Latest News

Early detection of process breakdown will reduce costly industrial downtime

System disruption can incur significant costs in industrial settings. New Kaspersky estimates show that a 50% reduction in downtime enables annual savings of up to $1m for a large power plant or $2.5m for an oil refinery[1]. It is critical to keep technological process on an optimal path and avoid interruptions of any kind, including equipment malfunctions, operator errors, or cyberattacks on industrial control systems. Preventing these interruptions is key and can be enabled by machine learning solutions that detect system deviations at the earlier stage.

In light of this, Kaspersky has now made Machine Learning for Anomaly Detection (MLAD) widely available as a commercial product. The detector is empowered with ML algorithms that analyse telemetry from machinery sensors. It warns of machine malfunctions by raising alerts as soon as manufacturing process parameters (tags) begin to behave in an unexpected way. MLAD provides a feature-rich graphical interface for detailed analysis of anomalies, as well as tools that can integrate the product with existing systems, to deliver alerts to operators’ dashboards.

Kaspersky Machine Learning for Anomaly Detection’s neural network analyses telemetry in real-time from various sensors used in the production process. It detects minor deviations, such as a change in signals’ dynamics or correlations, and gives alerts before performance is impacted – enabling plant operators to take preventive actions. To be able to detect anomalies, the neural network learns the normal behaviour of the machine from historical telemetry data. If a parameter of the production process changes (for example, a new type of raw material is introduced) or a part of the machine is replaced, an operator can re-run the ML trainer to update the neural network. In addition to an ML-based detector, customised diagnostic rules for specific cases can be added at the customer’s request.

Kaspersky MLAD works in the existing plant’s infrastructure and does not require the installation of additional sensors. To obtain data and report anomalies, Kaspersky MLAD connects to industrial control systems such as supervisory control and data acquisition (SCADA). Alternatively, it can be integrated with Kaspersky Industrial CyberSecurity for Networks. The product natively supports popular protocols including Open Platform Communications United Architecture (OPC UA) Message Queuing Telemetry Transport (MQTT), Advanced Message Queuing Protocol (AMQP), as well as Representational State Transfer (REST), which makes it applicable to systems with diverse equipment.

Kaspersky MLAD provides a graphical interface for the analysis of detected anomalies. Thanks to the visualised time plots of all monitored processes, an expert can see what went wrong, when, and in what part of the system.

Advanced ML algorithms and the ability to adapt to particular industrial processes make Kaspersky Machine Learning for Anomaly Detection an essential tool to ensure smooth production. It complements monitoring systems and machine operators’ expertise with the ability to detect anomalies in a complex environment. No matter what causes the deviations, downtime, equipment breakdowns and disasters can be prevented thanks to early alerts. We have been developing the technology for several years and today we’re happy to announce the general availability of our fully-fledged product to help customers achieve these benefits,” comments Andrey Lavrentyev, Head of Technology Research Department at Kaspersky.

For more information about Kaspersky Machine Learning for Anomaly Detection, please visit

[1] The estimation is based on Kaspersky analysis of different parameters including downtime duration, parameters of economic activity of organisations, and modelling.