With today’s sophisticated malware and Internet-based attacks, signature-based security software is no longer enough to provide an adequate level of protection for businesses. Kaspersky Endpoint Security for Business ADVANCED delivers Kaspersky Lab’s award-winning anti-malware technologies plus a host of other security functions – so your business benefits from multi-layer defences. Vulnerability scanning and patch management technologies help to eradicate vulnerabilities within your operating systems and application software, while data encryption helps to safeguard confidential business information if a laptop is lost or unauthorised users try to steal data.
Advanced anti-malware – for multi-layer protection
Kaspersky’s latest anti-malware solution combines signature-based technologies, heuristic analysis and cloud-assisted protection. Updates are automatically delivered from the cloud-assisted Kaspersky Security Network (KSN) – to ensure users benefit from an extremely rapid response to new threats.
Eliminating vulnerabilities on your network
Today, unpatched vulnerabilities – within operating systems or applications – have become one of the most common ways for cybercriminals to attack corporate networks. Kaspersky Endpoint Security for Business ADVANCED includes automatic vulnerability scanning – to identify vulnerability issues – plus easy-to-use patch management functions that let you prioritise and automatically distribute patches across your corporate network. By giving you centralised control over vulnerability detection and patch distribution, Kaspersky makes it easier to eliminate the risk of criminals exploiting vulnerabilities on your network.
Keeping sensitive business information confidential
If any of your confidential business data falls into the wrong hands, that could damage important business relationships and your company’s reputation. Kaspersky Endpoint Security for Business ADVANCED includes data encryption technology that uses a strong encryption algorithm. Whereas some vendors’ encryption offerings can be complex to set up, Kaspersky’s data encryption functions can be managed from the same easy-to-use management console that you use to control virtually all other Kaspersky security technologies running on your network.
Extensive IT systems management capabilities
With corporate IT environments becoming more diverse and complex, the sheer volume of essential, day-to-day systems management tasks can start to overwhelm many business’s IT departments. Kaspersky Endpoint Security for Business ADVANCED delivers a wide range of systems management functionality that simplifies and automates an array of tasks – including configuration, deployment and remote troubleshooting.
Establishing and enforcing your corporate IT security policies
Flexible control features – including Application Control, Device Control and Web Control – let you manage which applications are allowed to launch and run on your network, which IT resources each application is able to access, how your users are permitted to use removable devices and which websites or Internet resources your users are allowed to access.
Securing mobile devices & BYOD – with broad mobile security and MDM capabilities
Although Bring Your Own Device (BYOD) schemes can help to reduce costs and boost efficiency, letting employees use their mobile devices to access corporate systems can also introduce additional security problems. Kaspersky Endpoint Security for Business ADVANCED brings you fully integrated mobile security and mobile device management (MDM) – so your business benefits from robust security and ease of management.
Preconfigured – ready to protect and manage your IT
Because Kaspersky Endpoint Security for Business ADVANCED is preconfigured, it starts working as soon as you’ve installed it. In addition, as it includes Kaspersky’s simple-to-use, unified management console – Kaspersky Security Center – you can rapidly set up your IT management policies and configure your IT security.
Adding to your security – when you need to
Kaspersky Endpoint Security for Business ADVANCED includes a vast array of IT security and systems management technologies. However, if you need to protect additional, specialist infrastructure you can add any of Kaspersky’s Targeted Security Solutions – including protection for mail, Internet gateways, storage, virtualisation or collaboration..
Kaspersky Endpoint Security for Business ADVANCED offers a tightly integrated combination of superior security technologies and far-reaching systems management capabilities, which can all be controlled via a single management console.
Protecting Mac, Linux and Windows PCs and laptops
Award-winning anti-malware protection
Kaspersky’s latest anti-malware engine combines signature-based technologies, heuristic analysis and cloud-assisted technologies. In the period since 2004, Kaspersky has been awarded the highest number of platinum and gold awards – across all testing categories – by the independent Anti-Malware Test Lab.
Protecting complex, heterogeneous IT estates*
Kaspersky Endpoint Security for Business ADVANCED helps businesses to protect a wide variety of platforms, such as Mac, Linux and Windows – including the new Windows 8.1 and OS X 10.9 Mavericks operating systems.
Defending against new malware threats
Because cybercriminals are continually launching new and more complex malware, it’s vital that your defences are as up-to-date as possible. Kaspersky delivers malware database updates on a much more frequent basis than is offered by many other security software providers. In addition, Kaspersky’s use of pattern-based signatures helps to improve malware detection rates, reduce the size of update files and reduce the load on your IT resources..
Urgent Detection System
Kaspersky continually updates its Urgent Detection System database, with its latest information about newly discovered malware. This means Kaspersky can help to defend your IT infrastructure against emerging threats – even before a new malware signature can be released.
