Kaspersky Announces New Data Flow for Industrial Vulnerabilities Detection

Kaspersky has launched a new machine-readable Open Vulnerability and Assessment Language (OVAL) data stream for automatic detection of vulnerabilities in operational technology (OT) software. Kaspersky Industrial OVAL Data Feed for Windows provides comprehensive intelligence data on vulnerabilities in the most popular SCADA and distributed control systems (DCS), analyzed by Kaspersky experts and powered by a wealth of up-to-date sources, and the guides needed to neutralize the attack. The stream is available in XML format for integration with vulnerability management solutions that support the OVAL standard.

The number of vulnerabilities discovered in industrial automation software is huge and this is cause for concern. For example, the National Vulnerability Database (NVD, https://nvd.nist.gov/), contains thousands of known vulnerabilities in popular software used in automation, manufacturing, and distributed control systems, and many records of known vulnerabilities in various industrial software.

Kaspersky Industrial OVAL Data Feed for Windows implements the OVAL specifications for standardized transmission of vulnerability information between various security tools and services. Thus, it helps industrial organizations improve the vulnerability detection and assessment capabilities of SCADA and other OT software.

The product is integrated into the customer’s industrial vulnerability management solution and can be used with open source OVAL interpreters. Detailed information provided about detected issues includes descriptions, the name and version of the affected software, severity score and metrics (CVSS), as well as prevention measures. Covering the world’s leading vendors such as Siemens, Schneider Electric, Yokogawa, Emerson, the scope of the flow will be expanded according to the needs of Kaspersky customers.

Kaspersky ICS CERT experts collect data and generate intelligence about vulnerabilities by constantly monitoring third-party sources such as MITER, National vulnerability database (NVD), US-CERT, product providers and communities, while also conducting their own research. All data is then carefully reviewed by the team and tested for possible errors that could affect correct detection and evaluation. The safeguards provided for vulnerabilities are based on extensive experience in OT threat protection and recommendations from SCADA vendors.

Mikhail Berezin, Head of Kaspersky ICS CERT Products, says:

“The OVAL standard is actively used to identify vulnerabilities or suitable system configurations for known software. However, there is no comprehensive and high-quality OVAL data source on the market for software used in industrial control systems. The new dataflow fills this gap and provides the necessary scope for ICS-related software. This approach will help improve the automated vulnerability assessment process while increasing the efficiency of industrial organizations. We are happy to prove this in the projects we do with our customers.”