Expert Services and Intelligence

Industrial cybersecurity expert services assist to strengthen your cybersecurity ecosystem with assessment, penetration testing, incident response and forensics tools. Experts with a global experience in a wide range of industries are using consistent, structural approach to identify relevant threats, investigate and prevent the cyber incidents.

Cybersecurity Assessment

For organizations concerned about the potential operational impact of IT/OT security, Kaspersky provide a minimally invasive pre-installation cybersecurity assessment. A crucial first step in establishing security requirements within the context of operational needs, it can also provide significant insight into cybersecurity levels without any further deployment of protection technologies.

Incident Response

In case of a cybersecurity incident, our experts will conduct independent expert analysis of incident evidence, reconstruct the timeline of an incident, determine possible sources and reasons and develop a plan to provide remediation and minimize damage. In addition, Kaspersky offers a malware analysis service – within its framework, Kaspersky experts will categorize the malware sample received from the customer, analyze its functions and behavior and develop recommendations and a plan to remove that malware and roll back any malicious actions.

Threat Intelligence

Intelligence services help to stay safe in front of instantly emerging threats. Analytics, collected especially for your region, industry and ICS software, would enhance your cyber protection from targeted industrial cyber attacks.

Threat Intelligence and Reporting for ICS

Kaspersky’s threat intelligence for ICS gives an additional level of cyber defense. Relevant TI feeds about current industrial threat landscape would meet your interests by regional, industry and ICS parameters. Integration to SIEM allows to receive notifications about the incidents that helps predict and prevent cyber attack. Moreover, to identify industrial and regional cybersecurity compliance gaps, our experts can provide you with tailored ICS Cybersecurity review. This review includes recommendations on the defense-in-depth strategy to ensure the security and integrity of the ICS systems and minimize risks of security stability. 

 

Read the latest public report

Internet Availability Scan service

The Internet availability scan service helps to recognize the best way to mount an attack against the organization, identify routes and information, which is available to an attacker specifically targeting the customer. Using open-source intelligence our experts piece together a comprehensive picture of your current attack surface. Knowing about the weakest spots and having recommendations from Kaspersky will allow you to fix the vulnerabilities and avoid possible negative impact on system from cybercriminal attacks or insiders.

 

Read the pubic report

ICS Hash Data Feed

ICS Hash Data Feed offers threat intelligence for the benefit of security operations, incident investigations and response relevant to Industrial Control Systems (ICS). It helps to focus on mitigating threats that are most relevant to your industrial infrastructure and pose the most risk to your business.

 

ICS Hash Data Feed provides organizations with constantly updated threat data on malicious objects that infect devices used in ICS. Every record is enriched with actionable context (threat names, timestamps, geolocation, hashes, popularity etc). Contextual data helps reveal the ‘bigger picture’, further validating and supporting the wide-ranging use of the data and allow automation of the initial alert triage process. Set in context, the data can more readily be used to answer the who, what, where, when questions which lead to identifying your adversaries, helping you make timely decisions and boost investigation and response activities.

 

Kaspersky ICS CERT experts contribute to generating the feed, applying extensive tests and filters to ensure delivering of 100% vetted data, with no False Positives. ICS Hash Data Feed can be easily integrated with popular SIEMs (including Micro Focus ArcSight, IBM QRadar, Splunk, etc.) and other security controls tools for more efficient security operations.