Kaspersky Industrial CyberSecurity for Networks 4.2 has the following new capabilities and refinements:
We have added a feature for controlling device configurations. This allows you to view and compare saved configurations after running configuration control jobs. Control supports Windows, Linux, PLC, and networking device configurations. Configuration types provide for extraction of specific device configuration components, such as routing tables from networking devices. The application processes received configurations according to the mode selected in the job: update only, archive all unique, or compare with a reference.
Active polling has been improved for greater usability. It now allows you to configure device active polling through security audit (active polling or configuration control) jobs. Jobs can be run manually or on a schedule.
We have expanded asset control for hardware on industrial devices. Active Poll connectors used in configuration control or active polling jobs gather data from Siemens SIMATIC S7-300/S7-400 and Schneider Electric Modicon M580/M340 devices, including details of modules installed in slots, PLC projects, and logs.
We have expanded asset control when gathering data on device operating system objects. You can now leverage user, application, patch, and executable file running control features.
The application now supports Sigma rule triggers from Endpoint Agent components. Sigma rule alerts in EPP applications are recorded as endpoint protection and EDR incidents in Kaspersky Industrial CyberSecurity for Networks.
We have expanded import capabilities for device configurations and tags from IEC 61850 projects. Imported tags now preserve their original structure. The application automatically generates interaction control rules upon import.
We have expanded capabilities for receiving data from Kaspersky Industrial CyberSecurity for Linux Nodes. When integrated with this application, Kaspersky Industrial CyberSecurity for Networks gathers more detailed information about Linux devices following security audits.
We have added integration with Kaspersky SD-WAN. Kaspersky Industrial CyberSecurity for Networks now receives industrial traffic from remote sites via Kaspersky SD-WAN components.
We have added a new Cisco Switch connector to automate network access control for devices via Cisco switches.
The list of detectable industrial hardware and software vulnerabilities has been expanded. The application can now use risk control and security audits to detect vulnerabilities in ProSoft Systems ARIS, ABB, Rockwell Automation, Cisco, Hirschmann, and Moxa devices, and in Rockwell FactoryTalk and Siemens WinCC OA software.
Rule sets for vulnerability and compliance audit jobs now include checks for compliance with FSTEC Order 239 for Windows and Linux devices and with the NIST Special Publication 800-53 standard.
Kaspersky Industrial CyberSecurity for Networks version 4.2.1 has the following new capabilities and improvements:
We have added support for advanced information and configuration control for Emerson DeltaV Version 14 and Rockwell Automation Allen-Bradley devices.
We have added support for the Kaspersky ICS CERT vulnerabilities database for SCADA dedicated to Linux device management: updates of application modules and databases now include updates of the Kaspersky ICS CERT vulnerabilities database for SCADA (Linux) rule set, which is a system set of vulnerability and compliance audit rules.
We have added support for the VNIIA protocol for process control.
We have added functionality for controlling network equipment Telnet commands.
We have added support for the Simplified Chinese localization language.
The localization language of the Kaspersky Industrial CyberSecurity for Networks components is selected during Application Server installation and not during initial configuration on the Server web interface page (when performing initial configuration in the Initial configuration section, the application prompts you to select the application web interface language, which you can later change via the menu).