With its Active Disinfection technology, Kaspersky can deliver protection against malicious code at the lowest levels of a computer’s operating system.
Monitoring how your applications behave
When an application launches on your corporate network, Kaspersky’s System Watcher technology will monitor the application’s behaviour. If any suspicious behaviour is detected, Kaspersky Endpoint Security for Business ADVANCED will automatically block the application.
Preventing attacks by hackers
Kaspersky’s Host-based Intrusion Prevention System (HIPS) and personal firewall help you to manage and control both inbound and outbound traffic. You can set parameters for individual ports, IP addresses or specific applications.
Network Attack Blocker
Kaspersky Endpoint Security for Business ADVANCED includes a special Network Attack Blocker feature that detects and monitors suspicious activities on your corporate network. The feature also lets you preconfigure how your systems will react if any suspicious behaviour is identified.
Kaspersky Endpoint Security for Business ADVANCED includes Kaspersky Security Network (KSN) – a cloud-based service that automatically collects information about suspicious behaviour and malware on millions of consenting customers’ computers. This real-time flow of information ensures that Kaspersky can deliver a faster response to the emergence of new malware – and helps to minimise the occurrence of ‘false positives’. Independent assessments confirm that KSN helps Kaspersky to identify new threats within as little as 0.02 seconds.
Kaspersky’s award-winning antivirus engine delivers rigorous anti-malware protection for file servers running Windows, Linux or FreeBSD. Optimised scanning helps to ensure there’s minimal impact on the performance of your servers. In addition to running on cluster servers, Kaspersky anti-malware also protects Microsoft and Citrix terminal servers.
Robust anti-malware protection
If one of your file servers develops a fault, Kaspersky’s anti-malware technologies will automatically re-launch when your file server restarts.
Manageability and reporting
Easy-to-use management and reporting features help to cut the time taken to set up security for your file servers and to create detailed reports.
Keeping track of all of the hardware and software assets on the corporate network can be challenging. However, it’s a vital task – to help ensure your administrators can identify every asset and apply the appropriate controls and security to every component.
Kaspersky Endpoint Security for Business ADVANCED automatically discovers every device and software item that’s present on your corporate network. Every asset is then recorded within a hardware inventory or a software inventory – so it’s easier for you to manage security for each item.
The software inventory includes information about licences and expiry dates, to help you centralise licence provisioning and ensure licences are renewed at the appropriate time.
Vulnerability scanning and patch management
Kaspersky Endpoint Security for Business ADVANCED can automatically scan your corporate network to detect the presence of any unpatched vulnerabilities within operating systems or applications. It works with the Microsoft WSUS database, the Secunia Vulnerability Database and Kaspersky’s own database of vulnerabilities. Kaspersky Endpoint Security for Business ADVANCED can regularly synchronise data on Microsoft hotfixes and updates – and then install them across your network – while also downloading information about patches for your non-Microsoft applications, directly from Kaspersky’s servers.
Simplify the deployment of operating systems
Kaspersky systems management technologies can save you time by automating the creation and cloning of computer images. You can store your images within a special inventory, so they’re available for access during deployment.
Kaspersky also simplifies the distribution of applications across your IT infrastructure. The application deployment process is totally transparent to your users – and software can be deployed on command or you can set up a schedule for after office hours.
Remote access features help administrators to perform remote troubleshooting on any computer on the corporate network. In addition, if you need to install new applications at a remote office, you can use one local workstation as the update agent that delivers the new application to every other computer on the remote site – so you can reduce network traffic.
Network Access Control
For security and anti-malware protection, it’s essential that businesses are able to control whether individual devices are permitted or denied access to the corporate network. Because Kaspersky Endpoint Security for Business ADVANCED automatically discovers devices, administrators can automatically block a visitor’s device from accessing the network. Similarly, employees’ devices can be automatically checked for the presence of malware and to ensure they are running the security software that you require. If a device is found to contain malware – or isn’t running your mandatory security software – Kaspersky Endpoint Security for Business ADVANCED will automatically block it from your network.
If you wish to allow visitors to access the Internet – but not access your corporate systems and data – it’s easy to set up a captive portal.
Kaspersky Endpoint Security for Business ADVANCED includes data encryption technology that uses an AES encryption algorithm with 256 bits of key length. This ensures strong encryption of your business’s confidential information.
Data encryption choices
Both file-level encryption (FLE) and full disk encryption (FDE) are included within Kaspersky Endpoint Security for Business ADVANCED:
FDE operates on the physical sectors of the disk – for encryption that’s ‘close to the hardware’. FDE also helps you to operate an ‘encrypt everything at once’ strategy.
FLE lets you encrypt individual files or folders. It can be very useful in enabling the secure sharing of confidential information across your network.
