Endpoint Security Advanced for Business | Anti-Malware | Kaspersky Lab US

KASPERSKY ENDPOINT SECURITY
FOR BUSINESS Advanced
BOOSTING IT SECURITY & EFFICIENCY - ACROSS
YOUR BUSINESS

  • Anti-malware, endpoint controls & data encryption
  • Patch management plus IT management & efficiency tools
  • Mobile security, MDM… & one console for all functions

Business Benefits

Features

Applications Inside


Reduce Business Risk
and Maximize Efficiency

Because malware is becoming increasingly sophisticated, traditional defenses are no longer sufficient to ensure adequate protection. In addition to award-winning anti-malware, Kaspersky Endpoint Security for Business ADVANCED includes vulnerability scanning and patch management technologies - to help eradicate vulnerabilities within operating systems and application software. Furthermore, flexible encryption functionality helps to protect corporate data in the event of a laptop or removable storage device being lost or stolen.

Anti-malware that's the cornerstone of your defenses

Kaspersky Endpoint Security for Business ADVANCED includes Kaspersky Lab's latest anti-malware technologies that combine signature-based, proactive and web-assisted protection - for effective, multi-level defense. With automatic updates from the cloud-based Kaspersky Security Network, Kaspersky delivers a rapid response to new and emerging threats.

Preventing exploitation of vulnerabilities in your systems

Cybercriminals are increasingly using unpatched vulnerabilities - in operating systems (OS) and applications - to attack corporate systems and steal data or money. Kaspersky's vulnerability scanning and patch management capabilities provide centralized control over the detection of application and OS vulnerabilities - and the prioritization of application / OS patching. Kaspersky Endpoint Security for Business ADVANCED plays a valuable role in helping to eliminate the risk of criminals exploiting vulnerabilities within your systems.

Encrypting sensitive data - to keep your business information private

With its strong encryption algorithm, Kaspersky’s data encryption technology can help to protect your sensitive business information – and your business reputation – in the event of data or devices falling into the wrong hands. Unlike many other data encryption products that can be difficult to deploy and require a separate management console, Kaspersky’s encryption technologies can be controlled from the same easy-to-use management console that manages virtually all other Kaspersky protection features – so it costs you less time and money to keep your data safe.

Systems management - boosts efficiency

As business IT networks continue to become more complex, the task of managing all of the systems your business depends on has become much more difficult and time consuming. Kaspersky Endpoint Security for Business ADVANCED simplifies a vast range of systems management tasks – including configuration, deployment and troubleshooting.

Making it easier to enforce your IT security policies

Application Control, Device Control and Web Control features give your IT team granular control over which applications are able to run on your systems, which IT resources an application can access and how employees are permitted to use removable devices and the Internet.

Protecting mobile devices and simplifying mobile management & BYOD

Adopting a Bring Your Own Device (BYOD) policy can generate cost savings and productivity gains. However, BYOD can also bring significant security risks. By integrating mobile security and mobile device management (MDM), Kaspersky Endpoint Security for Business ADVANCED delivers the protection and ease of management you need to let mobile devices access your systems and data, without introducing security risks for your business.

Immediately ready to manage and protect

Kaspersky Endpoint Security for Business ADVANCED is preconfigured to help you manage and protect your systems - as soon as it's installed. Furthermore, because it's supplied with Kaspersky Security Center - our easy-to-use, unified management console - your IT team can quickly introduce new systems management policies and security configurations.

Security that can cover your specific requirements

Whenever you need to add further security solutions to your Kaspersky Endpoint Security for Business ADVANCED solution, just adding one of Kaspersky's Targeted Security Solutions can give you fully-integrated protection for storage, virtualization, mail, Internet gateways or collaboration. For our ultimate business security solution, choose Kaspersky TOTAL Security for Business.

Kaspersky Endpoint Security for Business ADVANCED delivers efficiency boosting systems management capabilities plus an array of security technologies - and you can control it all from one management console.

     
  •  Anti-Malware for Workstations
  • Superior anti-malware for your systems

    Kaspersky Endpoint Security for Business ADVANCED delivers Kaspersky’s latest anti-malware engine – with a combination of signature-based, heuristic and cloud-assisted technologies. Since 2004, Kaspersky has won the greatest number of gold and platinum awards – across all testing categories – from the third-party Anti-Malware Test Lab.

