial CyberSecurity (KICS) portfolio. KICS offers a holistic approach to industrialcybersecurity, bringing value to any stage of the customer’s OT security process – fromcybersecurity assessments and training to advanced technologies and incident response.Kaspersky Industrial ICS forNodesSERVICESIndustrialAnomaly andBreach DetectionCentralizedSecurityManagementKICS forNetworksKasperskySecurityCenterTrainingand AwarenessExpert Servicesand IntelligenceIn 2020, Kaspersky was mentioned in Gartner report“Competitive Landscape: Operational Technology Security”2as a representative vendor in 4 product categories, including: OT Endpoint security; OT Network Monitoring and Visibility; Anomaly Detection, Incident Response and Reporting; OT Security Services2.Frost and Sullivan recognizes Kaspersky with the2020 Global Company of the Year Award based on recentanalysis of the Global Industrial (OT/ICS) Cyber Securitymarket³. Kaspersky is also the top vendor in the industrialcybersecurity category, based on overall sentimentratings by over 250 qualified professionals in the industrialautomation community, in VDC’s annual global survey⁴.Meanwhile, Forrester’s studies show an ROI of 368% fora company using Kaspersky Industrial CyberSecurity forNodes5 and an ROI of 135% for a company using KasperskyIndustrial CyberSecurity for Networks6 as well as otherbenefits such as expert support and peace of mind.23456G artner: Competitive Landscape: Operational Technology Security, March 2020.https://www.gartner.com/document/3892469 (Gartner subscription is required to access the full report) Frost & Sullivan: Best Practices Awards. 2020 Global Industrial (OT/ICS) Cyber Security Company of the Year 301168341.htmlV DC Research: Industrial IoT Vendor Awards. 2020.https://ics.kaspersky.com/media/KICS award VDC 2020.pdfF orrester Study: The Total Economic Impact of Kaspersky Industrial CyberSecurity, April ics Forrester Study: The Total Economic Impact of Kaspersky Industrial CyberSecurity, May or-Networks2

ProductsKICS products are designed to comprehensively secure the industrial elements of yourorganization: KICS for Nodes is aimed at industrial endpoints, while KICS for Networksmonitors industrial network security.KICS for Networks can retrieve important data fromindustrial endpoints protected with KICS for Nodes toimprove customer experience, situational awarenessand deployment flexibility. Security administrators caninvestigate accidents with a broad context: EPP-enrichedincident details, precise asset parameters detection, andnetwork communication maps from segments where trafficmirroring is not yet available.Kaspersky Industrial CyberSecurity products deploymentKaspersky softwareKaspersky softwareInternet Internetffice NetworkOffice t DMZ NetworkPlant DMZ NetworkADA/DCSSCADA/DCSNetworkNetworkKICSfor NodesKICSKICSforforNodesNodesntrol NetworkControl NetworkldbusKICSfor NodesSPANPLCPLCPLCPLCKICS for NetworksKICS for NetworksKICS for NodesFieldbus3SPANKICS for Nodes

KICS for NetworksKICS for Networks is an OT network monitoring and visibility solution, delivered assoftware or a virtual appliance, passively connected to the ICS network.The benefits:9 Asset discoverypassive OT assetidentification and inventoryKICS for Networks detects anomalies and intrusionsinside ICS networks in their early stages and ensures thenecessary actions are taken to prevent any negativeimpact on industrial processes.9 Deep packet inspectionalmost real-time analysis oftechnical process telemetryKICS for Networks is an appliance-agnostic solution thatallows the customer to choose the industrial computingappliance vendor they trust the most.9 Network integrity controldetection of unauthorizednetwork hosts and flowsThe KICS for Networks interface displays a live dashboardand a network map, allowing working with assets andsecurity events.9 Intrusion detection systemsends alerts about maliciousnetwork activitiesExample of KICS for Networks appliance9 Command controlinspects commands overindustrial protocols9 External systemsexternal detectioncapabilities by APIintegrationKICS for Networks interface9 Machine learning foranomaly detection (MLAD)finds cyber or physicalanomalies through real-timetelemetry and historicaldata mining (recurrentneural network)9 Vulnerability management:updatable database ofvulnerabilities in industrialequipment, powered byKaspersky ICS CERT4

KICS for NodesKICS for Nodes is an OT endpoint security product, delivered as software for Windowsand Linux-based machines.The benefits:9 Low impact on protecteddevice9 Highest compatibility9 Advanced malwareprotectionKICS for Nodes was specially designed to consume minimalresources. Built on security and embedded systems,its modular architecture means you only have to install theprotective components you need. Protective componentscan be configured to the threat prevention mode or todetection-only mode. This approach is ideal for legacy,low-performance machines that require the maximumavailable computing power.9 Control of environmentKICS for Nodes functions and supported endpointsApplication Launch ControlHistorianserverGatewayAnti -MalwareSCADAserverDevice controlSCADA files integrity checkPLC integrity checkIndustrial EndpointProtectionAnti -CryptorExploit preventionLog inspectorOperatorworkstationKICS forNodesWi-Fi controlFirewall management“We decided to partner withKaspersky as KasperskyIndustrial CyberSecuritycould be implemented whilstour operations were stillrunning, and because thesolution is compatible withthe control systems we gineeringworkstationKICS for Nodes secures industrial nodes from the varioustypes of cyberthreat that can result from human factors,generic malware, targeted attacks or sabotage. KICS forNodes is compatible with the software and hardwarecomponents of industrial automation systems, such asSCADA, PLC and DCS.Jan Houben, Plant Manager,AGC Glass Germany GmbH5

Kaspersky Security CenterKaspersky Security Center is a centralized security management solution for securityorchestration of the entire OT infrastructure, with a map of all geographically distributedassets enriched with events, incident analytics and more.The benefits:9 Systems management Centralized system datacollection Centralized softwaredeployment Vulnerability detectionand patch management Extended clientmanagement capabilities9 Policy management Centralized security policymanagement Remote task schedulingand execution9 Reporting and notificationEvent loggingDashboards and reportsSMS/email notifications9 SIEM integration Arcsight, Splunk, Qradar Syslog server9 HMI integration9 MES dashboard integration Security status andinformation delivery to IEC104/OPC 2.0 compatible hostKaspersky Industrial CyberSecurity:servicesOur suite of services forms an important part of the KICS portfolio – we provide the fullcycle of security services, from industrial cybersecurity assessment to incident response.Expert services“Their experience in the ICScybersecurity domain,professionalism and thecomplexity of their solution,in comparison with othersuppliers, has given us greatvalue and ensured a brightfuture for our company’ssecurity strategy” Industrial Cybersecurity Assessment: Kasperskyprovides a minimally invasive industrial cybersecurityassessment, including external and internal penetrationtesting, OT security assessment and automationsolution security assessment. Kaspersky experts providesignificant insights into a company’s infrastructure andgive recommendations on how to strengthen the ICScybersecurity posture.Ondřej Sýkora, C&Amanager, Plzeňský Prazdroj Threat Intelligence: Up-to-date analytics collected byKaspersky experts help enhance the customer’s protectionfrom targeted industrial cyberattacks. Provided as TIfeeds or tailored reports, they meet specific customerneeds according to regional, industry and ICS softwareparameters.6