Configuring the receipt of data from EPP applications

Kaspersky Industrial CyberSecurity for Networks can receive and process data received from Kaspersky applications that perform functions to protect workstations and servers. These applications are included in the Endpoint Protection Platform (EPP) and are installed to endpoint devices within the enterprise IT infrastructure.

Data transfer from EPP applications is performed by computers that have Kaspersky Endpoint Agent installed. Kaspersky Endpoint Agent is installed to workstations and servers in the enterprise IT infrastructure as a supplement to EPP applications.

The current version of Kaspersky Industrial CyberSecurity for Networks can receive and process data from the Kaspersky Endpoint Agent application included in the distribution kit of Kaspersky Industrial CyberSecurity for Nodes. Installation of Kaspersky Endpoint Agent can be performed separately or together with Kaspersky Industrial CyberSecurity for Nodes.

The maximum number of computers from which data from EPP applications can be received and processed is 1000.

Data from Kaspersky Endpoint Agent is forwarded to Kaspersky Industrial CyberSecurity for Networks through integration servers. Integration server functions can be performed by any node that has a Kaspersky Industrial CyberSecurity for Networks component installed (Server or sensor). For integration with Kaspersky Endpoint Agent, you need to add integration servers to the nodes that will receive data from Kaspersky Endpoint Agent.

On a Kaspersky Industrial CyberSecurity for Networks node, integration server functions are implemented by the service named kics4net-epp-proxy that facilitates integration with EPP applications. The installation package for this service is included in the distribution kit of Kaspersky Industrial CyberSecurity for Networks.

When an integration server receives data from Kaspersky Endpoint Agent, the application may do the following:

• Register events based on EPP technology (workstation and server protection events).
• Populate the device table with devices hosting installed EPP applications (and devices that have had bidirectional interactions with such devices).
• Update the device table with information about devices hosting installed EPP applications (for example, the operating system version, information on the model or developer).
• Display special icons on network map nodes indicating the availability of EPP applications and the connection states of these applications.
• On the network map, display links in which one of the sides of interaction is a device with an EPP application installed (when displaying information about such links, data received in traffic from monitoring points takes priority).

Computers hosting Kaspersky Endpoint Agent establish secure connections with integration servers over the HTTPS protocol. Connections are secured by using certificates issued by the Kaspersky Industrial CyberSecurity for Networks Server. The following certificates can be used in connections:

• Integration server certificate. This certificate is verified by the computer with Kaspersky Endpoint Agent each time a connection is being established. A connection is not established until certificate verification is successfully completed.
• Client certificate. This certificate is used to authenticate integration server clients that are computers with Kaspersky Endpoint Agent. The same client certificate can be used by multiple computers with Kaspersky Endpoint Agent. By default, an integration server does not verify certificates of clients, but you can enable client certificate verification to reinforce the security of connections.

Kaspersky Security Center is used to deliver certificates and public keys to computers with Kaspersky Endpoint Agent. This data is uploaded to Kaspersky Security Center using a communication data package, which needs to be created in Kaspersky Industrial CyberSecurity for Networks after an integration server is added.

Only users with the Administrator role can configure receipt of data from EPP applications.

In this section: Scenario for preparing to receive data from EPP applications Adding an integration server Creating a communication data package for integration server clients Integration servers table Enabling and disabling an integration server Editing integration server settings Removing an integration server

Page top