Kaspersky IoT
Infrastructure Security

Protecting the internet of things
at the Cyber Immune gateway level

About the solution

The internet of things (IoT) is an important tool in the digitalization and successful transition of enterprises to Industry 4.0. Connecting IoT equipment to cloud platforms allows you to build end-to-end digital services, improving your ability to analyze data and monitor device operation and condition. All of this helps save resources, improve management of digital infrastructure and boost business efficiency (including compliance with ESG standards).

To ensure end-to-end services are reliable and deliver maximum value to a company, you need to protect the IoT and its data from cyberthreats.

The internet of things needs a special approach to security. It is a complex environment consisting of a large number of disparate elements. Installing protection tools that need regular updates on each of them is a time-consuming and resource-intensive process. You can ensure the security of infrastructure and its data at the gateway level – the one link between equipment and a cloud platform.

Kaspersky IoT Infrastructure Security is a range of Cyber Immune gateways – Kaspersky IoT Secure Gateway (KISG) – based on KasperskyOS for building reliable and functional IoT systems. These gateways play a key role in creating end-to-end services for enterprise digital transformation.

The commercial development of KISGs and the creation of end-to-end digital services based on them is carried out by Adaptive Production Technologies LLC (Aprotech), Kaspersky’s subsidiary which took part in the development of the gateways. Solution delivery options:

  • KISG 100
  • KISG 1000 + Kaspersky Security Center
  • KISG 100 + KISG 1000 + Kaspersky Security Center

Kaspersky IoT Secure Gateway 100 is a Cyber Immune data gateway for industry based on the Siemens SIMATIC IOT2040 hardware platform.

Kaspersky IoT Secure Gateway 1000 is a universal Cyber Immune gateway with monitoring functions and protection from cyberattacks, built on the Advantech UTX-3117 hardware platform. It works in tandem with Kaspersky Security Center, a platform for the centralized management of all gateway events.

The Kaspersky IoT Infrastructure Security range will be expanded in the future.

Cyber Immune IIoT gateway presentation

Full screen

Gateway functions in an industrial network

Infrastructure reliability

Infrastructure and data protection on the gateway level

Transition to Industry 4.0

Assistance with digital transformation and building end-to-end services for on-premises and cloud analytics

Cloud integration

Support for proven cloud storage and processing platforms

Data flow transparency

One-way data transmission through KISG 100 and centralized monitoring of all KISG 1000 events

Threat protection

The main source of threats is the internet of things itself. This is due to its infrastructure and technological complexity coupled with its rapid development. Here are just a few of the potential risks:

Risks to public devices

If there are devices on the IoT network with public addresses or access to "the outside", they can become targets for network attacks

Connected device vulnerability

All IoT devices connected to the network are also at risk. Hacking can lead to data leaks or spoofing, or allow attackers to change the software configuration

Threats of unauthorized connections

New unauthorized connections to the system can disrupt its structural integrity and prevent it from operating correctly

Cloud storage hacking

By gaining access to the cloud platform, attackers can compromise the data stored on it and alter configurations, putting the entire infrastructure at risk

Solution components

Kaspersky IoT Secure Gateway 100

Kaspersky IoT Secure Gateway 100, based on KasperskyOS, quickly and securely connects operational technology (OT) devices with the world of corporate IT systems. It is the first industrial internet of things (IIoT) gateway in the world to have Kaspersky Cyber Immunity – innate resistance to most types of cyberattacks.

KISG 100 collects and securely transmits data directly from industrial equipment via the OPC UA protocol to the Siemens MindSphere industrial cloud. At the same time, the gateway acts as a data diode – it only transmits information in one direction (from the field level to the cloud), which protects the equipment from external access by intruders.

Trusted data can be used to build reliable end-to-end digital services with cloud-based analytic apps. They help provide better analysis of production activities and, as a result, increase their efficiency.

The gateway operates on the Siemens SIMATIC IOT2040 hardware platform.

