Glossary
Account role
Set of access rights that determine the actions available to a user when connected to the Server through the web interface. Kaspersky Industrial CyberSecurity for Networks provides the Administrator role and the Operator role.
Address space (AS)
A network segment defined by the rules that determine sets of addresses, VLAN identifiers, or monitoring points.
ARP spoofing
A technique used by criminals to conduct a "man-in-the-middle" attack on networks that use ARP (Address Resolution Protocol).
Asset Management
Technology for registering events associated with the detection of device information in traffic or in data received from EPP applications (for example, an event for the detection of activity from a previously unknown device).
Command Control
Technology for registering events associated with the detection of system commands for devices in traffic (for example, detection of an unauthorized system command).
CVE
Acronym for Common Vulnerabilities and Exposures. Database of publicly known vulnerabilities and information security risks. Vulnerabilities described in this database are assigned identification numbers in the format CVE-<year>-<number>.
Dedicated Kaspersky Industrial CyberSecurity network
A computer network consisting of computers designed for running applications that are part of the Kaspersky Industrial CyberSecurity solution, and the network equipment that enables interaction between computers. The dedicated network must not be accessible from other networks.
Deep Packet Inspection
Technology for registering events associated with process violations (for example, the set temperature value has been exceeded).
Device
Device that is connected to a computer network and is identified by address information that can be saved in Kaspersky Industrial CyberSecurity for Networks (for example, programmable logic controller, remote terminal, or intelligent electronic device).
Device vulnerability
A defect in device hardware or software that can be exploited by a hacker to impact the operation of the information system or to gain unauthorized access to information.
Endpoint Protection Platform (EPP)
An integrated system providing comprehensive Endpoint Protection (such as mobile devices, computers or laptops) by using various security technologies. An example of an Endpoint Protection Platform is the solution known as Kaspersky Endpoint Security for Business.
EPP application
An application that is included in the Endpoint Protection Platform (EPP). EPP applications are installed to endpoint devices within an enterprise IT infrastructure (such as mobile devices, computers or laptops). One example of an EPP application is Kaspersky Endpoint Security for Windows included in the EPP solution known as Kaspersky Endpoint Security for Business.
Event
Record containing information requiring the attention of an ICS security officer. Kaspersky Industrial CyberSecurity for Networks saves registered events in the database. To view registered events, you need to connect to the Server through the web interface. If necessary, you can configure transmission of events to Kaspersky Security Center and recipient systems.
Event correlation rule
Set of conditions for checking sequences of events in Kaspersky Industrial CyberSecurity for Networks. When Kaspersky Industrial CyberSecurity for Networks detects a sequence of events that meet the conditions of an event correlation rule, the application registers an incident.
Event type
Defined set of parameters for registering events in Kaspersky Industrial CyberSecurity for Networks. A unique number (event type code) is assigned to each event type.
External
Technology for registering incidents and events that are received by Kaspersky Industrial CyberSecurity for Networks from recipient systems using Kaspersky Industrial CyberSecurity for Networks API methods.
ICS
Abbreviation for Industrial Control System. A package of hardware and software designed to automate control of process equipment at industrial enterprises.
Incident
In Kaspersky Industrial CyberSecurity for Networks, an incident is an event that is registered when a specific sequence of events is received. Incidents group events that have certain common traits or that are associated with the same process. Kaspersky Industrial CyberSecurity for Networks registers incidents based on event correlation rules.
Industrial network
Computing network that links the nodes of an automated Industrial Control System of an industrial enterprise.
Intelligent electronic device (IED)
A set of devices that ensure timely disconnection of faulty power facilities from the power system, and that perform the necessary actions to ensure normal operation of the power system in automated or semi-automated operating modes.
Interaction Control rule
A description of authorized communications for industrial network devices. When Kaspersky Industrial CyberSecurity for Networks detects network interaction that satisfies an enabled Interaction Control rule, the application does not register an event.
