Cyber threat protection targeting industrial networks – Kaspersky ICS (KICS)

Industrial networks are very often the most forgotten aspects of IT security, even though they are a vital part of our modern life.

There are many reasons for this, but the main ones are:

  • Business and approaches are historically separated from standard IT,
  • Often mistaken idea that industrial networks are completely isolated from the rest of the world,
  • Software that has been running for a very long time on obsolete operating systems that are difficult to update.

Yet, even if they are less publicized than those affecting the general public, threats exist and many examples regularly appear in the press.

Kaspersky proposes a dedicated solution named Kaspersky Industrial Cybersecurity or KICS

This solution offers two main areas of protection:

  • KICS for Networks for threat detection on industrial networks,
  • KICS for Nodes for the protection of HMI (Human-Machine Interface).

 

KICS solutions have been designed with the criticality of the monitored elements in mind and avoid or make it impossible to achieve a false positive.

The solutions are compatible with most suppliers on the market, and development is possible for specific equipment.

KICS for Networks

KICS for Networks is a physical or virtual appliance that listens to the network at one or more strategic locations.

Connected to listening through a TAP or SPAN port, it has no impact on the transmissions themselves (thus avoiding any false-positive) but allows to alert in case of suspicious behavior in order to take corrective actions before it is too late.

It thus makes it possible to protect against attackers using the network as a vector of attack, whether from inside or outside.

 

The main features of KICS for Networks are:

  • Inventory of equipment and its communications
  • Detects unauthorized connections and communications
    • New equipment
    • Network scanning
    • Malware
    • etc…
  • Detects intrusion attempts (IDS) through exploits or brute force attacks
  • Detects critical PLC commands (DPI)
    • Reading and changing of project/ PLC program
    • Attempts at authentication
    • Start/stop attempts
    • Reading and modifying configurations
    • etc…
  • Controls technological process parameters (DPI)
    • Valid intervals (Min < X < Max)
    • Dependencies between parameters (if..and/or..if..then)
    • Attempted fraud
    • Human errors
  • Saves important communications for investigation

KICS for Nodes

Kaspersky takes advantage of its experience in endpoint protection to offer a solution focused on the main security elements related to the industrial environment, thus avoiding false positives.

The agent is available on all Windows platforms (including embedded versions) from Windows XP.

It is designed to have a minimal impact on machine performance, has a “monitoring only” mode and is designed for isolated environments (easy updates in Airgap,…).

It thus protects against the use of known vulnerabilities on obsolete operating systems and minimizes the attack surface.

The main features of KICS for NODES are:

  • Control of application startup
  • Device control (USB key,…)
  • Anti-malware engine
  • Anti-Cryptor
  • Control of Wi-Fi networks
  • Firewall

In addition, KICS for Nodes includes PLC integrity checking, checking at regular intervals that the configuration of one or more industrial equipment has not been modified.

To know more about it

Kyos, in partnership with Kaspersky’s ICS specialists, is at your disposal to discuss the various possible approaches for the protection of your industrial environments. Contact-us.