Connect with us

Hi, what are you looking for?

HEADLINES

Kaspersky unveils new data feed for industrial vulnerabilities detection

Kaspersky Industrial OVAL Data Feed for Windows delivers comprehensive intelligence about vulnerabilities in most popular SCADA and distributed control systems (DCS) based on data from multiple sources, analyzed and updated by Kaspersky experts, as well as instructions for mitigation.

Kaspersky launched a new machine-readable Open Vulnerability and Assessment Language (OVAL) data feed for the automated detection of vulnerabilities in operational technology (OT) software. Kaspersky Industrial OVAL Data Feed for Windows delivers comprehensive intelligence about vulnerabilities in most popular SCADA and distributed control systems (DCS) based on data from multiple sources, analyzed and updated by Kaspersky experts, as well as instructions for mitigation. The feed is delivered in XML format for integration with vulnerability management solutions which support the OVAL standard.

The number of vulnerabilities discovered in industrial automation software is substantial and raises concern. For example, the National Vulnerability Database (NVD, https://nvd.nist.gov/) contains thousands of known vulnerabilities in popular software used in automation, manufacturing execution and distributed control systems, and many more recordings of known vulnerabilities in various industrial software solutions.

Kaspersky Industrial OVAL Data Feed for Windows applies OVAL specifications dedicated to the standardized transfer of vulnerability information across various security tools and services. It helps industrial organizations enhance vulnerability detection and assessment of SCADA and other OT software. 

The product is integrated into a customer’s industrial vulnerability management solution and can be used with open-source OVAL interpreters. It provides detailed information about detected flaws: their description, affected software name and versions, severity score and metrics (CVSS), and it also recommends measures for mitigation. The feed covers products from the world’s leading vendors such as Siemens, Schneider Electric, Yokogawa, Emerson and more to come according to the needs of Kaspersky clients.

Advertisement. Scroll to continue reading.

Kaspersky ICS CERT experts collect data and build their intelligence about vulnerabilities through continuous monitoring of third-party sources, such as MITRE, National vulnerability database (NVD), US-CERT, vendors and communities, but also conducting its own research. The team carefully analyzes all the data and tests it against possible errors that may affect correct detection and assessment. The mitigation measures they provide for vulnerabilities are based on their extensive experience in OT threat protection and SCADA vendor’s recommendations.

“OVAL standard is actively used to describe vulnerabilities or proper system configurations for known software. However, the market lacks a comprehensive and high-quality OVAL data source for the software used in industrial control systems. Our new feed fills this gap and provides sufficient coverage for ICS-related software. It will help industrial organizations enhance the automated process of vulnerability assessment while raising its effectiveness. And we are happy to prove it during projects with our customers,” comments Mikhail Berezin, Head of ICS CERT Products at Kaspersky. 

To get more information about Kaspersky Industrial OVAL Data Feed for Windows and submit request for a piloting please contact Kaspersky via ics-cert@kaspersky.com.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Globe and GMS are committed to enhancing the experience for enterprise customers by offering a comprehensive omni-channel campaign suite. This includes the deployment of...

HEADLINES

Dr. Dodjie Maestrecampo, president of Mapúa, discussed the future of AI within Mapúa institutions. He shared how the university is already offering courses to...

HEADLINES

Digido offers a First Loan For Free service, where first-time borrowers can avail up to PHP 4,000 with 0% interest and a standard Personal...

SOFTWARE

Models from Sony, Panasonic and Nikon are among the new additions to the list of supported hardware.

HEADLINES

Infinix's notable accomplishments on the Shopee platform include ranking as the best-selling smartphone brand in the mobile phones category during Shopee's 2023 11.11 Big...

HEADLINES

PLDT Home’s new Gigabit Fiber plans deliver up to 10 Gbps speeds – 100 times faster than the current average broadband speed in the...

HEADLINES

Smart Communications, Inc. (Smart), the wireless arm of PLDT, lit up the University of the Philippines Diliman’s (UPD) annual UP Fair, a week-long advocacy-led...

HEADLINES

6D Technologies and Smart will streamline key sales and distribution processes, automate inventory management, optimize resource utilization, and enhance overall dealer operational efficiency.

Advertisement