CORE: Kaspersky Endpoint Security for Business

Features

Kaspersky Endpoint Security for Business ADVANCED delivers efficiency boosting systems management capabilities plus an array of security technologies – and you can control it all from one management console.

Anti-Malware for Workstations

Superior anti-malware for your systems

Kaspersky Endpoint Security for Business ADVANCED delivers Kaspersky’s latest anti-malware engine – with a combination of signature-based, heuristic and cloud-assisted technologies. Since 2004, Kaspersky has won the greatest number of gold and platinum awards – across all testing categories – from the third-party Anti-Malware Test Lab.

Security for heterogeneous IT environments*

By providing anti-malware protection for a range of platforms – including Mac, Linux and Windows – Kaspersky Endpoint Security for Business ADVANCED helps you to secure a wider range of your systems… including the new Windows 8 operating system.

Protection against the latest malware

Because new malware is constantly being unleashed on the world, Kaspersky delivers malware database updates much more frequently than many other anti-malware vendors – so you’re better protected against zero-day threats. Our pattern-based signatures combine improved detection and smaller update files – to deliver effective protection, with less load on your systems.

Even earlier protection

Kaspersky’s Urgent Detection System database is continually being updated with data about the latest malware discoveries – so we can help to protect your systems against new threats, before the release of a new malware signature.

Automatic monitoring of application behaviour

As soon as an application launches on any of your computers, Kaspersky’s System Watcher starts to monitor the application and assess its behaviour. If System Watcher detects any suspicious behaviour within an application, Kaspersky Endpoint Security for Business ADVANCED automatically blocks the application.

Deeper levels of protection

Kaspersky’s Active Disinfection technology works at the lowest levels of a computer’s operating system – to protect against malicious code.

The power of the cloud

The cloud-based Kaspersky Security Network (KSN) automatically gathers data about suspicious behaviour and malware on millions of consenting customers’ computers. Armed with this real-time data, Kaspersky Endpoint Security for Business ADVANCED can respond much more rapidly to new malware – and also cut the incidence of ‘false positives’ that can affect your productivity. Third-party assessments have shown that the Kaspersky Security Network helps Kaspersky to respond to new threats in as little as 0.02 seconds.

Protection against hacker attacks

Kaspersky Endpoint Security for Business ADVANCED includes Kaspersky’s Host-based Intrusion Prevention System (HIPS) and personal firewall. Flexible tools let you control inbound and outbound traffic – by setting up parameters for an individual port, IP address or application.

Blocking attacks on your network

With its Network Attack Blocker feature, Kaspersky Endpoint Security for Business ADVANCED detects and monitors suspicious activity on your network. You can preconfigure how your systems respond when suspicious behaviour is detected.

*Not all features are available on all platforms.

Anti-Malware for File Servers

Protecting heterogeneous environments

With its world-class antivirus engine – plus optimised scanning – Kaspersky Endpoint Security for Business ADVANCED provides anti-malware protection for file servers running Windows, Linux, Novell NetWare or FreeBSD… with little impact on performance. In addition to running on cluster servers, Kaspersky’s anti-malware application also protects Citrix and Microsoft terminal servers.

Resilient anti-malware

In the event of one of your systems developing a fault or suffering an unplanned shut down, Kaspersky’s anti-malware application will re-launch when your file server restarts.

Easy to manage – and flexible reporting

Flexible management and reporting features make it easier and quicker to set up file server security and generate reports.

Protects virtualised environments

Kaspersky anti-malware for file servers is VMware Ready certified.

View Datasheet: Kaspersky Security for File Server: Reliable Protection for Intellectual Property

Systems Management

Asset management – hardware, software and licences

Today’s complex IT environments make it difficult for a business to keep track of all of the hardware and software assets on their network. If administrators can’t see every asset, how can they be sure they’re applying the correct controls and protection?

With Kaspersky Endpoint Security for Business ADVANCED, all devices and software on the network are automatically discovered and recorded in hardware and software inventories. Greater visibility of your hardware and software assets makes it easier for you to assess the security status of each system and apply the appropriate security settings. In addition, because the software inventory includes information about licences and expiry dates, Kaspersky Endpoint Security for Business ADVANCED helps to enable centralised licence provisioning and tracking of any breaches of licence conditions.

