Kaspersky Industrial CyberSecurity for Networks can analyze traffic to detect and save information about unknown tags. Unknown tags are tags that are absent from the security policy but are associated with devices and protocols that are presented in the tree of devices and tags for Process Control. The security policy that is running on the Server is used by the application to check detected tags.
Unknown Tag Detection mode
Information about unknown tags is obtained from traffic when the application is operating in Unknown Tag Detection mode. You can enable and disable this mode.
When the application is operating in Unknown Tag Detection mode, the performance of application-layer protocol processing modules may be slightly reduced. For this reason, Unknown Tag Detection is disabled by default after the application is installed. It is recommended to enable Unknown Tag Detection mode for a sufficient amount of time to detect all tags that may be associated with devices and protocols in the security policy. It is recommended to disable this mode after you have added detected tags to the security policy.
Unknown Tag Detection is supported for the following protocols:
Detected tag storage
Tags received from traffic in Unknown Tag Detection mode are saved in the detected tag storage. This storage is intended for temporarily storing information about tags before they are added to a security policy.
Information about tags is not duplicated in storage. If the same tag is detected multiple times in traffic, the date and time of last detection of this tag is updated in the storage.
The detected tag storage has the following limits:
When any of the specified limits are reached, the application deletes the oldest tags from storage to save newly detected tags. Tags that were detected before the others are considered to be old tags.
The storage is automatically cleared as tags are added to the security policy.
Page top