IoT Infrastructure Security

Protection for internet of things
on the gateway level
Download PDF

IoT Infrastructure Security

The concept of the internet of things encompasses an enormous number of devices, technologies, software and data transmission protocols. IoT systems can make the world more comfortable, help save resources and effectively manage entire digital infrastructures. This complex, heterogeneous environment requires a special approach to cybersecurity.

Kaspersky offers the Kaspersky IoT Infrastructure Security solution with secure-by-design Kaspersky IoT Secure Gateways (KISG) as key elements. Based on KasperskyOS, these gateways help build reliable and functional IoT systems.

The first Cyber Immune industrial data gateway, Kaspersky IoT Secure Gateway 100, based on the Siemens SIMATIC IOT2040 hardware platform, securely transfers data directly from industrial equipment to cloud platforms via the OPC UA protocol. It was created jointly with Adaptive Production Technology (Aprotech), a subsidiary of Kaspersky that helps industrial companies undergo digital transformation.

Another gateway in the solution, Kaspersky IoT Secure Gateway 1000 β*, has system monitoring and IoT cyber protection functions. It collects data and allows you to manage connected devices using the MQTT protocol over TLS. The gateway runs on the Advantech UTX-3117 hardware platform managed by Kaspersky Security Center. The complex of the two products protects IoT infrastructure at the gateway level, helping to monitor it and manage gateway events from a single center.

In the future, the line of Kaspersky IoT Infrastructure Security gateways will expand.

* The current version of the product is intended for non-commercial piloting

IoT security
Infrastructure and data protection on the gateway level
Data flow transparency
One-way data transmission through KISG 100 and centralized monitoring of all KISG 1000 events
Integration with cloud
Connection to cloud platforms for data storage and processing
Transition to Industry 4.0
Help with digital transformation: connection of OT devices to corporate IT systems and clouds


Threat protection

The main source of threats is the internet of things itself. This is due to its infrastructure and technological complexity coupled with its rapid development. Here are just a few of the potential risks:

Potential risks

Risks to public devices
If there are devices on the IoT network with public addresses or access to "the outside", they can become targets for network attacks
Connected device vulnerability
All IoT devices connected to the network are also at risk. Hacking can lead to data leaks or spoofing, or allow attackers to change the software configuration
Threats of unauthorized connections
New unauthorized connections to the system can disrupt its structural integrity and prevent it from operating correctly
Cloud storage hacking
By gaining access to the cloud platform, attackers can compromise the data stored on it and alter configurations, putting the entire infrastructure at risk

Solution components

Kaspersky IoT Secure Gateway 100

Kaspersky IoT Secure Gateway 100

Kaspersky IoT Secure Gateway 100, based on KasperskyOS, is a key element in the industrial digital transformation. It quickly and securely connects devices from the OT level to the level of enterprise IT. It is the world's first industrial internet of things (IIoT) gateway with Cyber Immunity, "innate" resistance to most types of cyberattacks.

Kaspersky IoT Secure Gateway 100 collects a lot of previously inaccessible data from equipment and securely transfers it to the Siemens MindSphere cloud. Based on this data, you can build reliable cloud analytics services that help improve production efficiency.

The gateway operates on the Siemens SIMATIC IOT2040 hardware platform.

Data protection
Collection and transmission of information directly from equipment to the cloud with the highest level of security
Access to new data
KISG 100 collects much more information from devices than traditional control systems
Equipment security
Protection of devices via direct connection to the Cyber Immune gateway. One-way data flow — inability to connect from the outside
Cloud business services
The ability to use advanced cloud applications based on secure industrial data


Cyber Immunity
Innate resistance to the overwhelming majority of cyberattack types
Double protection
Acting as a software data diode, the gateway protects hardware at the levels of OS and component architecture
Connection to equipment and data transfer to the cloud via a proven universal protocol
Siemens MindSphere
Compatibility with the specialized cloud IIoT platform

Kaspersky IoT Secure Gateway 1000 β*

Kaspersky IoT Secure Gateway 1000, based on KasperskyOS, serves as an edge network cyberattack protection tool for IoT and IIoT infrastructure. It can be used together with Kaspersky IoT Secure Gateway 100 in the industrial internet of things, being installed "higher", at the border of the IoT infrastructure and external data transmission networks.

