Support

Support for business applications

Kaspersky Industrial CyberSecurity for Networks

Performing common tasks

Monitoring risks

Kaspersky Industrial CyberSecurity for Networks
Нет результатов
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Monitoring risks

March 22, 2024

ID 232408

Get as PDF

Kaspersky Industrial CyberSecurity for Networks can detect risks that could affect resources of an information system. The application detects risks based on traffic analysis and received information on devices.

The detected risks may belong to the following categories:

  • Vulnerability. This category includes detected vulnerabilities of devices.
  • Configuration problems. This category includes risks affecting the secure operation of devices due to incorrect configurations and risks of data compromise when writing and reading configurations of devices.
  • ICS security breach. This category includes risks of information security breaches in automated industrial control systems.
  • Insecure network architecture. This category includes risks associated with the detection of insecure network interactions, devices, protocols, and software, risks from inactivity of authorized devices, and risks from the absence or improper operation of EPP applications on devices.

Each risk is scored on a scale from 0.0 to 10.0. The application calculates this numeric risk score value based on the available information about the device associated with the detected risk. When calculating a risk score, the application considers the level of importance of the device, and other risks associated with this device. A base score is used as the initial value for calculations. Base scores of risks in the Vulnerability category are determined according to the Common Vulnerability Scoring System (CVSS). All other risk categories utilize the base scores defined in the table of risk types.

Information about risks is uploaded to the database of detected risks on the Kaspersky Industrial CyberSecurity for Networks Server. The total volume of saved entries in the database cannot exceed the defined limit. If the volume exceeds the defined limit, the application automatically deletes 10% of the oldest entries. You can set a maximum volume limit for detected risks when configuring data storage settings on the Server node.

The contents of the database of detected risks are displayed in the Risks section of the application web interface. You can also view general information about the risks associated with devices in the Assets section on the Devices tab.

In this section:

About risks in the Vulnerability category

Scenario for implementing the continuous risk management process

Viewing the risks table

Viewing risk details

Manually changing the statuses of risks

Viewing risk details when working with the devices table

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.