Kaspersky Industrial CyberSecurity for Networks Integration

Kaspersky Industrial CyberSecurity for Networks is an application intended for protection of the industrial enterprise infrastructure from information security threats and for ensuring uninterrupted operation of technological processes. Kaspersky Industrial CyberSecurity for Networks analyzes industrial network traffic, detects deviations in technological parameter values and signs of network attacks, as well as monitors the operation and current status of the devices on the network. The application is part of the Kaspersky Industrial CyberSecurity solution. For details about Kaspersky Industrial CyberSecurity for Networks, please refer to the Kaspersky Industrial CyberSecurity for Networks Help.

Integration between Kaspersky Industrial CyberSecurity for Linux Nodes and Kaspersky Industrial CyberSecurity for Networks expands the capabilities for investigating and responding to threats in industrial enterprise networks. If integration with Kaspersky Industrial CyberSecurity for Networks is enabled, information about events on the device received by Kaspersky Industrial CyberSecurity for Linux Nodes is sent to Kaspersky Industrial CyberSecurity for Networks server (hereinafter also referred to as the "KICS for Networks server").

When interacting with Kaspersky Industrial CyberSecurity for Networks, Kaspersky Industrial CyberSecurity for Linux Nodes can perform the following actions aimed at providing security functions:

• Send information about events on devices (telemetry) to the KICS for Networks server. Kaspersky Industrial CyberSecurity for Linux Nodes sends to the KICS for Networks server monitoring data on processes, open network connections, and modified files, as well as data on threats detected by the application and data on the results of processing these threats.
• Run tasks to scan the device for vulnerabilities, monitor equipment on the device, and collect configurations from the device in response to commands received from the KICS for Networks server.

When interacting with Kaspersky Industrial CyberSecurity for Networks, the Kaspersky Industrial CyberSecurity for Linux Nodes application can perform the following protective response actions:

• Quarantine file.
• Network isolation.
• Execution prevention for objects.

To integrate with Kaspersky Industrial CyberSecurity for Networks, the Behavior Analysis component of Kaspersky Industrial CyberSecurity for Linux Nodes must be enabled. Otherwise, the required telemetry data is not sent to Kaspersky Industrial CyberSecurity for Networks.

Additionally, Kaspersky Industrial CyberSecurity for Networks can use data received from the following components:

• File Threat Protection.
• Network Threat Protection.
• Web Threat Protection.
• Anti-Cryptor.
• Application Control.
• Device Control.
• System Integrity Monitoring.

You can select to use the TCP or UDP protocol to send telemetry to the KICS for Networks server.

If use of a proxy server is configured in the general settings of Kaspersky Industrial CyberSecurity for Linux Nodes, a proxy server is used to connect to Kaspersky Industrial CyberSecurity for Networks.

By default, the Kaspersky Industrial CyberSecurity for Networks Integration is disabled. You can enable, disable, or configure the integration using the Web Console, Administration Console, and the command line.

See also: Response actions for commands from Detection and Response solutions

In this section Configuring the integration with Kaspersky Industrial CyberSecurity for Networks in the Web Console Configuring the integration with Kaspersky Industrial CyberSecurity for Networks in the Administration Console Configuring the integration with Kaspersky Industrial CyberSecurity for Networks on the command line

Page top