Kaspersky Industrial CyberSecurity for Networks can detect vulnerabilities in monitored industrial network devices. A vulnerability is a defect or flaw in device hardware or software that a hacker could exploit to impact the operation of an information system or to gain unauthorized access to information.
The application detects vulnerabilities by analyzing available information about devices. The relevant information utilized to find a known vulnerability of a device is compared to specific fields in the database of known vulnerabilities. The database of known vulnerabilities is built in to the application. This database is created by Kaspersky experts who fill it with information about the latest or most frequently encountered vulnerabilities of devices in industrial networks.
The database of known vulnerabilities contains descriptions of vulnerabilities and descriptions of the devices affected by these vulnerabilities. This database also contains system security recommendations in the form of text or links to publicly available resources. Descriptions and recommendations from various sources are uploaded to the database of known vulnerabilities. These sources may be the manufacturers of devices or software, or various organizations specializing in industrial security. Descriptions and recommendations in the database are provided in English.
After the application is installed, the initial preconfigured database of known vulnerabilities is used. You can keep the database up to date by installing updates.
Kaspersky Industrial CyberSecurity for Networks compares available device information with the specific fields in the database of known vulnerabilities that describe devices affected by vulnerabilities. For example, available information about software versions on devices may be used for the comparison. When a data match is identified, the application registers a device vulnerability detection event, then downloads information about this vulnerability from the database of known vulnerabilities.
The application uploads information about detected vulnerabilities to the database of detected vulnerabilities on the Server. The contents of this database are displayed in the vulnerabilities table when connected to the Server through the web interface. The total volume of saved entries in the known vulnerabilities database cannot exceed the defined limit. If the volume exceeds the defined limit, the application automatically deletes 10% of the oldest entries. You can set a maximum volume limit for detected vulnerabilities when configuring data storage settings on the Server node.
The main parameter used to identify a vulnerability in the application database is the identification number assigned to this vulnerability in the list of Common Vulnerabilities and Exposures (CVE). This identification number is known as a CVE ID.
You can view information about the vulnerabilities of devices on the Server web interface page in the following sections: