About Kaspersky Industrial CyberSecurity for Nodes

Kaspersky Industrial CyberSecurity for Nodes is a complex server and workstation security solution for IT threats in industrial control systems.

The application controls the operation of industrial enterprise network computers and uses the following components, functions, and technologies:

• Applications Launch Control. The component monitors user application starts and regulates application launches.
• Device Control. The component controls registration and usage of the external devices in order to protect computer against computer security threats, that may occur in process of file exchange with flash drives or other type of external device connected via USB.
• PLC Project Integrity Check. This function is designed to check the integrity of Programmable Logic Controller (PLC) projects used in an industrial system.

The operation of control components is based on rules, e.g.:

• Applications Launch Control uses applications launch control rules.
• Device Control uses device access rules and connector bus access rules.
• The PLC Project Integrity Check function uses PLC Project Integrity Check rules.

Each type of threat is handled by a separate component. Components may be started and stopped, and their settings adjusted, independently.

The application checks and protects industrial network components using the following components:

• Real-Time File Protection. The component prevents the computer's file system from being infected. The component launches when Kaspersky Industrial CyberSecurity for Nodes starts, is continuously running in the computer's RAM, and checks all opened, saved, and started files on the computer and on all mounted drives. Real-Time File Protection observes each file event and checks this file for viruses and other programs that represent a threat.
• Wi-Fi Control. This component tracks a protected computer's attempts to connect to Wi-Fi networks and blocks or allows connections to detected networks.
• Firewall Management. This component provides the ability to manage the Windows Firewall: configure settings and operating system firewall rules and block any possibility of external firewall configuration.
• Anti-Cryptor. This component makes it possible to detect malicious encrypting of the network file resources of a protected computer from remote computers on the corporate network.
• Portable scanner. This component examines the isolated devices and performs the security inspection.
• File Integrity Monitor. Kaspersky Industrial CyberSecurity for Nodes detects changes in files within the monitoring scopes specified in the task settings. These changes may indicate a security breach on the protected computer.
• Registry Access Monitor. This component makes it possible to monitor actions performed with the specified registry branches and keys in the monitoring scopes defined in the task settings.
• Log Inspection. This component monitors the integrity of the protected environment based on the results of an inspection of Windows event logs.

In addition to the real-time protection provided by the components, we recommend that a regular scan of the computer be run to check for viruses and other applications that could pose a threat. This should be done to prevent the spread of any malware that was not detected by the components, e.g. due to a low level of protection in the settings or for other reasons.

To keep Kaspersky Industrial CyberSecurity for Nodes operating properly, databases and software modules utilized during the program's operation should be updated. By default, the application automatically updates, but, if required, you may manually update the application databases and modules.

The following tasks are used to protect computers:

• Full Scan. Kaspersky Industrial CyberSecurity for Nodes carefully checks the operating system, including system memory, any objects booted at operating system start, and the backup of the operating system, as well as all hard and removable drives.
• Custom Scan. Kaspersky Industrial CyberSecurity for Nodes scans user-selected objects.
• Critical Areas Scan. Kaspersky Industrial CyberSecurity for Nodes scans objects that are loaded at operating system start, are in system memory, or are objects that may contain rootkits.
• Update. Kaspersky Industrial CyberSecurity for Nodes downloads application database and module updates. Updates help the computer's protection stay up to date against viruses and other programs that pose a threat.

Remote Access through Kaspersky Security Center

Kaspersky Security Center allows Kaspersky Industrial CyberSecurity for Nodes to be started and stopped, for tasks to be administered, and program settings to be adjusted remotely on a client computer.

Program Utilities

Kaspersky Industrial CyberSecurity for Nodes contains an array of utilities. Utilities are designed to keep the application up to date and expand the application's ability to provide assistance.

• Logs. The activity of each component and task is recorded in a log during the application's operation. The log is a list of events that occurred during the operation of Kaspersky Industrial CyberSecurity for Nodes, as well as all operations undertaken by the application. If a problem occurs, logs may be sent to Kaspersky for Technical Support specialists to analyze.
• Storages. If during a scan for viruses and other programs that pose a threat the application detects an infected or probably infected file on a computer, it blocks this file. Probably infected files will be transferred by Kaspersky Industrial CyberSecurity for Nodes to Quarantine, a specialized storage. Kaspersky Industrial CyberSecurity for Nodes saves copies of the disinfected and deleted files to Backup. Files that have not been processed for any reason are placed in the list of unprocessed files by Kaspersky Industrial CyberSecurity for Nodes. You can scan files, restore files to their original location, manually quarantine files, and clear the data storage.
• Notifications. The notifications service allows the user to be updated about events, the current status of the computer, and the operation of Kaspersky Industrial CyberSecurity for Nodes. Notifications may be displayed on screen or sent via email.
• Kaspersky Security Network. User participation in the Kaspersky Security Network (KSN) permits improved computer protection by allowing the system to receive information on file reputation, web resources, and software that is received from users all over the world in real time.
• Exploit Prevention. You can protect process memory from exploits using a Protection Agent injected into the process.
• List of blocked network sessions. You can block network sessions that try to access the computer's shared network folders if any malicious activity is detected on their side.
• Trusted Zone. You can create a list of exclusions from the protection or scan scope that Kaspersky Industrial CyberSecurity for Nodes will use by default in On-Demand Scan and Real-Time File Protection tasks and in other tasks if you specify them in the exclusion settings.
• Support. All registered Kaspersky Industrial CyberSecurity for Nodes users receive access to application database and module updates, as well as consultations with Kaspersky Technical Support specialists via email on any question related to installation, configuration, and use of the application.