Patch and vulnerability management

Working with the Microsoft WSUS database and Kaspersky’s own database of application and operating system vulnerabilities, Kaspersky Endpoint Security for Business ADVANCED automatically scans your corporate network for unpatched vulnerabilities. It can regularly synchronise data on Microsoft updates and hotfixes and apply them to your systems. For many non-Microsoft applications, information about new patches is downloaded from Kaspersky’s servers.

Operating system (OS) deployment

Kaspersky Endpoint Security for Business ADVANCED automates the creation and cloning of computer images – to save you time and help to optimise operating system deployment. Images can be stored in a special inventory that’s ready for access during deployment.

Application provisioning

Kaspersky Endpoint Security for Business ADVANCED simplifies the distribution of applications. Administrators can deploy software on command or can schedule it for outside normal office hours. The software deployment process is entirely transparent to users.

Remote troubleshooting and deployment

With remote access to any computer on the corporate network, Kaspersky Endpoint Security for Business ADVANCED helps administrators to resolve problems efficiently. Furthermore, when you need to deploy new software at a remote office, you can reduce the load on your network by using one local workstation as the update agent for the whole site.

Network Admission Control

Kaspersky Endpoint Security for Business ADVANCED makes it easy for you to control admission to your network – to help protect against malware entering your systems. Because devices are automatically discovered, you can automatically deny access for visitors’ devices and automatically check employees’ devices for compliance with your security policies. You can also set up a ‘Captive Portal’ that gives visitors access to the Internet, but blocks them from accessing your data.

view datasheet: Kaspersky Systems Management

Encryption

Industry-Proven Secure Cryptography

Kaspersky employs an AES encryption algorithm with 256 bits of key length – to ensure strong encryption of your sensitive business data.

Choice of encryption methods

Kaspersky provides file-level encryption (FLE) and full disk encryption (FDE). FDE operates onthe physical sectors of the disk – to deliver encryption that’s ‘close to the hardware’ and also enable an ‘encrypt everything at once’ strategy. FLE offers granular encryption of individual files and helps to enable secure sharing of data across your network.

For a system’s internal hard drive, Kaspersky’s technologies let you use a combination of FLE and FDE – so that the entire hard drive is encrypted and individually encrypted files can be securely shared over your local network. For a group of computers, you can use FDE on each system’s hard drive and use FLE on any removable storage devices. In this way, data on the computer is protected by encryption and data on removable drives is also encrypted to enable secure use outside your corporate network.

Seamlessly integrated with other Kaspersky technologies

Whereas many other encryption products are not integrated within a comprehensive endpoint security solution, Kaspersky’s encryption technologies are part of a unified codebase that has been developed in-house by Kaspersky experts. With this level of integration – plus the Kaspersky Security Center unified management console – you can apply encryptionsettings under the same policy as your anti-malware protection, endpoint controls and other Kaspersky security settings.

‘Best practice’ encryption – that’s transparent for users

All encryption and decryption tasks are performed ‘on the fly’ – and Kaspersky’s technologies ensure that non-encrypted versions of encrypted data are never present on the hard drive. Furthermore, because all encryption and decryption processes are totally transparent to users, the productivity of your users is unaffected by encryption and decryption.

Application privilege control

When using file-level encryption, application privilege control lets administrators set clear data accessencryption rules for specific applications and usage scenarios. Flexible settings make it easy for administrators to manage whether a specific application is blocked from accessing the encrypted data, granted access to the data in its encrypted form or is provided with unencrypted data. The decryption process is transparent to the application.

Application privilege control simplifies the process of creating secure backups, by ensuring encrypted data remains encrypted during transfer, storage and restoration – regardless of the policy settings at the endpoint where the data is being restored. In addition, application privilege control can effectively prevent the exchange of encrypted files via Instant Messaging (IM) or Skype – without restricting the legitimate use of IM or Skype.

Sharing encrypted data outside the business

Users can create password-protected, encrypted, self-extracting packages of files and folders. This enables the secure transfer and sharing of sensitive data – via a removable device, email or the web.

Escrowed key storage

If one of your systems suffers a hardware or application fault, data can still be decrypted by using a device-unique key that is held in escrow within Kaspersky Security Center. So administrators are able to access vital data in the event of a system failure – even if the operating system is unable to boot.