End-to-end digital services

Enables the building of end-to-end services with cloud-based analytic applications

Access to new data

Collects more information from equipment than traditional control systems

Continuity

Performs critical functions even in hostile environments

Double protection

Protects data from compromise, and equipment from external access

Features

Kaspersky Cyber Immunity

Innate resistance to the overwhelming majority of cyberattack types

Siemens MindSphere

MindLib support for work with a proven IIoT cloud

Siemens SIMATIC IOT2040

Dedicated hardware platform for industrial use

OPC UA

Connection to equipment and data transfer to the cloud via a proven universal protocol

Hardware platforms

Siemens SIMATIC IOT2040

The device is specially designed for industrial use and meets all the proven SIMATIC quality standards — durability, reliability and robustness.

Processor system
Intel Quark X1020
Palm-size
53 (L) x 144 (W) x 90 mm (H)
Memory
1 GB DDR3-SDRAM
Ethernet
Support 100 Mbps LAN
2 x Ethernet (RJ45)
I/O interface
1 x USB 2.0
1 x USB client
2 x COM ports (RS 232, RS 422, RS 485)
1 x Arduino
Expansion
1 x microSD card slot

Kaspersky IoT Secure Gateway 1000

Not only does the gateway have its own innate protection against cyberthreats, it also helps protect the entire IoT and IIoT infrastructure. It can be used together with Kaspersky IoT Secure Gateway 100 to secure the industrial internet of things, installing it “above” – at the border of the infrastructure and external data transfer networks.
Unlike KISG 100, this gateway can be used not only in industry, is able to "communicate" with equipment via a larger number of protocols and is compatible with a wide variety of clouds. It collects, verifies and distributes telemetry, and has management capabilities via MQTT.
All events in Kaspersky IoT Secure Gateway 1000 can be conveniently managed from a single center – the Kaspersky Security Center console. Together they form a comprehensive Kaspersky IoT Infrastructure Security solution.

The gateway operates on the Advantech UTX-3117 hardware platform.

Continuity

Performs critical functions even in hostile environments

Infrastructure security

Protects the internet of things from cyberattacks

Centralized management

Convenient control and monitoring of all gateway events via Kaspersky Security Center

End-to-end digital services

Enables the building of end-to-end services with cloud-based analytic applications

Features

Kaspersky Cyber Immunity

Innate security at the OS level as well as resilience to the vast majority of cyberattacks

IoT protection

Device detection and classification, registration of security events, protection against network attacks (IDS/IPS)

Reliable data transfer

Secure connection and communication between the gateway and cloud platform via the MQTT (Broker) protocol over TLS

Cellular uplink

It is possible to use mobile data network as main or backup communication channel

Infrastructure monitoring

Quick search and categorization of IoT devices based on their network activity. Registration of security events in the system and on the network

Only trusted firmware downloads

Firmware updates using only properly signed and encrypted images from trusted sources

Alert system

Notifications to the administrator about incidents on the network and detection of new connected devices

WebGUI

Convenient network setup and monitoring, visibility and transparency. Easy-to-use, informative dashboard

Hardware platforms

Advantech UTX-3117

High-performance fanless gateway supports IoT cloud computing in real time.

CPU
Intel Pentium N4200, 2 MB L2 Cache
RAM
Dual channel, DDR3L, 1600 MHz, 4 GB
Ethernet
Dual 10/100/1000 Mbps LAN support
LAN1: Intel I210AT
LAN2: Realtek RTL8111G
I/O interfaces
RS-232, 5v/12v
2 x USB 3.0 port
HDMI, Display Port
Data storage
1 x SATA II SSD (32 GB) bay
mSATA 1, used concurrently with H/S miniPCIE slot, 2,5" SATA
Dimensions
128х152х37 mm

Kaspersky Security Center

Kaspersky Security Center is an advanced integrated platform for centralized administration and monitoring of the events of Kaspersky IoT Secure Gateway 1000.


Unified management console

Transparency, cost reduction and improved administration efficiency; correlation of events from different sources

Full IoT infrastructure overview

Management of up to 100,000 physical, virtual and cloud workstations

Features

Convenient alerts

Incident notifications through various administrator-friendly channels: text messages, email, push notifications, etc.

Flexible reporting

Customizable and ready-to-use reports with dynamic filtering and sorting by any data field

Role-based access

Each administrator can only access the tools and data relevant to their work responsibilities

Scalable architecture

When purchasing or releasing a new application, a relevant extension can be installed without re-installing or patching the console

Learn more about KasperskyOS

We are always happy to answer your questions about KasperskyOS and solutions based on it. Fill out the form to get additional information or to discuss cooperation prospects

Ask a Question