Kaspersky
IoT Infrastructure Security

Protection for internet of things
on the gateway level
Download PDF

Kaspersky
IoT Infrastructure Security

The concept of the internet of things encompasses an enormous number of devices, technologies, software and data transmission protocols. IoT systems can make the world more comfortable, help save resources and effectively manage entire digital infrastructures. This complex, heterogeneous environment requires a special approach to cybersecurity.

Kaspersky offers the Kaspersky IoT Infrastructure Security solution with secure-by-design Kaspersky IoT Secure Gateways (KISG) as key elements. Based on KasperskyOS, these gateways help build reliable and functional IoT systems.

The first Cyber Immune industrial data gateway, Kaspersky IoT Secure Gateway 100, based on the Siemens SIMATIC IOT2040 hardware platform, securely transfers data directly from industrial equipment to cloud platforms via the OPC UA protocol. It was created jointly with Adaptive Production Technology (Aprotech), a subsidiary of Kaspersky that helps industrial companies undergo digital transformation.

Another gateway in the solution, Kaspersky IoT Secure Gateway 1000 β*, assists manufacturers with system monitoring and IoT cyber protection. It collects data and allows you to manage connected devices using the MQTT protocol over TLS. The gateway runs on the Advantech UTX-3117 hardware platform managed by Kaspersky Security Center. The complex of the two products protects IoT infrastructure at the gateway level, helping to monitor it and manage gateway events from a single center.

In the future, the line of Kaspersky IoT Infrastructure Security gateways will expand.

* The current version of the product is intended for non-commercial piloting

IoT security
Infrastructure and data protection on the gateway level
Data flow transparency
One-way data transmission through KISG 100 and centralized monitoring of all KISG 1000 events
Integration with cloud
Connection to cloud platforms for data storage and processing
Transition to Industry 4.0
Help with digital transformation: connection of OT devices to corporate IT systems and clouds

Markets

Threat protection

The main source of threats is the internet of things itself. This is due to its infrastructure and technological complexity coupled with its rapid development. Here are just a few of the potential risks:

Potential risks

Risks to public devices
If there are devices on the IoT network with public addresses or access to "the outside", they can become targets for network attacks
Connected device vulnerability
All IoT devices connected to the network are also at risk. Hacking can lead to data leaks or spoofing, or allow attackers to change the software configuration
Threats of unauthorized connections
New unauthorized connections to the system can disrupt its structural integrity and prevent it from operating correctly
Cloud storage hacking
By gaining access to the cloud platform, attackers can compromise the data stored on it and alter configurations, putting the entire infrastructure at risk

Solution components

Kaspersky IoT Secure Gateway 100

Kaspersky IoT Secure Gateway 100

Kaspersky IoT Secure Gateway 100, based on KasperskyOS, is a key element in the industrial digital transformation. It quickly and securely connects devices from the OT level to the level of enterprise IT. It is the world's first industrial internet of things (IIoT) gateway with Cyber Immunity, "innate" resistance to most types of cyberattacks.

Kaspersky IoT Secure Gateway 100 collects a lot of previously inaccessible data from equipment and securely transfers it to the Siemens MindSphere cloud. Based on this data, you can build reliable cloud analytics services that help improve production efficiency.

The gateway operates on the Siemens SIMATIC IOT2040 hardware platform.



Data protection
Collection and transmission of information directly from equipment to the cloud with the highest level of security
Access to new data
KISG 100 collects much more information from devices than traditional control systems
Equipment security
Protection of devices via direct connection to the Cyber Immune gateway. One-way data flow — inability to connect from the outside
Cloud business services
The ability to use advanced cloud applications based on secure industrial data

Specifications

Cyber Immunity
Innate resistance to the overwhelming majority of cyberattack types
Double protection
Acting as a software data diode, the gateway protects hardware at the levels of OS and component architecture
OPC UA
Connection to equipment and data transfer to the cloud via a proven universal protocol
Siemens MindSphere
Compatibility with the specialized cloud IIoT platform

Kaspersky IoT Secure Gateway 1000 β*

Kaspersky IoT Secure Gateway 1000, based on KasperskyOS, serves as an edge network cyberattack protection tool for IoT and IIoT infrastructure. It can be used together with Kaspersky IoT Secure Gateway 100 in the industrial internet of things, being installed "higher", at the border of the IoT infrastructure and external data transmission networks.

