After installing components of Kaspersky Industrial CyberSecurity for Networks, you need to prepare the application for operation. The preparation process consists of the following main steps:
At this step, the main application settings are configured after Server installation. After this step is completed, the Server will be available for connection and for operations with the application through the web interface.
This step is necessary when you install external sensors along with the Server. After this step is completed, nodes that have sensors installed will be ready for further configuration.
At this step, monitoring points are added on nodes that have application components installed. After this step is completed, the application begins to analyze traffic coming from industrial network segments to network interfaces hosting monitoring points.
At this step, application user accounts are created in addition to the user account that was created during initial configuration of the application. After this step is completed, the application will have multiple user accounts that you can use to restrict access to application functions and monitor activity based on audit entries.
This step adds a license key to the application to activate the update functionality. After this step is completed, you will be able to configure and utilize the functionality for updating application modules and databases.
This step is necessary if a license key was added to the application. After this step is completed, you will be able to install updates for application modules and databases.
At this step, lists of devices and subnets known to the application are generated. After this step is completed, the application will be configured to track the relevant devices in the industrial network.
At this step, the settings of devices are configured for proper industrial process control by the application. After this step is completed, you will be able to use the application to monitor industrial process parameters (including with the use of rules) and track the system commands that are transmitted.
At this step, rules are generated to identify network interactions that are authorized or unauthorized by the application. After this step is completed, rules allowing interactions between specific devices and authorized system commands will be configured (the application will not register events when these rules are triggered).
This step is necessary for configuring the application to implement Intrusion Detection functionality. After this step is completed, you will be able to use Intrusion Detection rules (already embedded rules and/or rules additionally uploaded to the application) and track traffic anomalies showing signs of an attack.