Application architecture

Kaspersky Industrial CyberSecurity for Networks includes the following components:

The connections between the Server and sensors are secured by using certificates. Use of certificates also ensures the security of other connections with application components (for example, a connection to a component through a web interface or connections of recipient systems through specialized application modules called connectors).

The Kaspersky Industrial CyberSecurity for Networks Server performs the following functions:

A Kaspersky Industrial CyberSecurity for Networks sensor performs the following functions:

Application components receive a copy of industrial network traffic from monitoring points. Monitoring points can be used on sensors as well as on the Server. You can add monitoring points to network interfaces detected on nodes that have application components installed. Monitoring points must be added to network interfaces that relay traffic from the industrial network.

You can add no more than 8 monitoring points on a sensor and no more than 4 monitoring points on the Server. You can use no more than 32 monitoring points total in the application.

All network interfaces with added monitoring points must be connected to the industrial network in such a way that excludes any possibility of impacting the industrial network. For example, you can connect using ports on industrial network switches configured to transmit mirrored traffic (Switched Port Analyzer, SPAN).

It is recommended to use a dedicated Kaspersky Industrial CyberSecurity network for connecting the Server to sensors and to other components of Kaspersky Industrial CyberSecurity (Kaspersky Industrial CyberSecurity for Nodes, Kaspersky Security Center). Network equipment used for interaction between components in the dedicated network must be installed separately from the industrial network. Normally, the following computers and devices should be connected to the dedicated network:

Page top