The scenario for preparing to receive data from EPP applications consists of the following phases:
During this phase, you need to install Kaspersky applications that perform functions for protecting workstations and servers (EPP applications). EPP applications need to be installed on all computers whose data you want to receive in Kaspersky Industrial CyberSecurity for Networks. These computers must either reside outside of the industrial network (whose traffic is monitored through monitoring points) or have an additional connection to another network that includes one of the nodes that has a Kaspersky Industrial CyberSecurity for Networks component installed (for example, a connection to the Kaspersky Industrial CyberSecurity dedicated network). The connection between computers running Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks can be configured via a data diode.
If the functions of the Endpoint Agent software component for EPP applications are performed by Kaspersky Endpoint Agent, this application must also be installed on the corresponding computers.
In the current version, Kaspersky Industrial CyberSecurity for Networks supports receiving and processing data only when integrated with Kaspersky Industrial CyberSecurity for Nodes or Kaspersky Industrial CyberSecurity for Linux Nodes. The versions of the specified applications that support operation in the integration mode are listed in the Hardware and software requirements article.
This phase involves the completion of procedures for adding integration servers to the nodes that computers with the Endpoint Agent software component will connect to. Network interactions between nodes and these computers are possible only through network interfaces that are not being used as monitoring points. Specific network interfaces and IP addresses are not configured for integration servers because any available network interface and IP address of a computer can be used for an external connection to the integration server.
At this phase, you need to create and download communication data packages in which the application saves certificates and/or keys for connections between clients and integration servers.
Each communication data package used to connect to Endpoint Agent computers in TCP mode is an archive containing the following data:
In UDP mode, the communication data package is an archive containing the encryption key. The encryption key is saved in encrypted form with the password that was specified when the communication data package was created.
Computers with the Endpoint Agent software component serve as clients for Kaspersky Industrial CyberSecurity for Networks integration servers.
At this stage, Kaspersky Security Center is used to upload data to client computers. To perform it, upload certificates and/or keys from communication data packages to the Kaspersky Security Center Administration Server by using the Endpoint Agent administration plug-in. After that, you can create policies in Kaspersky Security Center for uploading data to computers with Endpoint Agent. For information about working with data and creating policies, please refer to the documentation of the EPP application or the Kaspersky Endpoint Agent documentation. At least one policy must be created for each integration server.
This phase is completed after applying policies and uploading data to computers with Endpoint Agent. During this phase, you must enable TCP and/or UDP modes for all integration servers to which the data from EPP applications will be transmitted. When the integration server is enabled, the following services are activated on the node:
When this scenario is fulfilled, Kaspersky Industrial CyberSecurity for Networks will begin to receive and process data from EPP applications.
Page top