Managing technologies
In Kaspersky Industrial CyberSecurity for Networks, you can enable or disable the use of technologies and the methods associated with those technologies. You can also change the operating mode of technologies and methods that are provided with this capability. Only users with the Administrator role can manage technologies.
The following technologies and methods can be enabled and disabled:
- Asset Management:
- Device activity detection
- Device Information Detection
- PLC Project Control
- Risk Detection
- Network Control:
- Network Integrity Control
- Command Control
- Process Control:
- Rule-based Process Control
- Unknown Tag Detection
- Device Discovery for Process Control
- Intrusion Detection:
- Rule-based Intrusion Detection
- ARP Spoofing Detection
- IP Protocol Anomaly Detection
- TCP Protocol Anomaly Detection
If a technology or method is disabled, the application does not monitor communications of devices using this technology or method. However, you can configure the settings of disabled technologies and methods (for example, add or edit rules).
The mode can be changed for the following technologies and methods:
- Device activity detection
- Command Control
- Rule-based Process Control
- Network Integrity Control
After the application is installed, all technologies and methods (except PLC Project Control and Unknown Tag Detection) are enabled by default. Learning mode is enabled by default for technologies and methods whose mode can be changed.
To change the state and/or mode of technologies and methods:
- Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
- Select Settings → Technologies.
You will see a list of technologies and methods whose states and modes can be changed.
If the states or modes of technologies and methods cannot be changed at the current time, the toggle switches in the list are not available (the No data value is displayed in the mode selection fields). In this case, it is recommended to check the status of the kics4net service on the Server computer. If the service is not active, you must start it.
- Use the toggle switches on the left to enable or disable the use of relevant technologies and/or methods. You can enable or disable all technologies and methods simultaneously by clicking the Enable all or Disable all links.
- After enabling or disabling a technology or method, wait for the changes to be applied. The toggle switch is unavailable until it is finished moving to the other state.
- For the technologies and methods that support operation in learning mode (Device Activity Detection, Command Control, Rule-based Process Control and Network Integrity Control), select the necessary mode. If you want to select the same mode for all these technologies and methods, use the Mode drop-down list.
If you need to select different modes (Learning and Monitoring), use the drop-down list on the right of the name of the technology or method. In this case, the Mode drop-down list will show Mixed.
- After selecting a mode, wait for the changes to be applied. Until the mode is applied, the drop-down list displays the Changing status.
