Overview
Malicious cyberattacks on industrial systems – including industrial control and automation systems (IACS) and supervisory control and data acquisition systems (SCADA) – have increased significantly in recent years. The critical infrastructure operators become victims. In example the Industroyer and BlackEnergy attacks have shown significant risks of targeted attacks to a critical infrastructure. At the same time Colonial Pipeline and Norsk Hydro incidents showed potential consequences of malicious intrusions to industrial organizations.
Kaspersky Industrial CyberSecurity (KICS) is a platform of natively integrated products and comprehensive set services. It is designed to protect the operational technology (OT) layers of industrial enterprises without affecting system availability or technological process consistency. The product protected layers and elements include: DCS, SCADA, HMIs, controllers like PLCs, IEDs, Robotic Automation, OT Networking equipment, Gateways, Operator and Engineering workstations. The innovation and integrity of Kaspersky's approach to OT, ICS and IoT cybersecurity is centred around the IT - OT convergence on Security Operations level and seamless integration of Corporate and Specialized Solutions in Kaspersky portfolio.
Essential cybersecurity for OT

Endpoint protection
for standalone and connected systems. A safe and tested solution should help to enforce security policies, support compliance, perform security audits, manage inventory, carry out patching tasks and collect precise telemetry as an endpoint sensor

Network protection
for communication visibility, threat detection and asset management. The Network Traffic Analysis and Intrusion Detection System controls the efficacy of firewall settings, network segmentation and network usage compliance and helps to provide safe manual response

Training programs
for employees to reduce accidents and minimize the human factor (human error)

Expert services
to investigate the infrastructure conduct expert analytics or mitigate the impact of an incident
Kaspersky Industrial CyberSecurity ecosystem
The Kaspersky Industrial CyberSecurity (KICS) Platform of natively integrated technologies, together with our portfolio of expert training and services address all the cybersecurity needs of industrial enterprises and critical infrastructure operators.
The platform is a key element in a unique ecosystem for industrial enterprises that includes:
- Kaspersky’s best-in-class Corporate Solutions, which delivers true IT–OT convergence and the multiple benefits of a one-vendor approach
- Various Specialized Solutions for cyber-physical security, industrial IOT security, machine learning, secure remote workspace and many more bring unlimited, agile scalability

Advantages
Your path to the safety of your assets
See the hidden spots
We show hidden threats, anomalies, vulnerabilities and violations long before it became dangerous
Minimize the risk
We help to enforce policies, assign controls and stop threats without compromising the process
Centralize the expertise
We help to quickly respond incidents, easily replicate successful deployments and manage the complex distributed infrastructure
Kaspersky Industrial CyberSecurity CERT
Kaspersky upholds the highest level of expertise in industrial cybersecurity, supported by Kaspersky ICS CERT - Industrial Control Systems Cyber Emergency Response Team. It coordinates the efforts of automation system vendors, industrial facility owners and operators, and IT security researchers to protect industrial enterprises from cyberattacks and identifies potential and existing threats that target industrial automation systems and the industrial internet of things.
Products
Kaspersky Industrial CyberSecurity is an OT cybersecurity platform designed for comprehensive protection of core Industrial Automation and Control System components on every level. Seamless integration between platform components provides full visibility of multiple geographically distributed OT networks and automation systems, delivering improved customer experience, situational awareness and deployment flexibility.


Kaspersky Industrial CyberSecurity for Nodes
KICS for Nodes is endpoint protection, detection and response software with compliance audit and endpoint sensor functionality

Kaspersky Industrial CyberSecurity for Networks
KICS for Networks is designed for OT network-traffic analysis, detection and response.

Kaspersky Single Management Platform
The Single Management Platform brings an advanced EDR interface and quick scalability to numerous locations.
Solution Architecture


Additional functions
The solution provides numerous additional functions. Network Active Polling technology enables quick and precise collection of network topology and assets settings. The Endpoint Audit function helps to ensure security policy compliance, including the safety of current settings, and control vulnerabilities. The Portable Scanner delivery method of KICS for Nodes helps to establish best practices of standalone, airgapped equipment security audits. Machine Learning for Anomaly Detection is an early anomaly detection system deep in the technological process.
Kaspersky Industrial CyberSecurity for Networks
OT Network Traffic Analysis, Detection and Response. Clear risk visibility with passive traffic monitoring, active polling and endpoint sensors.
Detects anomalies and intrusions inside ICS networks in their early stages and ensures the necessary actions are taken to prevent any negative impact on industrial processes.

Appliance-agnostic solution that can be quickly and optimally integrated into the established sourcing, integration and warranty practices of our customers.
Interface

Kaspersky Industrial CyberSecurity for Nodes
Industrial-grade, tested and certified Endpoint Protection, Detection and Response. A low-impact, compatible and stable solution for Linux, Windows and standalone systems.
Industrial Endpoint Protection, Detection and Response
Protects every endpoint of a modern, digital, managed and distributed automation system. It reveals new levels of incident visibility in the root cause analysis process. The agent collects the endpoint telemetry to create a clear and detailed visual representation of an incident’s progress on workstations, servers, gateways and other endpoints, reassuring automation system administrators that an incident has been fully dealt with and won’t happen again.

KICS for Nodes Portable Scanner
Enforces a cybersecurity policy on standalone machinery, automation systems or equipment on which security software cannot be installed. Ultimate situational awareness and OT-visibility even from a standalone infrastructure.
Installation-free solution
KICS for Nodes can be activated on a number of additional Portable Scanner flash drives. This helps to perform simultaneous on-demand scans on multiple machines during maintenance windows, to collect endpoint data and organize it into a convenient summary report.
Regulatory and internal policy compliance
KICS for Nodes Portable Scanner conducts anti-malware compliance checks of equipment accessing an OT site, including computers of third-party contractors. It has a very low operational footprint and does not interfere with existing security solutions.
Kaspersky Single Management Platform
The Single Management Platform is a centralized security management solution for security orchestration of the entire OT infrastructure, with a map of all geographically distributed assets enriched with events, incident analytics and more. It boosts the efficiency of mixed OT and IT security teams. A place where all your security controls work in harmony, enabling a rapid and precise response.
Expert services
Our suite of services forms an important part of the KICS portfolio. We provide the full cycle of security services, from industrial cybersecurity assessments to incident response.
Industrial Cybersecurity Assessment
Industrial Cybersecurity Assessment: Kaspersky provides a minimally invasive industrial cybersecurity assessment, including external and internal penetration testing, OT security assessment and automation solution security assessment. Kaspersky experts provide significant insights into a company’s infrastructure and recommendations on how to strengthen the ICS cybersecurity posture.
Threat Intelligence
Up-to-date analytics collected by Kaspersky experts help enhance the customer’s protection from targeted industrial cyberattacks. Delivered as TI feeds or tailored reports, they meet specific customer needs according to regional, industry and ICS software parameters.
Incident Response
In case of incident, Kaspersky experts collect and analyze data and malware, reconstruct the incident timeline, determine possible sources and motivation, and develop a detailed remediation plan. Plan include recommendations on removing malware from customer’s systems and rolling back its malicious actions.
Training and awareness
Industrial cybersecurity awareness training
On-site and online interactive training and cybersafety games for employees who work with industrial computerized systems and their managers. Participants gain new insights into the current threat landscape and the attack vectors specifically targeting industrial environments, explore practical scenarios and acquire cybersafe skills.
Expert training programs
ICS Penetration Testing and ICS Digital Forensics training courses are aimed at cybersecurity professionals. Participants gain all the advanced skills needed to conduct comprehensive pentests or digital forensics in industrial environments.