Monitoring vulnerabilities of devices

Kaspersky Industrial CyberSecurity for Networks can detect vulnerabilities in monitored industrial network devices. A vulnerability is a defect or flaw in device hardware or software that a hacker could exploit to impact the operation of an information system or to gain unauthorized access to information.

The application detects vulnerabilities by analyzing available information about devices. The relevant information utilized to find a known vulnerability of a device is compared to specified fields in the database of known vulnerabilities. For example, information about software versions on devices may be used for the comparison. Kaspersky Industrial CyberSecurity for Networks compares device information with the specific fields in the database that describe devices affected by vulnerabilities. When a match is identified, the application registers a device vulnerability detection event, then downloads information about this vulnerability from the database of known vulnerabilities.

The database of known vulnerabilities is built in to the application. This database is created by Kaspersky experts who fill it with information about the latest or most frequently encountered vulnerabilities of devices in industrial networks. The database contains descriptions of vulnerabilities and devices that are affected by these vulnerabilities, and recommendations on protecting your system (in the form of texts or links to publicly available resources). Descriptions and recommendations may be uploaded to the database from various sources (such as the vendors of devices or software). Descriptions and recommendations are provided in English.

After the application is installed, the initial preconfigured database of known vulnerabilities is used. You can keep the database up to date by installing updates.

The main parameter used to identify a vulnerability in the application database is the identification number assigned to this vulnerability in the list of Common Vulnerabilities and Exposures (CVE). This identification number is known as a CVE ID.

You can view information about the vulnerabilities of devices on the Server web interface page in the following sections:

• Vulnerabilities – displays detailed information about all vulnerabilities detected by the application.
• Assets – on the Devices tab, displays lists of CVE IDs of detected vulnerabilities in the Vulnerabilities column and in the details area of the selected device.

In this section: Scenario for implementing the continuous vulnerability management process Device information used to check for vulnerabilities Viewing devices with detected vulnerabilities Viewing the vulnerabilities table Choosing vulnerabilities in the vulnerabilities table Viewing vulnerability information Automatically changing the states of vulnerabilities Manually changing the states of vulnerabilities Viewing information about devices with a detected vulnerability Viewing events associated with a vulnerability Exporting vulnerabilities to a file

Page top