Kaspersky ICS Security Assessment
Identification of security flaws in ICS infrastructures
Overview
An increase in malware and attacks on Industrial Control Systems (ICS), the growing number of new vulnerabilities in ICS equipment and an increased necessity for these systems to be integrated with other environments (like ERP, for example) have necessitated a more thorough approach to ICS security. In addition, ICS security is closely tied with functional security and a successful hacker attack could lead to production accidents.
Kaspersky ICS Security Assessment service identifies security flaws in ICS on all layers: starting from physical and network security, to vendor-specific vulnerabilities in ICS components such as supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs) and others. This service provides you with information on the consequences of vulnerabilities exploitation, evaluates the effectiveness of implemented security measures, and enables you to plan further actions to fix detected flaws and improve security.
Service Scope and Options
Industrial control systems of any vendor and industry can be analyzed by Kaspersky Lab experts: power generation and transmission, transportation systems, oil and gas production, mining operations, and many others. Depending on your infrastructure and needs, different security assessment approaches and combinations may be used:
Internal Penetration testing
A security assessment that simulates an internal attacker in the corporate network attempting to obtain unauthorized access to the ICS environment.
ICS Security Assessment
Internal penetration testing and careful assessment of the ICS environment specifics, including analysis of industrial systems and protocols followed by pre-approved tests demonstrated on the real system.
ICS Solution Security Assessment
A security assessment during which our experts will separately analyze the software and hardware solutions used to control the industrial process, and the systems connected to it.
Comprehensive Reporting
A summary report detailing all discovered vulnerabilities and security flaws, with actionable recommendations for immediate resolution
Why you should do this
ICS Security Assessment by Kaspersky Lab helps organizations to:
- Understand the weakest spots of ICS and focus on improving the corresponding security processes
- Avoid human, environmental, financial, operational and reputational loss that potentially could be caused by malefactors, by proactively detecting and fixing the vulnerabilities which could be used for attacks
- Analyze systems’ compliance to ICS security standards specific to your region and industry, for instance NERC CIP standards
- Comply with government, industry and internal corporate standards that require security assessments to be carried out
How the service do this
The service is performed by experienced Kaspersky Lab security experts who respect your systems’ confidentiality, integrity and availability in strict adherence to international laws and best practices.
Kaspersky Lab provides ICS security assessments in accordance with the following international standards and best practices:
- Penetration Testing Execution Standard (PTES)
- NIST Special Publications 800-115 Technical Guide to Information Security Testing and Assessment
- Open Source Security Testing Methodology Manual (OSSTMM)
- Information Systems Security Assessment Framework (ISSAF)
- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards
- Web Application Security Consortium (WASC) Threat Classification
- Open Web Application Security Project (OWASP) Testing Guide
- Center for Internet Security (CIS) standards
- Common Vulnerability Scoring System (CVSS) and other standards (depending on your organization’s business and location).
Pricing Notes:
- Pricing and product availability subject to change without notice.