Set of access rights that determine the actions available to a user when connected to the Server through the web interface. Kaspersky Industrial CyberSecurity for Networks provides the Administrator role and the Operator role.
A technique used by criminals to conduct a "man-in-the-middle" attack on networks that use ARP (Address Resolution Protocol).
Technology for registering events associated with the detection of activity of devices in traffic (for example, detection of activity shown by a previously unknown device).
Technology for registering events associated with the detection of system commands for devices in traffic (for example, detection of an unauthorized system command).
A computer network consisting of computers designed for running applications that are part of the Kaspersky Industrial CyberSecurity solution, and the network equipment that enables interaction between computers. The dedicated network must not be accessible from other networks.
Technology for registering events associated with process violations (for example, the set temperature value has been exceeded).
An industrial network device used to automate an industrial process at an enterprise (for example, a programmable logic controller, remote terminal, or intelligent electronic device).
A record containing information about the detection of data requiring the attention of an ICS security officer in industrial network traffic. Kaspersky Industrial CyberSecurity for Networks saves registered events in the database. To view registered events, you need to connect to the Server through the web interface. If necessary, you can configure transmission of events to Kaspersky Security Center and recipient systems.
Set of conditions for checking sequences of events in Kaspersky Industrial CyberSecurity for Networks. When Kaspersky Industrial CyberSecurity for Networks detects a sequence of events that meet the conditions of an event correlation rule, the application registers an incident.
Defined set of parameters for registering events in Kaspersky Industrial CyberSecurity for Networks. A unique number (event type code) is assigned to each event type. Kaspersky Industrial CyberSecurity for Networks uses system event types and custom event types. System event types are created by the application during installation and cannot be deleted. Custom event types can be manually created, edited, and deleted.
Technology for registering incidents as well as events that are received by Kaspersky Industrial CyberSecurity for Networks from external systems using Kaspersky Industrial CyberSecurity for Networks API methods.
Abbreviation for Industrial Control System. A package of hardware and software designed to automate control of process equipment at industrial enterprises.
In Kaspersky Industrial CyberSecurity for Networks, an incident is an event that is registered when a specific sequence of events is received. Incidents group events that have certain common traits or that are associated with the same process. Kaspersky Industrial CyberSecurity for Networks registers incidents based on event correlation rules.
Computing network that links the nodes of an automated Industrial Control System of an industrial enterprise.
A set of devices that ensure timely disconnection of faulty power facilities from the power system, and that perform the necessary actions to ensure normal operation of the power system in automated or semi-automated operating modes.
Technology for registering events associated with the detection of traffic anomalies that are signs of an attack (for example, detection of signs of ARP spoofing).
A set of conditions used by the Intrusion Detection system to analyze traffic. The rule describes a traffic anomaly that could be a sign of an attack in the industrial network.
Kaspersky Industrial CyberSecurity for Networks component. It provides a graphical user interface for connecting to the Server, and lets you configure functionality that cannot be managed when connected through a web browser.
Kaspersky Industrial CyberSecurity for Networks component. A sensor is installed on a separate computer (not on the computer that performs functions of the Kaspersky Industrial CyberSecurity for Networks Server). A sensor receives a copy of industrial network traffic from monitoring points, processes the obtained data and relays it to the Server.
Kaspersky Industrial CyberSecurity for Networks component. The Server processes industrial network traffic information, saves this information, and provides the necessary data (for example, events and asset information). The Server can receive industrial network traffic information from the monitoring points on sensors or from its own monitoring points.
Kaspersky Industrial CyberSecurity for Networks component. Provides an interface for connecting to the Kaspersky Industrial CyberSecurity for Networks Server through a web browser.
Object on the network map depicting interaction between nodes represented by a line between those nodes.
A point where incoming data is received. It is added to the network interface of a node hosting the Server or sensor of Kaspersky Industrial CyberSecurity for Networks, and is used for receiving a copy of industrial network traffic (for example, from a network switch port configured to transmit mirrored traffic).
A description of authorized communications for industrial network devices. When Kaspersky Industrial CyberSecurity for Networks detects network interaction that satisfies an active network control rule, it does not register an event.
Technology for registering events associated with industrial network integrity or the security of communications (for example, detection of communication between devices over a prohibited protocol).
A model that visually represents detected communications between industrial network devices. The network map contains the following objects: nodes representing assets, asset groups, and links between nodes/asset groups.
Computer on which a Kaspersky Industrial CyberSecurity for Networks Server or sensor is installed, or an object on the network map representing one or multiple assets.
A message with information about an event (or events), which is sent by the application via notification delivery systems (for example, via email) to the specified addresses.
Microprogram written for a PLC. It is stored in PLC memory and is run as part of the industrial process that uses the PLC. A PLC project may consist of blocks that are individually transmitted and received over the network when the project is read or written.
A set of conditions for tag values. When the conditions of a Process Control rule are fulfilled, Kaspersky Industrial CyberSecurity for Networks registers an event.
Industrial controller used to automate enterprise processes.
Abbreviation for Supervisory Control And Data Acquisition. A software suite that enables the operator to control industrial processes in real time.
Set of data that defines the process control settings and the settings for registering different types of events.
Abbreviation for Security Information and Event Management. This is a solution for managing information and events in an organization's security system.
Data block in industrial network traffic containing the device management command (for example, START PLC) or system message related to device operation (for example, REQUEST NOT FOUND).
Variable that contains the value of a specific process parameter such as temperature.
Page top