Recent findings from Kaspersky ICS CERT reveal that malicious objects were blocked on 20.5% of ICS computers in the second half of 2025. This figure underscores a quite high volume of cybersecurity threats facing industrial environments today and highlights the urgent need for organisations to implement comprehensive protection strategies to safeguard their critical assets and processes. In response to the increasing demand for enhanced cybersecurity, Kaspersky has upgraded its flagship solution for industrial environments.

The company offers a distinctive ecosystem that seamlessly integrates dedicated OT-grade technologies, expert knowledge and invaluable expertise. At the core of this ecosystem lies Kaspersky Industrial CyberSecurity (KICS), a native Extended Detection and Response (XDR) platform designed for critical infrastructure protection. Developed to comprehensively secure the industrial automation and control systems it consists of KICS for Nodes that is aimed at endpoints of distributed control systems and KICS for Networks that monitors automation system network security.

The new release introduces a range of advanced capabilities designed to strengthen security and ensure resilient operations:

Expanded XDR capabilities

The latest version of KICS now includes support for Linux nodes, enabling faster and more accurate incident analysis. With the new investigation graph, security teams can identify correlations between processes, files, and users, facilitating quicker root-cause analysis. Additionally, manual control features allow precise response actions, enhancing overall threat mitigation efficiency.

Enhanced configuration control for time savings

To simplify security settings management, the platform now offers ready-made templates for Windows, Linux, industrial network devices, and PLCs (Programmable Logic Controllers). This streamlining reduces setup time and minimises errors. A unified window for viewing and managing host configurations enables rapid detection of changes, with automatic alerts for any modifications—helping organisations maintain optimal security postures effortlessly.

Deeper insights into PLCs and operational performance

The new update provides advanced tools for monitoring PLCs through agentless polling and sophisticated internal log analysis. This approach grants organisations deeper insights into PLC behavior and project execution issues without the need for additional software. Faster troubleshooting and operational insights help minimise downtime and ensure smooth industrial processes.

Monitoring capabilities have been also extended to include a broader range of industrial-grade devices such as Siemens, Prosoft, Moxa, Hirschmann, and Ruggedcom. The agentless polling feature reduces complexity and saves time by enabling seamless management of diverse industrial equipment without additional software installations.

A new device-centric approach for network integrity control

A new device-focused approach enhances network activity monitoring. This feature delivers detailed insights into asset communication patterns, allowing security teams to quickly identify high-traffic hosts and understand how devices interact across the network. Such visibility simplifies network oversight and improves threat detection.

Optimised system performance with automated data collection

To address operational efficiency, the platform now offers semi-automatic collection and analysis of OS and ICS software health data. This feature rapidly identifies performance issues, recommends optimal settings, and generates exclusion rules, enabling organisations to resolve problems more swiftly and maintain system stability.

“Our ongoing commitment is to support our customers in establishing more robust and integrated protection for both their IT and OT environments. The latest release of KICS introduces innovative features that greatly improve the security, visibility, and management of industrial networks. These enhancements enable organisations to better protect their critical infrastructure and respond more effectively to emerging threats. Our aim is to provide industrial companies with smarter, more adaptable solutions that ensure operational resilience and strengthen their overall cybersecurity stance,” comments Andrey Strelkov, Head of the Industrial Cybersecurity Product Line at Kaspersky.