Attacks targeting operational technologies (OT) are the most dangerous for industrial facilities because they can disrupt the technological process and do irreversible damage to equipment, resulting in major financial and reputational losses. Some attacks on OTs do not come from inside the digital environment (reflashing the controller or spoofing sensor readings), but are purely physical (shutting off a valve, removing a sensor, or attaching a false sensor). There are so many processes inside an enterprise that the harmful effects can go unnoticed for a long time, especially since the attackers usually try to hide their malicious actions. In such conditions, traditional solutions are unable to protect the industrial environment from threats aimed at technological infrastructure.
Kaspersky Machine Learning for Anomaly Detection (Kaspersky MLAD) is an innovative system that uses a neural network to simultaneously monitor a wide range of telemetry data and identify anomalies in the operation of cyber-physical systems, which is what modern industrial facilities are.
Detects deviations in equipment operation caused by an attack or an error, and eliminates danger in the very early stages of development
Identifies fraud and sabotage in the enterprise
Improves performance by identifying and eliminating hard-to-detect deviations in technological processes
Ensures the level of protection in the enterprise complies with regulatory requirements
These connections between parameters are set in the control logic of an ICS during its design, and are determined by the physical laws of the process flow, operating conditions, input parameters, and other factors. Consequently, an attack that affects some process parameters inevitably produces changes in others.
The Kaspersky MLAD neural network learns these interconnections and uses them to identify anomalies – that is, deviations from the normal process flow.
For example, spoofing of process data
For example, equipment or sensor failure
For example, incorrect actions by the operator (intentional or unintentional), incorrect equipment settings, changing modes or setpoints, or switching to manual control
of thousands of technological parameters and analysis of deviations from the norm in real time
of changes in the most significant technological parameters and their predicted values
in the early stages of development, before the deviation has aroused operator suspicions or triggered emergency protection rules
if the overall deviation from the normal process flow is greater than the threshold defined at the neural network training stageAlerts can be sent through the web interface by email or by sending messages to Kaspersky Industrial CyberSecurity for Networks
the anomaly detection in the event log for subsequent analysis by process engineers
Unlike traditional security solutions, there is no need to draw up a long list of rules and expend time and effort on keeping them up to date
Petrochemical industry and transportation of petroleum products
Assembly line production
Smart building management
Water treatment and supply