Kaspersky updates KICS: Cross-platform OT XDR, PLC visibility without agents, and device-centric network control

Cloud
Share on Pinterest Share on LinkedIn

Kaspersky has updated its Industrial CyberSecurity (KICS) platform with a release aimed at enhancing detection, simplifying policy management, and improving operational efficiency in OT environments. The company frames this evolution within a context of increasing pressure: in the second half of 2025, malicious objects were blocked on 20.5% of ICS devices, signaling the intensity of threats facing industrial plants. The update introduces new features in XDR, configuration templates, PLC observability, and a device-centric network approach that helps understand who is communicating with whom and why.

What’s new (and what it’s for)

  • XDR supporting Linux and research graph. KICS extends detection and response to Linux nodes—very common in HMIs, engineering stations, and historization servers—and adds a research graph that correlates processes, files, and users to accelerate root cause analysis. Manual response actions provide surgical precision when the playbook requires it.
  • Configuration templates to save time. Predefined profiles are included for Windows, Linux, industrial network devices, and PLCs. A unified dashboard allows visibility and management of host posture with automatic alerts for changes, reducing configuration errors and drift.
  • Deep visibility of PLCs without agents. The platform introduces agentless polling and analysis of internal logs from controllers to detect behavioral anomalies, project execution issues, and logical deviations without installing additional software on the PLCs.
  • Enhanced coverage of industrial equipment. Monitoring is strengthened for common manufacturers on-site—Siemens, Prosoft, Moxa, Hirschmann, Ruggedcom, among others—facilitating management of heterogeneous fleets.
  • Device-centric network view. A new device-centric perspective profiles communication patterns and highlights high-traffic hosts, shortening the detection time for unusual behaviors and simplifying segmentation.
  • Semi-automated system health. Semi-automatic collection and analysis of OS and ICS software indicators to recommend adjustments, define exclusions, and detect degradations before they impact operations.

Why it matters for hybrid OT/IT teams

Modern industrial networks blend mixed environments (Windows/Linux), multiple brands of PLCs, and industrial switching. The KICS update reduces friction on three fronts:

  1. Time: templates and the research graph cut critical minutes in deployment and analysis.
  2. Risk: agentless visibility into PLCs limits blind spots in sensitive controllers.
  3. Operation: semi-automated health monitoring and device-focused approach help prioritize, avoiding outages and rework.

Under the hood: how it fits into OT architecture

Kaspersky maintains its two-component structure: KICS for Nodes (OT endpoints) and KICS for Networks (traffic and communication integrity). The new version brings industrial XDR closer to IT standards by integrating host telemetry with network context and PLC metadata, providing a homogeneous baseline to detect configuration changes, new communication routes, or suspicious artifacts attempting to move between cells.

Use cases where the update makes an impact

  • Adding a new line or cell: applying technology-specific templates reduces errors and speeds up hardening.
  • PLC incident with partial shutdown: agentless polling and internal log analysis help differentiate between process failures and logic tampering.
  • Configuration drift in industrial switches: the device-centric view identifies the point of asymmetry and who is generating excess traffic.
  • Warning noise after patching: health layer suggests exclusions and adjustments to lower false positives without losing coverage.

What plants should prepare before deployment

  1. Realistic asset inventory (including firmware and communication modules).
  2. Zones and conduits map to align rules with physical and logical topology.
  3. Hybrid IT/OT playbooks: what to automate, when human intervention is needed, and maintenance windows.
  4. OT KPIs: detection times, containment times, and hours of avoided downtime to measure impact.

Frequently Asked Questions

Do I need to install agents on PLCs for visibility?
No, for the new features: KICS uses agentless polling and internal log analysis to extract telemetry without touching the controller.

What does Linux support in XDR bring to a plant?
It extends detection and response to critical OT endpoints and, along with the research graph, accelerates event correlation among processes, files, and users.

How does the device-centric view help OT network security?
It profiles communication patterns by asset, highlights anomalies, and identifies high-traffic hosts, facilitating segmentation and blocking decisions with less noise.

Which industrial manufacturers are expanding compatibility?
The update highlights Siemens, Prosoft, Moxa, Hirschmann, and Ruggedcom, among others, to simplify monitoring in multi-vendor environments.

Can it improve operational efficiency, not just security?
Yes. The semi-automated health detects bottlenecks, suggests adjustments, and reduces false positives, freeing team time for higher-value tasks.

via: open security

Share on Pinterest Share on LinkedIn
Scroll to Top