Intrusion Detection
Technology for registering events associated with the detection of traffic anomalies that are signs of an attack (for example, detection of signs of ARP spoofing).
Intrusion Detection rule
A set of conditions used by the Intrusion Detection system to analyze traffic. The rule describes a traffic anomaly that could be a sign of an attack in the industrial network.
IOC
Indicator of Compromise. A set of data on a malicious object or action.
IOC file
File containing a set of IOC indicators that, if matched, the application considers an event to be a detection. The likelihood of detection may increase if the check identifies exact matches of the object data with multiple IOC files.
Kaspersky Industrial CyberSecurity for Networks Sensor
Kaspersky Industrial CyberSecurity for Networks component. A sensor is installed on a separate computer (not on the computer that performs functions of the Kaspersky Industrial CyberSecurity for Networks Server). A sensor receives and analyzes data from computer networks that are connected to the network interfaces of the sensor's computer. To receive and analyze industrial network traffic, monitoring points must be added to the network interfaces. A sensor forwards the data analysis results to the Server.
Kaspersky Industrial CyberSecurity for Networks Server
Kaspersky Industrial CyberSecurity for Networks component. The Server receives data, processes it, and provides it to users of the application. The Server can receive data from sensors or independently obtain and analyze data from computer networks that are connected to the network interfaces of the Server computer.
Link on the network map
Object on the network map represented by a line linking the nodes. On the network interactions map, shows the interaction of nodes. On the topology map, shows the physical connection of nodes.
Manageable connector
A software module for data exchange with the application; it provides automatic registration, startup, and control capabilities. Only nodes that have application components installed can serve as deployment nodes for manageable connectors.
Monitoring point
A point where incoming data is received. It is added to the network interface of a node hosting the Server or sensor of Kaspersky Industrial CyberSecurity for Networks, and is used for receiving a copy of industrial network traffic (for example, from a network switch port configured to transmit mirrored traffic).
Network Integrity Control
Technology for registering events associated with industrial network integrity or the security of communications (for example, detection of communication between devices over an unauthorized protocol).
Network interactions map
Model that visually represents detected communications between devices. The network interactions map contains the following objects: nodes corresponding to devices, device groups, and links between nodes/device groups.
Node
Computer on which a Kaspersky Industrial CyberSecurity for Networks Server or sensor is installed, or an object on the network map representing one or multiple devices.
PLC project
Microprogram written for a PLC. It is stored in PLC memory and is run as part of the industrial process that uses the PLC. A PLC project may consist of blocks that are individually transmitted and received over the network when the project is read or written.
Process Control rule
A set of conditions for tag values. When the conditions of a Process Control rule are fulfilled, Kaspersky Industrial CyberSecurity for Networks registers an event.
Programmable Logic Controller (PLC)
Industrial controller used to automate enterprise processes.
Risk
A potential threat to the information system resources detected when analyzing traffic and device information.
SCADA
Abbreviation for Supervisory Control And Data Acquisition. A software suite that enables the operator to control industrial processes in real time.
Security policy
Set of data that determines the operational settings of Kaspersky Industrial CyberSecurity for Networks.
SIEM
Abbreviation for Security Information and Event Management. This is a solution for managing information and events in an organization's security system.
Single Sign-On (SSO) technology
Mechanism that allows a user to access multiple software resources using the same user account.
System command
Data block in industrial network traffic containing a control command (for example, START PLC) or a system message related to device operation or containing packet analysis results (for example, REQUEST NOT FOUND).
Tag
Variable that contains the value of a specific process parameter such as temperature.
Topology Map
A model for visual representation of the scheme of physical connections between devices in the industrial network. The topology map contains the following objects: nodes representing devices and network equipment, and links representing physical connections of the nodes.
Unmanaged connector
Manually controlled software module for data exchange with the application.
Unmanaged switch
A device without address information for which connections on the topology map are detected or are potentially available.
