Kaspersky Industrial CyberSecurity for Networks Integration

Kaspersky Industrial CyberSecurity for Networks is an application intended for protection of the industrial enterprise infrastructure from information security threats and for ensuring uninterrupted operation of technological processes. Kaspersky Industrial CyberSecurity for Networks analyzes industrial network traffic, detects deviations in technological parameter values and signs of network attacks, as well as monitors the operation and current status of the devices on the network. The application is part of the Kaspersky Industrial CyberSecurity solution.

Integration between Kaspersky Industrial CyberSecurity for Linux Nodes and Kaspersky Industrial CyberSecurity for Networks expands the capabilities for investigating and responding to threats in industrial enterprise networks. If integration with Kaspersky Industrial CyberSecurity for Networks is enabled, information about events on the device received by Kaspersky Industrial CyberSecurity for Linux Nodes is sent to Kaspersky Industrial CyberSecurity for Networks integration server.

When interacting with Kaspersky Industrial CyberSecurity for Networks, Kaspersky Industrial CyberSecurity for Linux Nodes can perform the following actions aimed at providing security functions:

• Send data about events on devices (telemetry) to the Kaspersky Industrial CyberSecurity for Networks Integration Server. Kaspersky Industrial CyberSecurity for Linux Nodes sends to the Integration Server monitoring data on processes, open network connections, and modified files, as well as data on threats detected by the application and data on the results of processing these threats.
• Run tasks to scan the device for vulnerabilities, monitor equipment on the device, and collect configurations from the device in response to commands received from the Integration Server.

Integration with Kaspersky Industrial CyberSecurity for Networks requires enabling the Behavior Detection component of Kaspersky Industrial CyberSecurity for Linux Nodes.

Integration of Kaspersky Industrial CyberSecurity for Linux Nodes with Kaspersky Industrial CyberSecurity for Networks is possible only if the Behavior Detection component is enabled. Otherwise, the required telemetry data cannot be transmitted.

Additionally, Kaspersky Industrial CyberSecurity for Networks can use data received from the following components:

• File Threat Protection.
• Network Threat Protection.
• Web Threat Protection.
• Anti-Cryptor.
• Application Control.
• Device Control.
• System Integrity Monitoring.

For details about Kaspersky Industrial CyberSecurity for Networks, refer to Kaspersky Industrial CyberSecurity for Networks documentation.

During Kaspersky Industrial CyberSecurity for Networks Integration, devices with Kaspersky Industrial CyberSecurity for Linux Nodes establish encrypted HTTPS connections with the Integration Server. To ensure the security of the connection, the following certificates issued by the Kaspersky Industrial CyberSecurity for Networks server are used:

• Integration Server certificate. Using a server certificate is required for secure connection to the Integration Server. You must add the Integration Server certificate before enabling the Kaspersky Industrial CyberSecurity for Networks Integration.
• Client certificate. This certificate is used for additional protection of the connection by using two-way authentication of Integration Server clients, that is, the devices with Kaspersky Industrial CyberSecurity for Linux Nodes. The same client certificate can be used by multiple devices. By default, the integration server does not validate client certificates, but validation can be enabled on the integration server side in order to increase the connection protection. In this case, you need to enable the use of a client certificate in integration settings and add a client certificate (cryptocontainer with the certificate and private key).

The Kaspersky Industrial CyberSecurity for Networks administrator provides the certificates for securing the connection with the integration server.

A proxy server is used to connect to Kaspersky Industrial CyberSecurity for Networks if the use of a proxy server is configured in the Kaspersky Industrial CyberSecurity for Linux Nodes general settings.

By default, the Kaspersky Industrial CyberSecurity for Networks Integration is disabled. You can enable, disable, or configure the integration using the Web Console, Administration Console, and the command line:

• Edit the general settings of the Kaspersky Industrial CyberSecurity for Networks Integration Server connection.
• Add or remove Integration Server certificates.
• Configure two-way authentication when connecting to Integration Servers and add client certificates.
• Configure event forwarding.
• Enable or disable sending telemetry.

In this Help section Configuring the integration with Kaspersky Industrial CyberSecurity for Networks in the Web Console Configuring the integration with Kaspersky Industrial CyberSecurity for Networks in the Administration Console Configuring the integration with Kaspersky Industrial CyberSecurity for Networks on the command line

Page top