In Kaspersky Industrial CyberSecurity for Networks, Deep Packet Inspection is conducted for devices that transmit and receive process parameters and system commands. Various types of devices supported by the application may be used for Process Control.
For Process Control in industrial network traffic, you can use Process Control rules and monitor system commands.
Process Control rule – set of conditions for the values of tags. Process Control rules contain descriptions of situations that must be detected in industrial network traffic (for example, when a tag exceeds the specified value).
When the conditions of a rule are satisfied, an event is registered in Kaspersky Industrial CyberSecurity for Networks. You can specify the desired type of registered event when configuring a Process Control rule.
Monitoring system commands ensures registration of events when transmitted system commands are detected in traffic. When configuring the settings of process control devices, you can select the relevant system commands to monitor. This functionality can be used regardless of Process Control rules.
Lists containing Process Control rules and containing devices and tags for Process Control are part of a security policy. Only users with the Administrator role can apply the current security policy on the Server. However, users with the Administrator role and users with the Operator role can both make changes and save the security policy to a folder (including with changed settings for process control).
You can generate a list of Process Control rules and a list of devices and tags for process control in the Kaspersky Industrial CyberSecurity for Networks Console on the Process Control tab.
When you connect to the Kaspersky Industrial CyberSecurity for Networks Server through a web browser, you cannot manage Process Control rules or process control devices.