You can use Kaspersky Industrial CyberSecurity for Networks for security audit of the monitored devices. Security audit lets you assess device compliance with security standards and perform other checks (for example, search for vulnerabilities or detect installed software on devices).
Security audit in Kaspersky Industrial CyberSecurity for Networks is performed by running the jobs created for the selected devices. You can manually run security audit jobs or configure a schedule to automatically run each job.
When a job is started, the application initiates a scan of devices covered by this job. You can receive the job execution results by email or view and download the relevant data in the application web interface. Based on the job execution results and on the scans, the application can perform the following actions:
The application generates report files in PDF format. If sending reports by email is enabled in the job settings, the application automatically generates reports on each job execution and sends these reports to the specified recipients. If necessary, you can manually generate a report for a completed job or an individual device scan and then export the report to a file.
For the risks registered based on the results of security audit jobs, the application indicates the source of the OVAL vulnerability. Such risks are registered by the application if registration of detected vulnerabilities is enabled in the job settings. At the same time, risks with the specified source of OVAL vulnerability are registered and processed irrespective of the risks for which other vulnerability sources are specified. Thus, the risk table may display risks with the same CVE ID (or an ID of a different vulnerability database), but with different vulnerability sources.
The security audit jobs must specify the rules used for conducting the audits. Rules can be written in the OVAL language or in the XCCDF language using OVAL definitions.
You can perform device scans as part of a security audit job in one of the following device polling methods:
You can use this method if Kaspersky Endpoint Agent is installed on the devices selected for the job and integration between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks is configured. This method is used for scanning using Kaspersky Endpoint Agent on each device.
Use this method if the devices selected for the job do not have Kaspersky Endpoint Agent installed, but it is possible to connect to these devices via protocols that ensure secure management and data transfer. For this method, in the job settings specify one of the nodes with the installed application components from which connection to the devices is established. Also, specify the credentials for remote connections (credentials are stored in the application as secrets).
Only users with the Administrator role can run security audit jobs.
You can configure security audit and run jobs on the Server web interface page in the Security audit section. If the Remote connection method is used to scan devices, you can create secrets with the necessary credentials in the Settings → Secrets section.
When using the security audit function, take into account the following special considerations and limitations: