Kaspersky Industrial CyberSecurity (KICS), a native Extended Detection and Response (XDR) platform

This update expands cross-platform Extended Detection and Response capabilities, streamlines security settings management and provides deeper understanding of network activity. These enhancements enable faster threat detection, easier configuration control, and greater operational efficiency.

Recent findings from Kaspersky ICS CERT reveal that malicious objects were blocked on 20.5% of ICS computers in the second half of 2025. This figure underscores a quite high volume of cybersecurity threats facing industrial environments today and highlights the urgent need for organizations to implement comprehensive protection strategies to safeguard their critical assets and processes. In response to the increasing demand for enhanced cybersecurity, Kaspersky has upgraded its flagship solution for industrial environments.

The company offers a distinctive ecosystem that seamlessly integrates dedicated OT-grade technologies, expert knowledge and invaluable expertise. At the core of this ecosystem lies Kaspersky Industrial CyberSecurity (KICS), a native Extended Detection and Response (XDR) platform designed for critical infrastructure protection. Developed to comprehensively secure the industrial automation and control systems it consists of KICS for Nodes that is aimed at endpoints of distributed control systems and KICS for Networks that monitors automation system network security.

New hardware models now available[1]

KESR Model 1-GA: Tailored for small to medium-sized businesses, this entry-level model delivers reliable performance at an attractive price point, making it an ideal choice for growing organizations seeking cost-effective solutions.

KESR Model 2-GL: Offering the perfect balance between price and performance, this model is suitable for both medium and large enterprises aiming to optimize their network infrastructure without compromise.

DNS conditional forwarder

This feature allows DNS requests to be forwarded to different servers based on specific conditions. This capability streamlines management of geographically distributed networks, reduces response times and ensures faster access to critical services across multiple locations.

Troubleshooting tools for routing protocols

Now companies can simplify network management with centralized troubleshooting for BGP and OSPF protocols. They can specify detailed debug parameters with filters, significantly easing the debugging process. This advancement reduces reliance on direct remote console access, enabling quicker diagnosis and resolution of routing issues.

#  Scheduled active polling and automated network topology visualization

KICS provides a topology map that displays real-time information about asset connections and manages security state changes for devices without installed agents, such as computers and switches. Active polling tasks now support scheduling, to automate the creation of this map and keep connection data, asset attributes and security settings up to date. Each scheduled run is supplemented with a detailed report, including query results and any identified issues.

# Increased capabilities to detect anomalies in digital substations

KICS for Networks now supports the import of SCD (substation configuration description) files[2] to analyze configurations, the extraction of asset attributes, and the review of IEC 61850 settings. It also provides a report of identified errors and misconfigurations. By monitoring substation networks based on reference configurations it enables the detection of unauthorized network connections, anomalous activity, and failures or errors in IEC 61850 communications. This indicates improper operation or equipment misconfigurations.

To keep your OT computers protected from various threats, Kaspersky experts recommend:

Conducting regular security assessments of OT systems to identify and eliminate possible cyber security issues.

Establishing continuous vulnerability assessment and triage as a basement for effective vulnerability management process. Dedicated solutions like Kaspersky Industrial CyberSecurity may become an efficient assistant and a source of unique actionable information, not fully available in public.

Performing timely updates for the key components of the enterprise’s OT network; applying security fixes and patches or implementing compensating measures as soon as it is technically possible is crucial for preventing a major incident that might cost millions due to the interruption of the production process.

Using EDR solutions such as Kaspersky Endpoint Detection and Response for timely detection of sophisticated threats, investigation, and effective remediation of incidents.

Improving the response to new and advanced malicious techniques by building and strengthening your teams’ incident prevention, detection, and response skills. Dedicated OT security trainings for IT security teams and OT personnel is one of the key measures helping to achieve this.

By - Aaradhay Sharma