Kaspersky unveils new data feed for industrial vulnerabilities detection
Woburn, MA – October 3, 2022 — Kaspersky announces the launch of a new machine-readable Open Vulnerability and Assessment Language (OVAL) data feed for the automated detection of vulnerabilities in operational technology (OT) software. Kaspersky Industrial OVAL Data Feed for Windows delivers comprehensive intelligence about vulnerabilities in the most popular SCADA and distributed control systems (DCS) based on data from multiple sources as well as instructions for mitigation. The feed is delivered in XML format for integration with vulnerability management solutions which support the OVAL standard.
Kaspersky Industrial OVAL Data Feed for Windows applies OVAL specifications dedicated to the standardized transfer of vulnerability information across various security tools and services. It helps industrial organizations enhance vulnerability detection and assessment of SCADA and other OT software.
The product is integrated into a customer’s industrial vulnerability management solution and can be used with open-source OVAL interpreters. It provides detailed information about detected flaws: their description, affected software name and versions, severity score and metrics (CVSS), and it also recommends measures for mitigation. The feed covers products from the world’s leading vendors such as Siemens, Schneider Electric, Yokogawa, Emerson and more to come according to the needs of Kaspersky clients.
Kaspersky ICS CERT experts collect data and build their intelligence about vulnerabilities through continuous monitoring of third-party sources, such as MITRE, National vulnerability database (NVD), US-CERT, vendors and communities, but also conducting its own research. The team carefully analyses all the data and tests it against possible errors that may affect correct detection and assessment. The mitigation measures they provide for vulnerabilities are based on their extensive experience in OT threat protection and SCADA vendor’s recommendations.
“OVAL standard is actively used to describe vulnerabilities or proper system configurations for known software. However, the market lacks a comprehensive and high-quality OVAL data source for the software used in industrial control systems,” said Mikhail Berezin, head of ICS CERT products at Kaspersky. “Our new feed fills this gap and provides sufficient coverage for ICS-related software. It will help industrial organizations enhance the automated process of vulnerability assessment while raising its effectiveness. And we are happy to prove it during projects with our customers.”
For more information about Kaspersky Industrial OVAL Data Feed for Windows, and to submit a request for piloting, please contact Kaspersky at: ics-cert@kaspersky.com
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.
Media Contact:
Cassandra Faro
Cassandra.Faro@Kaspersky.com
781-503-1812
Kaspersky unveils new data feed for industrial vulnerabilities detection
Kaspersky
Related Articles Press Releases
Kaspersky report shows just how common scams are becoming on popular online services
Consumer security survey captures user experiences and attitudes related to online scams and privacy trendsRead More >