Kaspersky Industrial CyberSecurity for Networks monitors devices and their interactions while accounting for their address spaces (hereinafter also referred to as "AS"). Address spaces are intended for arranging addresses of devices into sets based on a specific attribute (for example, based on the specific network segments of devices).
Lists of rules and subnets are used to describe address spaces in the application.
An address space rule is a set of parameters that define the conditions for including addresses into a specific address space. To bind an address to an address space, each MAC or IP address must satisfy at least one address space rule. The application binds an address to the address space whose rule defines the most specific conditions for affiliation of this address (for example, if the address is explicitly specified in the rule).
Address space subnets are used to verify IP addresses detected by the application. Depending on the type of subnet that a detected IP address belongs to, the application may take different actions for asset management and device interaction control.
You can configure address spaces on the Address spaces tab in the Assets section of the Server web interface page. Each address space is presented as a data block containing information about the address space. This data block consists of a header and nested blocks containing tables of rules and subnets. When viewing information about address spaces, you can expand and collapse the contents of data blocks.
Default address space
By default, one shared address space named Default is defined in the application. This address space contains a single rule whose settings are configured to bind any MAC- and IP address to this specific address space. By default, the list of subnets of the Default address space contains a standard set of subnets that are most frequently used at organizations.
You cannot edit the rule of the Default address space or add other rules to this address space. However, users with the Administrator role can edit the list of subnets in this address space to generate a set of subnets while taking into account the specific IP addressing of devices within the network of your organization. If Kaspersky Industrial CyberSecurity for Networks receives data from EPP applications, the application can use this data to automatically add subnets to the list of subnets.
Additional address spaces
If necessary, you can configure multiple address spaces in addition to the Default address space. You can generate user-defined rules and sets of subnets for added address spaces. Addresses that satisfy the conditions of the added address spaces will be bound to these address spaces. All other addresses will remain bound to the Default address space.
You may need to add address spaces when using devices that have identical addresses in different network segments, for example. In this case, after adding and configuring address spaces, the application will be able to distinguish address information based on additional attributes that the application will add to addresses in the form of address space names.
For examples of using address spaces, see the Appendices.
Binding addresses to address spaces
When using multiple address spaces, the application adds attributes containing the names of address spaces to all addresses that are indicated in application objects, including devices, risks, rules, events, and other objects. Attributes containing the names of address spaces are no longer displayed for addresses if all added address spaces are deleted from the application (attributes of address spaces remain only for addresses in events and in certain risks associated with devices).
Attributes containing the names of address spaces denote the links between addresses and address spaces. Addresses that are bound to address spaces become dependent on these address spaces.
When deleting an address space that is bound to addresses, the application automatically deletes all addresses that are bound to the address space being deleted. These addresses are deleted from all application objects except events. When deleting an address from an object, the application checks for any other remaining addresses in this object. If there are no other remaining addresses, the application also deletes the object (such as a device).
Page top