A technique used by criminals to conduct a "man-in-the-middle" attack on networks that use ARP (Address Resolution Protocol).
Acronym for Common Vulnerabilities and Exposures. Database of publicly known vulnerabilities and information security risks. Vulnerabilities described in this database are assigned identification numbers in the format CVE-<year>-<number>.
An integrated system providing comprehensive Endpoint Protection (such as mobile devices, computers or laptops) by using various security technologies. An example of an Endpoint Protection Platform is the application known as Kaspersky Endpoint Security for Business.
An application that is included in the Endpoint Protection Platform (EPP). EPP applications are installed to endpoint devices within an enterprise IT infrastructure (such as mobile devices, computers or laptops). One example of an EPP application is Kaspersky Endpoint Security for Windows included in the EPP solution known as Kaspersky Endpoint Security for Business.
Abbreviation for Supervisory Control And Data Acquisition. A software suite that enables the operator to control industrial processes in real time.
Abbreviation for Security Information and Event Management. This is a solution for managing information and events in an organization's security system.
A network segment defined by the rules that determine sets of addresses, VLAN identifiers, or monitoring points.
Abbreviation for Industrial Control System. A package of hardware and software designed to automate control of process equipment at industrial enterprises.
Technology for registering incidents and events that are received by Kaspersky Industrial CyberSecurity for Networks from recipient systems using Kaspersky Industrial CyberSecurity for Networks API methods.
A computer network consisting of computers designed for running applications that are part of the Kaspersky Industrial CyberSecurity solution, and the network equipment that enables interaction between computers. The dedicated network must not be accessible from other networks.
A set of devices that ensure timely disconnection of faulty power facilities from the power system, and that perform the necessary actions to ensure normal operation of the power system in automated or semi-automated operating modes.
In Kaspersky Industrial CyberSecurity for Networks, an incident is an event that is registered when a specific sequence of events is received. Incidents group events that have certain common traits or that are associated with the same process. Kaspersky Industrial CyberSecurity for Networks registers incidents based on event correlation rules.
Model that visually represents detected communications between devices. The network interactions map contains the following objects: nodes corresponding to devices, device groups, and links between nodes/device groups.
Technology for registering events associated with the detection of device information in traffic or in data received from EPP applications (for example, an event for the detection of activity from a previously unknown device).
Technology for registering events associated with the detection of system commands for devices in traffic (for example, detection of an unauthorized system command).
Technology for registering events associated with process violations (for example, the set temperature value has been exceeded).
Technology for registering events associated with industrial network integrity or the security of communications (for example, detection of communication between devices over an unauthorized protocol).
A device without address information for which connections on the topology map are detected or are potentially available.
Manually controlled software module for data exchange with the application.
Technology for registering events associated with the detection of traffic anomalies that are signs of an attack (for example, detection of signs of ARP spoofing).
Set of data that determines the operational settings of Kaspersky Industrial CyberSecurity for Networks.
A description of authorized communications for industrial network devices. When Kaspersky Industrial CyberSecurity for Networks detects network interaction that satisfies an enabled Interaction Control rule, the application does not register an event.
A set of conditions for tag values. When the conditions of a Process Control rule are fulfilled, Kaspersky Industrial CyberSecurity for Networks registers an event.
Set of conditions for checking sequences of events in Kaspersky Industrial CyberSecurity for Networks. When Kaspersky Industrial CyberSecurity for Networks detects a sequence of events that meet the conditions of an event correlation rule, the application registers an incident.
A set of conditions used by the Intrusion Detection system to analyze traffic. The rule describes a traffic anomaly that could be a sign of an attack in the industrial network.
Industrial controller used to automate enterprise processes.
Microprogram written for a PLC. It is stored in PLC memory and is run as part of the industrial process that uses the PLC. A PLC project may consist of blocks that are individually transmitted and received over the network when the project is read or written.
Computing network that links the nodes of an automated Industrial Control System of an industrial enterprise.
A potential threat to the information system resources detected when analyzing traffic and device information.
Set of access rights that determine the actions available to a user when connected to the Server through the web interface. Kaspersky Industrial CyberSecurity for Networks provides the Administrator role and the Operator role.
Kaspersky Industrial CyberSecurity for Networks component. A sensor is installed on a separate computer (not on the computer that performs functions of the Kaspersky Industrial CyberSecurity for Networks Server). A sensor receives and analyzes data from computer networks that are connected to the network interfaces of the sensor's computer. To receive and analyze industrial network traffic, monitoring points must be added to the network interfaces. A sensor forwards the data analysis results to the Server.
Kaspersky Industrial CyberSecurity for Networks component. The Server receives data, processes it, and provides it to users of the application. The Server can receive data from sensors or independently obtain and analyze data from computer networks that are connected to the network interfaces of the Server computer.
Data block in industrial network traffic containing a control command (for example, START PLC) or a system message related to device operation or containing packet analysis results (for example, REQUEST NOT FOUND).
Record containing information requiring the attention of an ICS security officer. Kaspersky Industrial CyberSecurity for Networks saves registered events in the database. To view registered events, you need to connect to the Server through the web interface. If necessary, you can configure transmission of events to Kaspersky Security Center and recipient systems.
Object on the network map represented by a line linking the nodes. On the network interactions map, shows the interaction of nodes. On the topology map, shows the physical connection of nodes.
Variable that contains the value of a specific process parameter such as temperature.
Mechanism that allows a user to access multiple software resources using the same user account.
Defined set of parameters for registering events in Kaspersky Industrial CyberSecurity for Networks. A unique number (event type code) is assigned to each event type.
A model for visual representation of the scheme of physical connections between devices in the industrial network. The topology map contains the following objects: nodes representing devices and network equipment, and links representing physical connections of the nodes.
A point where incoming data is received. It is added to the network interface of a node hosting the Server or sensor of Kaspersky Industrial CyberSecurity for Networks, and is used for receiving a copy of industrial network traffic (for example, from a network switch port configured to transmit mirrored traffic).
Computer on which a Kaspersky Industrial CyberSecurity for Networks Server or sensor is installed, or an object on the network map representing one or multiple devices.
A software module for data exchange with the application; it provides automatic registration, startup, and control capabilities. Only nodes that have application components installed can serve as deployment nodes for manageable connectors.
Device that is connected to a computer network and is identified by address information that can be saved in Kaspersky Industrial CyberSecurity for Networks (for example, programmable logic controller, remote terminal, or intelligent electronic device).
A defect in device hardware or software that can be exploited by a hacker to impact the operation of the information system or to gain unauthorized access to information.
Page top