    Security for heterogeneous IT environments*

    By providing anti-malware protection for a range of platforms – including Mac, Linux and Windows – Kaspersky Endpoint Security for Business ADVANCED helps you to secure a wider range of your systems… including the new Windows 8 operating system.

    Protection against the latest malware

    Because new malware is constantly being unleashed on the world, Kaspersky delivers malware database updates much more frequently than many other anti-malware vendors – so you’re better protected against zero-day threats. Our pattern-based signatures combine improved detection and smaller update files – to deliver effective protection, with less load on your systems.

    Even earlier protection

    Kaspersky’s Urgent Detection System database is continually being updated with data about the latest malware discoveries – so we can help to protect your systems against new threats, before the release of a new malware signature.

    Automatic monitoring of application behavior

    As soon as an application launches on any of your computers, Kaspersky’s System Watcher starts to monitor the application and assess its behavior. If System Watcher detects any suspicious behavior within an application, Kaspersky Endpoint Security for Business ADVANCED automatically blocks the application.

    Deeper levels of protection

    Kaspersky’s Active Disinfection technology works at the lowest levels of a computer’s operating system – to protect against malicious code.

    The power of the cloud

    The cloud-based Kaspersky Security Network (KSN) automatically gathers data about suspicious behaviour and malware on millions of consenting customers’ computers. Armed with this real-time data, Kaspersky Endpoint Security for Business ADVANCED can respond much more rapidly to new malware – and also cut the incidence of ‘false positives’ that can affect your productivity. Third-party assessments have shown that the Kaspersky Security Network helps Kaspersky to respond to new threats in as little as 0.02 seconds.

    Protection against hacker attacks

    Kaspersky Endpoint Security for Business ADVANCED includes Kaspersky’s Host-based Intrusion Prevention System (HIPS) and personal firewall. Flexible tools let you control inbound and outbound traffic – by setting up parameters for an individual port, IP address or application.

    Blocking attacks on your network

    With its Network Attack Blocker feature, Kaspersky Endpoint Security for Business ADVANCED detects and monitors suspicious activity on your network. You can preconfigure how your systems respond when suspicious behaviour is detected.

    *Not all features are available on all platforms.

  •  Anti-Malware for File Servers
  • VIEW DATASHEET
    Kaspersky Security for File Server:
    Reliable Protection for Intellectual Property

    Protecting heterogeneous environments

    With its world-class antivirus engine – plus optimised scanning – Kaspersky Endpoint Security for Business ADVANCED provides anti-malware protection for file servers running Windows, Linux or FreeBSD..… with little impact on performance. In addition to running on cluster servers, Kaspersky’s anti-malware application also protects Citrix and Microsoft terminal servers.

    Resilient anti-malware

    In the event of one of your systems developing a fault or suffering an unplanned shut down, Kaspersky’s anti-malware application will re-launch when your file server restarts.

    Easy to manage – and flexible reporting

    Flexible management and reporting features make it easier and quicker to set up file server security and generate reports.

    Protects virtualized environments

    Kaspersky anti-malware for file servers is VMware Ready certified.

  •  Systems Management
  • Asset management – hardware, software and licenses

    Today’s complex IT environments make it difficult for a business to keep track of all of the hardware and software assets on their network. If administrators can’t see every asset, how can they be sure they’re applying the correct controls and protection?

    With Kaspersky Endpoint Security for Business ADVANCED, all devices and software on the network are automatically discovered and recorded in hardware and software inventories. Greater visibility of your hardware and software assets makes it easier for you to assess the security status of each system and apply the appropriate security settings. In addition, because the software inventory includes information about licenses and expiry dates, Kaspersky Endpoint Security for Business ADVANCED helps to enable centralized license provisioning and tracking of any breaches of license conditions.

    Patch and vulnerability management

    Working with the Microsoft WSUS database and Kaspersky’s own database of application and operating system vulnerabilities, Kaspersky Endpoint Security for Business ADVANCED automatically scans your corporate network for unpatched vulnerabilities. It can regularly synchronize data on Microsoft updates and hotfixes and apply them to your systems. For many non-Microsoft applications, information about new patches is downloaded from Kaspersky’s servers.

    Operating system (OS) deployment

    Kaspersky Endpoint Security for Business ADVANCED automates the creation and cloning of computer images – to save you time and help to optimize operating system deployment. Images can be stored in a special inventory that’s ready for access during deployment.