Recovering user’s passwords

If a user loses or forgets their password, a challenge / response mechanism allows the recovery of the pre-boot password and enables access to the encrypted data.

view datasheet: Kaspersky Encryption Technology

Mobile Security**

Protecting mobile devices and corporate data

With a combination of signature-based, proactive and cloud-assisted anti-malware technologies, Kaspersky Endpoint Security for Business ADVANCED protects a wide range of mobile devices against malware. Updates from the cloud-based Kaspersky Security Network help to defend devices against the latest threats.

Application Control

Application Control lets you manage which applications are able to launch on any of the mobile devices that are able to access your network. You can implement a ‘default allow’ policy – so that blacklisted applications are blocked, but all other applications are allowed to run – or a ‘default deny’ policy that only permits whitelisted applications. Kaspersky Endpoint Security for Business ADVANCED can also automatically detect any jailbreak or rooting incidents.

Encrypting corporate data

To help prevent corporate data falling into the wrong hands, Kaspersky Endpoint Security for Business ADVANCED lets you encrypt any corporate data that’s stored on mobile devices. You can encrypt individual files or folders – using file / folder level encryption (FLE). On iOS devices, you can encrypt an entire disk or a partition.

Separating corporate and personal data on BYOD devices

Kaspersky Endpoint Security for Business ADVANCED includes containerisation technologies that let you set up a separate container on a user’s own mobile device – so corporate data can be held within the container and effectively separated from the user’s personal data. The contents of the container can also be automatically encrypted. Furthermore, you can also manage whether individual applications are granted access to specific resources within the device. Containerisation offers valuable support for businesses that run a Bring Your Own Device (BYOD) initiative.

Anti-theft protection

If a mobile device is stolen or lost, special remotely-operated features let you lock the mobile, discover its location and delete any corporate data that’s stored on the device. Even if a new SIM has been fitted to the device, Kaspersky’s SIM Watch technology will automatically send you the mobile device’s new number – allowing you to run the remote lock, find and data wipe functions.

**Only available for mobile platforms specified on the Kaspersky list of supported platforms. Not all features are available for some of the supported mobile platforms.

view datasheet: Kaspersky Security for Mobile

Mobile Device Management***

Efficient mobile management

Kaspersky Endpoint Security for Business ADVANCED includes extensive mobile device management (MDM) functionality – including support for Active Directory, Microsoft Exchange ActiveSync and Apple MDM Server.

Kaspersky’s MDM capabilities help to simplify the deployment of Kaspersky’s mobile security agent and the control of mobile apps and OS. The security agent can be delivered to devices over the air or via a tether – and it’s easy to monitor which devices have completed the necessary security download, and block unprotected devices from accessing the corporate network.

***Only available for mobile platforms specified on the Kaspersky list of supported platforms. Not all features are available for some of the supported mobile platforms.

view datasheet: Mobile Device Management

Controls (Application, Device, Web)

Controlling applications

Kaspersky Endpoint Security for Business ADVANCED includes Application Control tools that help you to manage which applications are permitted to run on your systems – and how they are allowed to run:

• Application Startup Control – gives you control over the launch of an application, so you can block, grant or audit each application;
• Application Monitor – lets you monitor and classify each application as trusted, untrusted or restricted;
• Application Privilege Control – controls whether an application is given access to specific system resources, such as the file system or the registry;
• Easy-to-manage Default Allow and Default Deny policies:- Default Allow blocks blacklisted applications and permits the running of all other applications;
  – Default Deny allows only whitelisted applications to run – and blocks all other applications.

 

Web-enabled whitelisting

Kaspersky’s dynamic whitelisting service assesses the security of commonly used applications – to ensure they’re safe. Whitelist updates are delivered to your systems from the cloud-enabled Kaspersky Security Network – so you can benefit from the very latest whitelist information. Kaspersky is the only security vendor that runs its own Whitelist Lab – with the lab continually issuing whitelist database updates.

