Intrusion Detection

Kaspersky IoT Secure Gateway lets you use Intrusion Detection rules to detect intrusions from an external network into the internal enterprise network.

An Intrusion Detection rule describes a traffic anomaly that could be a sign of an attack from an external network. Rules contain the conditions that the Intrusion Detection system uses to analyze traffic. Intrusion Detection rules are stored in Kaspersky IoT Secure Gateway.

Intrusion Detection rules are provided by Kaspersky and are intended for detecting signs of the most frequently encountered attacks or suspicious network activity. Intrusion Detection rules are available immediately after Kaspersky IoT Secure Gateway is installed. You can update Intrusion Detection rules by installing updates.

Additionally, you can enable the Kaspersky IoT Secure Gateway Intrusion Prevention System (which is disabled by default). The Intrusion Prevention System lets you add device IP addresses to the allowlist and denylist. You can add the IP addresses of devices with traffic found to contain suspicious activity to the denylist. If the Intrusion Prevention System is disabled, security events will be written to the security log.

You can view the list of detected and blocked intrusions in the network security log. You can manage IPS component settings through the web plug-in of the Kaspersky Security Center Web Console.