Unlike KISG 100, this gateway can be used not only in industry, and it can "communicate" with equipment via a greater number of protocols. The gateway not only collects, checks and distributes telemetry but also transmits control commands to devices.

Kaspersky IoT Secure Gateway 1000 works together with Kaspersky Security Center, a platform for centralized monitoring and management of all gateway events. Together they form the comprehensive solution Kaspersky IoT Infrastructure Security.

The gateway operates on the Advantech UTX-3117 hardware platform.

* The current version of the product is intended for non-commercial piloting

Security by design
Cybersecurity is provided at the microkernel level of Kaspersky’s own operating system for embedded solutions
IoT protection
Device detection and classification, registration of security events, protection against network attacks (IDS/IPS)
Reliable data transfer
Secure connection and communication between the gateway and cloud platform via the MQTT (Broker) protocol over TLS
Only trusted firmware downloads
Firmware updates using only properly signed and encrypted images from trusted sources


IDS/IPS + Firewall
Protection against unauthorized network access and on-the-spot blocking of attacks on network nodes
Cellular uplink
It is possible to use mobile data network as main or backup communication channel
Infrastructure monitoring
Quick search and categorization of IoT devices based on their network activity. Registration of security events in the system and on the network
Alert system
Notifications to the administrator about incidents on the network and detection of new connected devices
Convenient network setup and monitoring, visibility and transparency. Easy-to-use, informative dashboard

Kaspersky Security Center

Kaspersky Security Center is an advanced integrated platform for centralized administration and monitoring of the events of Kaspersky IoT Secure Gateway 1000.

Unified management console
Transparency, cost reduction and improved administration efficiency; correlation of events from different sources
Full IoT infrastructure overview
Management of up to 100,000 physical, virtual and cloud workstations


Convenient alerts
Incident notifications through various administrator-friendly channels: text messages, email, push notifications, etc.
Flexible reporting
Customizable and ready-to-use reports with dynamic filtering and sorting by any data field
Role-based access
Each administrator can only access the tools and data relevant to their work responsibilities
Scalable architecture
When purchasing or releasing a new application, a relevant extension can be installed without re-installing or patching the console

Hardware platforms

Siemens SIMATIC IOT2040

The device is specially designed for industrial use and meets all the proven SIMATIC quality standards — durability, reliability and robustness.
Processor system
Intel Quark X1020
53 (L) x 144 (W) x 90 mm (H)
Support 100 Mbps LAN
2 x Ethernet (RJ45)
I/O interface
1 x USB 2.0
1 x USB client
2 x COM ports (RS 232, RS 422, RS 485)
1 x Arduino
1 x microSD card slot

Hardware platforms

Advantech UTX-3117

High-performance fanless gateway supports IoT cloud computing in real time.
Intel Pentium N4200, 2 MB L2 Cache
Dual channel, DDR3L, 1600 MHz, 4 GB
Dual 10/100/1000 Mbps LAN support
LAN1: Intel I210AT
LAN2: Realtek RTL8111G
I/O interfaces
RS-232, 5v/12v
2 x USB 3.0 port
HDMI, Display Port
Data storage
1 x SATA II SSD (32 GB) bay
mSATA 1, used concurrently with H/S miniPCIE slot, 2,5" SATA
128х152х37 mm
Additional features
SIM card


Kaspersky IoT Infrastructure Security
A comprehensive solution for protecting and monitoring internet of things
Cybersecure railway switch heating: Kaspersky collaboration with Russian Railways
Comprehensive approach to ensure the cybersecurity of the railway switch heating system
Cybersecurity of the IoT in smart cities
Building secure smart city systems with Kaspersky IoT Infrastructure Security
KISG 1000 datasheet
Specifications and highlights of IoT gateway

Need additional information?

Contact us to know more about KasperskyOS