Threat and Anomaly Detection is provided by the following parts of the Kaspersky Industrial CyberSecurity for Networks functionality:
Intrusion Detection using intrusion detection rules, built-in packet inspection algorithms for anomaly detection, and statistics analysis rules for detecting attacks and unwanted network activity.
Interaction Control for detecting unauthorized network interactions that do not comply with Network Integrity Control rules.
Deep Packet Inspection (also referred to as Process Control below) for monitoring process parameters in traffic according to process control rules, and for monitoring system commands being sent. You can specify system commands allowed for sending in Interaction Control rules that use Command Control.
Event Monitoring, registered based on various technologies and according to descriptions of attack techniques in the MITRE ATT&CK knowledge base, and which subsequently logs incidents according to Endpoint Detection and Response correlation rules.