Controlling devices

If unauthorised devices are attached to any of your systems, the security of your data and your network could be compromised. Kaspersky Endpoint Security for Business ADVANCED includes Device Control features that let you:

• Manage access privileges for different types of device, different device buses or individual devices;
• Pre-set exactly when your device control policies operate. For example, you may choose to allow users to attach devices only during normal office hours;

 

Controlling web access

Kaspersky Endpoint Security for Business ADVANCED includes Web Control functionality that helps to prevent your corporate network being used to access inappropriate websites. Using Web Control, you can easily monitor and filter each employee’s web browser usage. You can permit, prohibit, limit or audit users’ access to individual websites or categories of websites – including games websites, gambling sites or social networks.

view datasheet: Kaspersky Controls (Web, Device, Application)

Unified Management Console

Kaspersky Endpoint Security for Business ADVANCED is supplied complete with Kaspersky Security Center – the easy-to-use, centralised management console that gives you detailed control over virtually all Kaspersky security technologies running on your IT network. With Kaspersky Security Center giving you a ‘one pane of glass’ management console, you don’t have to waste time learning how to use different management interfaces for different security and systems management tasks.

view datasheet: Kaspersky Security Center: Unified Management Console

Benefits

Anti-malware that’s the cornerstone of your defences

Kaspersky Endpoint Security for Business ADVANCED includes Kaspersky Lab’s latest anti-malware technologies that combine signature-based, proactive and web-assisted protection – for effective, multi-level defence. With automatic updates from the cloud-based Kaspersky Security Network, Kaspersky delivers a rapid response to new and emerging threats.

Preventing exploitation of vulnerabilities in your systems
Cybercriminals are increasingly using unpatched vulnerabilities – in operating systems (OS) and applications – to attack corporate systems and steal data or money. Kaspersky’s vulnerability scanning and patch management capabilities provide centralised control over the detection of application and OS vulnerabilities – and the prioritisation of application / OS patching. Kaspersky Endpoint Security for Business ADVANCED plays a valuable role in helping to eliminate the risk of criminals exploiting vulnerabilities within your systems.

Encrypting sensitive data – to keep your business information private
With its strong encryption algorithm, Kaspersky’s data encryption technology can help to protect your sensitive business information – and your business reputation – in the event of data or devices falling into the wrong hands. Unlike many other data encryption products that can be difficult to deploy and require a separate management console, Kaspersky’s encryption technologies can be controlled from the same easy-to-use management console that manages virtually all other Kaspersky protection features – so it costs you less time and money to keep your data safe.

Systems management – boosts efficiency
As business IT networks continue to become more complex, the task of managing all of the systems your business depends on has become much more difficult and time consuming. Kaspersky Endpoint Security for Business ADVANCED simplifies a vast range of systems management tasks – including configuration, deployment and troubleshooting.

Making it easier to enforce your IT security policies
Application Control, Device Control and Web Control features give your IT team granular control over which applications are able to run on your systems, which IT resources an application can access and how employees are permitted to use removable devices and the Internet.

Protecting mobile devices and simplifying mobile management & BYOD
Adopting a Bring Your Own Device (BYOD) policy can generate cost savings and productivity gains. However, BYOD can also bring significant security risks. By integrating mobile security and mobile device management (MDM), Kaspersky Endpoint Security for Business ADVANCED delivers the protection and ease of management you need to let mobile devices access your systems and data, without introducing security risks for your business.

Immediately ready to manage and protect
Kaspersky Endpoint Security for Business ADVANCED is preconfigured to help you manage and protect your systems – as soon as it’s installed. Furthermore, because it’s supplied with Kaspersky Security Center – our easy-to-use, unified management console – your IT team can quickly introduce new systems management policies and security configurations.

Security that can cover your specific requirements
Whenever you need to add further security solutions to your Kaspersky Endpoint Security for Business ADVANCED solution, just adding one of Kaspersky’s Targeted Security Solutions can give you fully-integrated protection for storage, virtualisation, mail, Internet gateways or collaboration. For our ultimate business security solution, choose Kaspersky TOTAL Security for Business.

Applications

Applications inside Kaspersky Endpoint Security for Business ADVANCED:

• Kaspersky Security Center (including Systems Management and MDM)
• Kaspersky Endpoint Security for Windows
• Kaspersky Endpoint Security for Linux
• Kaspersky Endpoint Security for Mac
• Kaspersky Anti-Virus for Novell NetWare
• Kaspersky Anti-Virus for Linux File Server
• Kaspersky Anti-Virus for Windows Server Enterprise Edition
• Kaspersky Security for Mobile

View system requirements for each application by clicking on the item in the application list above.