Unlike KISG 100, this gateway can be used not only in industry, and it can "communicate" with equipment via a greater number of protocols. The gateway not only collects, checks and distributes telemetry but also transmits control commands to devices.

Kaspersky IoT Secure Gateway 1000 works together with Kaspersky Security Center, a platform for centralized monitoring and management of all gateway events. Together they form the comprehensive solution Kaspersky IoT Infrastructure Security.

The gateway operates on the Advantech UTX-3117 hardware platform.

* The current version of the product is intended for non-commercial piloting



Security by design
Cybersecurity is provided at the microkernel level of Kaspersky’s own operating system for embedded solutions
IoT protection
Device detection and classification, registration of security events, protection against network attacks (IDS/IPS)
Reliable data transfer
Secure connection and communication between the gateway and cloud platform via the MQTT (Broker) protocol over TLS
Only trusted firmware downloads
Firmware updates using only properly signed and encrypted images from trusted sources

Specifications

IDS/IPS + Firewall
Protection against unauthorized network access and on-the-spot blocking of attacks on network nodes
Infrastructure monitoring
Quick search and categorization of IoT devices based on their network activity. Registration of security events in the system and on the network
Alert system
Notifications to the administrator about incidents on the network and detection of new connected devices
WebGUI
Convenient network setup and monitoring, visibility and transparency. Easy-to-use, informative dashboard


Kaspersky Security Center

Kaspersky Security Center is an advanced integrated platform for centralized administration and monitoring of the events of Kaspersky IoT Secure Gateway 1000.




Unified management console
Transparency, cost reduction and improved administration efficiency; correlation of events from different sources
Full IoT infrastructure overview
Management of up to 100,000 physical, virtual and cloud workstations

Specifications

Convenient alerts
Incident notifications through various administrator-friendly channels: text messages, email, push notifications, etc.
Flexible reporting
Customizable and ready-to-use reports with dynamic filtering and sorting by any data field
Role-based access
Each administrator can only access the tools and data relevant to their work responsibilities
Scalable architecture
When purchasing or releasing a new application, a relevant extension can be installed without re-installing or patching the console

Hardware platforms

Siemens SIMATIC IOT2040

The device is specially designed for industrial use and meets all the proven SIMATIC quality standards — durability, reliability and robustness.
Specifications
Processor system
Intel Quark X1020
Palm-size
53 (L) x 144 (W) x 90 mm (H)
Memory
1 GB DDR3-SDRAM
Ethernet
Support 100 Mbps LAN
2 x Ethernet (RJ45)
I/O interface
1 x USB 2.0
1 x USB client
2 x COM ports (RS 232, RS 422, RS 485)
1 x Arduino
Expansion
1 x microSD card slot

Hardware platforms

Advantech UTX-3117

High-performance fanless gateway supports IoT cloud computing in real time.
Specifications
Processor system
Intel Pentium N4200, 2 MB L2 Cache
RAM
Dual channel DDR3L 1600 MHz, 4 GB
Ethernet
Dual 10/100/1000 Mbps LAN support
LAN1: Intel I210AT
LAN2: Realtek RTL8111G
I/O interfaces
1 x RS-232, 5v/12v
2 x USB3.0 port
1 x SATA interface, SSD TPM Infineon SLB9665 on-board support. TPM2.0 support
Data storage
1 x SATA II SSD (32 GB) bay
mSATA 1, used concurrently with H/S miniPCIE slot

Materials

Kaspersky IoT Infrastructure Security
A comprehensive solution for protecting and monitoring internet of things
Security solution for IoT video surveillance systems
To secure the IoT infrastructure of video surveillance systems, Kaspersky is offering a solution whose key component is Kaspersky IoT Secure Gateway 1000
Cybersecure railway switch heating: Kaspersky collaboration with Russian Railways
Kaspersky solutions for comprehensive protection of the railway infrastructure

Need additional information?

Contact us to know more about KasperskyOS