    Application provisioning

    Kaspersky Endpoint Security for Business ADVANCED simplifies the distribution of applications. Administrators can deploy software on command or can schedule it for outside normal office hours. The software deployment process is entirely transparent to users.

    Remote troubleshooting and deployment

    With remote access to any computer on the corporate network, Kaspersky Endpoint Security for Business ADVANCED helps administrators to resolve problems efficiently. Furthermore, when you need to deploy new software at a remote office, you can reduce the load on your network by using one local workstation as the update agent for the whole site.

    Network Admission Control

    Kaspersky Endpoint Security for Business ADVANCED makes it easy for you to control admission to your network – to help protect against malware entering your systems. Because devices are automatically discovered, you can automatically deny access for visitors’ devices and automatically check employees’ devices for compliance with your security policies. You can also set up a ‘Captive Portal’ that gives visitors access to the Internet, but blocks them from accessing your data.

  •  Encryption
  • Industry-Proven Secure Cryptography

    Kaspersky employs an AES encryption algorithm with 256 bits of key length – to ensure strong encryption of your sensitive business data.

    Choice of encryption methods

    Kaspersky provides file-level encryption (FLE) and full disk encryption (FDE). FDE operates on the physical sectors of the disk – to deliver encryption that’s ‘close to the hardware’ and also enable an ‘encrypt everything at once’ strategy. FLE offers granular encryption of individual files and helps to enable secure sharing of data across your network.

    For a system’s internal hard drive, Kaspersky’s technologies let you use a combination of FLE and FDE – so that the entire hard drive is encrypted and individually encrypted files can be securely shared over your local network. For a group of computers, you can use FDE on each system’s hard drive and use FLE on any removable storage devices. In this way, data on the computer is protected by encryption and data on removable drives is also encrypted to enable secure use outside your corporate network.

    Seamlessly integrated with other Kaspersky technologies

    Whereas many other encryption products are not integrated within a comprehensive endpoint security solution, Kaspersky’s encryption technologies are part of a unified codebase that has been developed in-house by Kaspersky experts. With this level of integration – plus the Kaspersky Security Center unified management console – you can apply encryption settings under the same policy as your anti-malware protection, endpoint controls and other Kaspersky security settings.

    ‘Best practice’ encryption – that’s transparent for users

    All encryption and decryption tasks are performed ‘on the fly’ – and Kaspersky’s technologies ensure that non-encrypted versions of encrypted data are never present on the hard drive. Furthermore, because all encryption and decryption processes are totally transparent to users, the productivity of your users is unaffected by encryption and decryption.

    Application privilege control

    When using file-level encryption, application privilege control lets administrators set clear data access encryption rules for specific applications and usage scenarios. Flexible settings make it easy for administrators to manage whether a specific application is blocked from accessing the encrypted data, granted access to the data in its encrypted form or is provided with unencrypted data. The decryption process is transparent to the application.

    Application privilege control simplifies the process of creating secure backups, by ensuring encrypted data remains encrypted during transfer, storage and restoration – regardless of the policy settings at the endpoint where the data is being restored. In addition, application privilege control can effectively prevent the exchange of encrypted files via Instant Messaging (IM) or Skype – without restricting the legitimate use of IM or Skype.

    Sharing encrypted data outside the business

    Users can create password-protected, encrypted, self-extracting packages of files and folders. This enables the secure transfer and sharing of sensitive data – via a removable device, email or the web.

    Escrowed key storage

    If one of your systems suffers a hardware or application fault, data can still be decrypted by using a device-unique key that is held in escrow within Kaspersky Security Center. So administrators are able to access vital data in the event of a system failure – even if the operating system is unable to boot.

    Recovering user’s passwords

    If a user loses or forgets their password, a challenge / response mechanism allows the recovery of the pre-boot password and enables access to the encrypted data.

  •  Mobile Security**
  • Protecting mobile devices and corporate data

    With a combination of signature-based, proactive and cloud-assisted anti-malware technologies, Kaspersky Endpoint Security for Business ADVANCED protects a wide range of mobile devices against malware. Updates from the cloud-based Kaspersky Security Network help to defend devices against the latest threats.

    Application Control

    Application Control lets you manage which applications are able to launch on any of the mobile devices that are able to access your network. You can implement a ‘default allow’ policy – so that blacklisted applications are blocked, but all other applications are allowed to run – or a ‘default deny’ policy that only permits whitelisted applications. Kaspersky Endpoint Security for Business ADVANCED can also automatically detect any jailbreak or rooting incidents.

