Kaspersky Industrial CyberSecurity for Networks monitors only those IP addresses of devices that belong to subnets from the list of subnets known to the application.
By default, the application has a standard list of subnets that are most frequently used at enterprises. Users with the Administrator role can generate a list of known subnets while taking into account the specific addressing of devices within the network of your organization. If Kaspersky Industrial CyberSecurity for Networks receives data from EPP applications, the application can use this data to automatically add subnets to the list of subnets.
The application checks the detected IP addresses against the list of known subnets and can do the following depending on whether the IP addresses belong to specific types of subnets:
Add a device with its detected IP address to the devices table and monitor the activity of this device.
Display a device with its detected IP address on the network map as its corresponding type of node (known device, unknown device, or WAN node).
Display a network map link in which one of the sides of interaction is a device with a detected IP address.
Verify the interaction of a device with a detected IP address based on defined rules (Interaction Control rules, Intrusion Detection rules, and correlation rules).
Ignore the activity of a device with a detected IP address.
You can view information about subnets on the Subnets tab in the Assets section.
When viewing information about subnets, you can utilize the following functions:
On the Subnets tab in the Assets section, click the Customize table link to open the window for configuring how the table is displayed.
Select the check boxes opposite the settings that you want to view in the table. You must select at least one setting.
The following settings are available for selection:
Subnet – subnet address in Classless Inter-Domain Routing (CIDR) format: <base address of subnet>/<number of bits in mask>. The addresses of subnets are displayed as a tree that shows the nesting hierarchy of subnets.
Type – subnet type that determines its purpose. The following types are provided:
Private, IT – subnet for devices serving as information technology (IT) resources, such as file servers.
Private, OT – subnet for devices related to operating technologies (OT), such as PLCs.
Private, DMZ – subnet for devices residing within a network segment of a demilitarized zone (DMZ), such as servers that handle requests from external networks.
Public – subnet that is considered to be an external (global) network for devices in other types of subnets. IP addresses from this subnet are represented by a WAN node on the network map.
Link-local – subnet for network interactions within one segment of the local area network (not routed).
Range – range of IP addresses in the subnet.
Ignore MAC addresses – indicates whether detected MAC addresses are skipped when creating allow rules for network interactions involving IP addresses from the subnet. If this option is enabled, the MAC addresses detected together with IP addresses from the subnet will not be added to Network Integrity Control rules in learning mode.
Automatically add subnets – indicates whether or not nested subnets are automatically added based on data received from EPP applications. If this mode is enabled, the application adds nested subnets based on data received from EPP applications.
If you want to change the order in which columns are displayed, select the name of the column that needs to be moved to the left or right in the table and use the buttons containing an image of the up or down arrows.
The selected columns will be displayed in the subnets table in the order you specified.
You can reset the defined filter and search settings in the subnets table by using the Default filter button in the toolbar on the Subnets tab in the Assets section. The button is displayed if search or filter settings are defined.
On the Subnets tab in the Assets section, click the header of the column by which you want to sort.
You can filter the subnets table based on the values of any column except the Range column.
If you need to sort the table based on multiple columns, press the SHIFT key and hold it down while clicking the headers of the columns by which you want to sort.
The table will be sorted by the selected column. When sorting by multiple columns, the rows of the table are sorted according to the sequence of column selection. Next to the headers of columns used for sorting, you will see icons displaying the current sorting order: in ascending order or descending order of values.