In response to the increased challenges and escalating threats facing operational technologies (OT) and critical infrastructure, Kaspersky has enhanced its Kaspersky Industrial CyberSecurity, a native Extended Detection and Response Platform for industrial enterprises, and streamlined Managed Detection and Response for Industrial Control Systems (ICS), a service that helps to perform key Security Operation Center functions for organisations that may lack dedicated personnel.

The new reality for owners and operators of industrial infrastructures is shaped by IT-OT convergence, high regulatory requirements, and the rise of cyberattacks in the industrial sector. According to Kaspersky ICS Cyber Emergency Response Team, malicious objects were blocked on almost one quarter (23.5%) of ICS computers in the second half of 2024. This highlights the persistent and significant level of threats, underscoring the need for companies to prioritise their cybersecurity strategy and implement comprehensive, reliable solutions to protect all their assets and processes. To meet this growing demand, Kaspersky has tailored its key solutions specifically designed to safeguard industrial companies.

Kaspersky Industrial CyberSecurity enhancing OT and critical infrastructure

The first significant update concerns Kaspersky Industrial CyberSecurity (KICS), a native Extended Detection and Response (XDR) Platform designed specifically for industrial enterprises. It is certified to protect OT and critical infrastructure equipment and networks from cyber-initiated threats. Designed to comprehensively secure the industrial automation and control systems, it consists of KICS for Nodes, which focuses on endpoints in distributed control systems, and KICS for Networks, which monitors automation system network security and protects automation system equipment from network-initiated threats.

With the new release, the platform introduces the following enhanced capabilities:

Improved configuration and change management for OT infrastructure. KICS enables security settings inspection and change monitoring through agent-based or agentless polling for Windows and Linux hosts, network devices, and PLCs to collect configurations. A predefined set of configurations is provided out of the box for all supported asset types and can be collected manually or in scheduled mode. The accumulated configuration archive is always available for review, and can be used to monitor change and analyse identified discrepancies.

New asset types for enhanced context during incident investigations. KICS for Networks now supports the reception and aggregation of additional types of assets including installed software, patches, local users and discovered executables. When KICS for Nodes is installed on a host (both in Windows and Linux), it automatically transmits this information to KICS for Networks with periodic updates. This provides automatic change management and alerts when deviations are detected. The aggregated lists of software and users greatly simplify the incident investigation process, allowing security professionals to easily identify all hosts with suspicious executables or find specific user actions in registered events.

Scheduled active polling and automated network topology visualisation. KICS provides a topology map that displays real-time information about asset connections and manages security state changes for devices without installed agents, such as computers and switches. Active polling tasks now support scheduling, to automate the creation of this map and keep connection data, asset attributes and security settings up to date. Each scheduled run is supplemented with a detailed report, including query results and any identified issues.

Increased capabilities to detect anomalies in digital substations. KICS for Networks now supports the import of SCD (substation configuration description) files to analyse configurations, the extraction of asset attributes, and the review of IEC 61850 settings. SCD files are created on the substation design phase and describe complete substation configuration – IEDs, computers, network communication settings, process control values and more. The solution also provides a report of identified errors and misconfigurations. By monitoring substation networks based on reference configurations it enables the detection of unauthorised network connections, anomalous activity, and failures or errors in IEC 61850 communications. This indicates improper operation or equipment misconfigurations.

SD-WAN sensor for monitoring OT networks traffic at geographically distributed sites. The updated KICS provides a new architecture for geographically distributed infrastructures, enabling support for up to 100 monitoring points on a single KICS for Networks node. When KICS for Networks sensors cannot be placed at remote sites due to the equipment size or connectivity limits, traffic from remote sites can be transferred directly to a KICS for Networks node located at a central office. SD-WAN technologies provide unlimited options to establish new software-defined wide area networks between company branches allowing industrial traffic copies to be delivered from the source switch to the monitoring node.

Updated Portable Scanner with improved audit, inventory and inspection capabilities. The KICS Portable Scanner expands host inspection capabilities with new scanning technologies such as host inventory, vulnerability, compliance and security settings inspection scans, and traffic capturing, which can also be configured to a classic anti-virus scan on the USB drive writing stage. The portable Scanner now also supports anti-malware scanning of Windows 2000 SP4 hosts.

Kaspersky MDR for ICS to perform cybersecurity functions in case of limited in-house security operations

Another update concerns Kaspersky Managed Detection and Response, a service that supports industrial companies experiencing staff shortages or skill gaps. Enterprises can now outsource the key cybersecurity functions such as threat monitoring, detection, threat hunting, and incident analysis to Kaspersky experts. This provides organisations with access to necessary expertise and reliable cybersecurity solutions. The service also allows the organisations to effectively counter the growing volume and complexity of cyberattacks on critical infrastructure, and effectively allows them to optimise their internal resources, when these resources are limited.

“We are always aiming to help customers build more reliable and converged protection of their IT and OT assets. With the new KICS release, we introduced new features that can help to strengthen critical infrastructure, drastically improve visibility and control over assets in industrial networks, improve user experience, situational awareness and deployment flexibility for geographically distributed OT networks. Moreover, we streamlined our MDR service, enabling businesses to engage with experts from our internal SOC to analyse incidents, prevent attacks, and receive relevant recommendations,” comments Andrey Strelkov, Head of the Industrial Cybersecurity Product Line at Kaspersky.

To learn more about Kaspersky Industrial CyberSecurity and Kaspersky Managed Detection and Response, please visit the respective website.