    Encrypting corporate data

    To help prevent corporate data falling into the wrong hands, Kaspersky Endpoint Security for Business ADVANCED lets you encrypt any corporate data that’s stored on mobile devices. You can encrypt individual files or folders – using file / folder level encryption (FLE). On iOS devices, you can encrypt an entire disk or a partition.

    Separating corporate and personal data on BYOD devices

    Kaspersky Endpoint Security for Business ADVANCED includes containerization technologies that let you set up a separate container on a user’s own mobile device – so corporate data can be held within the container and effectively separated from the user’s personal data. The contents of the container can also be automatically encrypted. Furthermore, you can also manage whether individual applications are granted access to specific resources within the device. Containerization offers valuable support for businesses that run a Bring Your Own Device (BYOD) initiative.

    Anti-theft protection

    If a mobile device is stolen or lost, special remotely-operated features let you lock the mobile, discover its location and delete any corporate data that’s stored on the device. Even if a new SIM has been fitted to the device, Kaspersky’s SIM Watch technology will automatically send you the mobile device’s new number – allowing you to run the remote lock, find and data wipe functions.

    **Only available for mobile platforms specified on the Kaspersky list of supported platforms. Not all features are available for some of the supported mobile platforms.

  •  Mobile Device Management***
  • VIEW DATASHEET
    Mobile Device Management

    Efficient mobile management

    Kaspersky Endpoint Security for Business ADVANCED includes extensive mobile device management (MDM) functionality – including support for Active Directory, Microsoft Exchange ActiveSync and Apple MDM Server.

    Kaspersky’s MDM capabilities help to simplify the deployment of Kaspersky’s mobile security agent and the control of mobile apps and OS. The security agent can be delivered to devices over the air or via a tether – and it’s easy to monitor which devices have completed the necessary security download, and block unprotected devices from accessing the corporate network.

    ***Only available for mobile platforms specified on the Kaspersky list of supported platforms. Not all features are available for some of the supported mobile platforms.

  •  Controls (Application, Device, Web)
  • Controlling applications

    Kaspersky Endpoint Security for Business ADVANCED includes Application Control tools that help you to manage which applications are permitted to run on your systems – and how they are allowed to run:

    • Application Startup Control – gives you control over the launch of an application, so you can block, grant or audit each application
    • Application Monitor – lets you monitor and classify each application as trusted, untrusted or restricted
    • Application Privilege Control – controls whether an application is given access to specific system resources, such as the file system or the registry
    • Easy-to-manage Default Allow and Default Deny policies:
      • Default Allow blocks blacklisted applications and permits the running of all other applications
      • Default Deny allows only whitelisted applications to run – and blocks all other applications

    Web-enabled whitelisting

    Kaspersky’s dynamic whitelisting service assesses the security of commonly used applications – to ensure they’re safe. Whitelist updates are delivered to your systems from the cloud-enabled Kaspersky Security Network – so you can benefit from the very latest whitelist information. Kaspersky is the only security vendor that runs its own Whitelist Lab – with the lab continually issuing whitelist database updates.

    Controlling devices

    If unauthorized devices are attached to any of your systems, the security of your data and your network could be compromised. Kaspersky Endpoint Security for Business ADVANCED includes Device Control features that let you:

    • Manage access privileges for different types of device, different device buses or individual devices
    • Pre-set exactly when your device control policies operate. For example, you may choose to allow users to attach devices only during normal office hours

    Controlling web access

    Kaspersky Endpoint Security for Business ADVANCED includes Web Control functionality that helps to prevent your corporate network being used to access inappropriate websites. Using Web Control, you can easily monitor and filter each employee’s web browser usage. You can permit, prohibit, limit or audit users’ access to individual websites or categories of websites – including games websites, gambling sites or social networks.

  •  Unified Management Console
  • VIEW DATASHEET
    Kaspersky Security Center:
    Unified Management Console

    Kaspersky Endpoint Security for Business ADVANCED is supplied complete with Kaspersky Security Center – the easy-to-use, centralized management console that gives you detailed control over virtually all Kaspersky security technologies running on your IT network. With Kaspersky Security Center giving you a ‘one pane of glass’ management console, you don’t have to waste time learning how to use different management interfaces for different security and systems management tasks.