What's new

Kaspersky Industrial CyberSecurity for Networks 4.0 has the following new capabilities and refinements:

• The capability to run active polling of devices is implemented. Active polling allows you to get the most accurate and complete information about the devices and their configuration from the devices themselves. To run active polls, connectors of the Active poll type are used. Connectors use supported protocols and standard ports only, thus minimizing the risk of impacting industrial equipment operation.
• Displaying a diagram of the physical connections between devices on a topology map. A topology map expands the functions of a network map and allows you to visually display the structure of connections between devices by means of network equipment (network switches, hubs, routers, etc.). The application can obtain data for the topology map automatically based on the traffic analysis results and the active polling results, as well as by adding nodes and connections manually.
• Integration with Endpoint Protection Platform (EPP) is extended. When EPP applications are connected, Kaspersky Industrial CyberSecurity for Networks receives and saves more data from these EPP applications. To represent and process this data, new types of events are added to the application and the information displayed in the event table is extended. Kaspersky Industrial CyberSecurity for Nodes enriches Kaspersky Industrial CyberSecurity for Networks events with data about the processes on the devices that initiate network interactions as well as information about the users on whose behalf access is requested. This information can significantly speed up incident investigation.

  An integrated system providing comprehensive Endpoint Protection (such as mobile devices, computers or laptops) by using various security technologies. An example of an Endpoint Protection Platform is the application known as Kaspersky Endpoint Security for Business.

• Reporting functionality is added. Kaspersky Industrial CyberSecurity for Networks can generate reports with information about the status of devices and system security, monitored technological process parameters and system commands, as well as about detected risks and interactions with third-party devices. Various report templates are provided with the capability to manage reports and report templates.
• The capability to control network segments with the same device addresses using address spaces is implemented. The application provides the ability to add several address spaces in addition to the default address space. You can configure the conditions for the MAC addresses and IP addresses affiliation with the specified address spaces, as well as subnets for checking IP addresses. You can create your own list of subnets in each address space. Using address spaces, you can ensure the operation of Kaspersky Industrial CyberSecurity for Networks when devices with the same addresses are used in different network segments.
• Risk control. Kaspersky Industrial CyberSecurity for Networks can detect information system risks that can potentially cause information security breaches. The application identifies risks based on the results of traffic analysis and the device information it receives. Device vulnerability detection has become a part of the risk control function (a separate risk category is used for vulnerabilities).
• Numerical score value is now used instead of the severity levels in the application interface for the events and risks (including vulnerabilities). Based on the score, severity levels of events and risks are determined and converted for compatibility with previous application versions.
• The Severity attribute is added to control assets based on the device importance. This attribute indicates the severity level and impact of each device on the enterprise operation and process. Along with other information about the device (such as device activity in the network and detected risks), the Severity attribute allows the application to dynamically calculate the rating and severity of the device-related events and prioritize these events for the user.
• Processing of requests to the REST API Server version 4 is implemented. This version has extended application programming interface (API) functions compared to version 3. At the same time, it is possible to make requests to the REST API Server version 3.
• The list of supported types of external projects for import is extended. New types of projects containing configurations of process control settings for devices can be imported into the application.
• Extended support for application layer protocols and devices for process control – there are now additional capabilities for analyzing traffic of supported protocols and devices, and new supported protocols and devices have been added.

Kaspersky Industrial CyberSecurity for Networks version 4.0.1 has the following new capabilities and improvements:

• Support for running in the Astra Linux Special Edition 1.7 operating system.
• The application can have up to 50 sensors. The maximum number of monitoring points in the application is 50.
• Capability to use an installed Postgres Pro version 14 DBMS instead of the DBMS from the application distribution kit.
• Capability to upgrade Kaspersky Industrial CyberSecurity for Networks versions 3.0.1 and 4.0 to version 4.0.1. An upgrade is performed by running the data migration script from the distribution kit of Kaspersky Industrial CyberSecurity for Networks 4.0.1.
• You can run an integrity check on a node either locally using a script or when connected to the Server through the web interface.
• Added utility for exporting events to XML files – these files store data that can be used in GosSOPKA, which is the Russian government system for the detection, prevention, and mitigation of computer attacks.
• Added script for changing the validity period for connection sessions with the Server through the web interface and for authentication tokens in the Kaspersky Industrial CyberSecurity for Networks API.
• You can obtain the identifiers and links to vulnerability descriptions provided by the Russian Federal Service for Technical and Export Control (FSTEC) in the Information Security Threat Database.
• Added support for the MMS protocol (ISO 9506-2) for process control.