You can also use a combination of FLE and FDE, so that an entire hard drive can be encrypted and individually encrypted files can also be securely shared over your local network.
For a group of computers, you can use FDE to encrypt the data on each computer’s hard drive, while also using FLE to encrypt the data held on removable storage devices. By using this combination, the data on each computer is encrypted and the information that’s stored on the removable drives is also encrypted for secure use outside your network.
Integrated encryption enhances manageability
Although many vendors’ encryption products are not delivered as part of an integrated IT security solution, Kaspersky’s encryption technologies are one component within a unified codebase that has all been developed by Kaspersky’s in-house security experts. This level of integration makes it easier for you to apply encryption settings as part of the same policies that cover your anti-malware defences, endpoint controls and settings for other Kaspersky protection technologies.
Encryption that’s transparent to users
Kaspersky Endpoint Security for Business ADVANCED performs all encryption and decryption processes ‘on the fly’. The processes ensure that there’s no need for any non-encrypted versions of encrypted data to be present on any of your hard drives. As the encryption and decryption processes are transparent to your users, encryption and decryption needn’t affect your users’ productivity.
Application privilege control
Application privilege control lets you set up specific access encryption rules for applications and usage scenarios, when you’re performing file-level encryption tasks. It’s easy to manage whether an individual application is:
Permitted to access data in its encrypted state, or
Is allowed to access the data in unencrypted form, or
Is totally blocked from accessing the data
The decryption process is transparent to the application.
Application privilege control helps you to ensure that encrypted data remains encrypted during transfer, storage and restoration – regardless of the policy settings at the endpoint where the data is being restored. Application privilege control can also block the exchange of encrypted files via Skype or Instant Messaging – while not affecting the legitimate use of Skype and Instant Messaging.
Securely transferring encrypted data
By enabling users to generate password-protected, encrypted, self-extracting packages of files and folders, Kaspersky’s encryption technologies help in the secure transfer and sharing of confidential information via email, the Internet or removable storage devices.
Escrowed storage of decryption keys
In the event of a system failure – even if a computer’s operating system is unable to boot – administrators can still decrypt data by using a device-unique key that is held in escrow within Kaspersky Security Center.
Recovering forgotten passwords
When a user forgets their password, a challenge / response mechanism helps them to recover their pre-boot password.
Security for mobile devices – and the data stored on them
Kaspersky Endpoint Security for Business ADVANCED offers a multi-layer combination of signature-based anti-malware protection, heuristic analysis and cloud-assisted technologies – to protect a wide range of mobile platforms.
Control tools for mobile devices
Using Application Control, administrators can manage and restrict the usage of applications – so that only company-approved software is allowed to run and unwanted or grey applications are not able to launch.
Web Control tools help administrators to block malicious websites and also control access to sites that don’t conform to corporate security or usage policies – such as social media, gambling, retail, recruitment and adult sites, plus proxy servers.
In addition, Kaspersky technologies automatically detect any rooting or jailbreak incidents.
Enabling encryption on mobile devices
To help prevent your business data falling into the wrong hands, Kaspersky Endpoint Security for Business ADVANCED makes it easy to enable and manage the encryption features that are included on most popular mobile devices.
Containerising corporate data for BYOD
Kaspersky Endpoint Security for Business ADVANCED lets you separate corporate data and personal data on the user’s mobile device. By setting up a special container for corporate applications, you can apply an additional layer of security for your corporate data – including the ability to encrypt the container and / or demand additional user authorisation before a containerised application is allowed to launch.
If an employee leaves the company, you can selectively wipe the container and all related corporate data, while leaving the owner’s personal information untouched – to help ensure you benefit from a more secure BYOD implementation.
Mobile anti-theft technologies
Remotely-operated anti-theft technologies help you to protect data that’s stored on a lost or stolen mobile device. You can lock the missing device, find its approximate location and delete any confidential business information that’s stored on it. If a thief fits a new SIM card to a stolen device, the SIM Watch feature will send you the new phone number for the device. You’re then able to run the remote lock, find and data wiping functions.
With far-reaching mobile device management (MDM) capabilities – including full support for Microsoft Exchange ActiveSync, Apple MDM Server and Samsung SAFE – Kaspersky Endpoint Security for Business ADVANCED simplifies the distribution of Kaspersky mobile security software and the task of configuring mobile application controls.
Kaspersky’s security software can be delivered to mobile devices over the air or via a tether. Administrators can:
Enforce PIN settings
Define the required complexity for passwords
Control encryption features
Prevent the use of the mobile device’s camera
Manage other related features
There is no need to use separate consoles – all MDM and mobile security actions can be performed from Kaspersky’s single management console.
**Only available for mobile platforms that are included in Kaspersky’s list of supported platforms. Some features are not available for some of the supported mobile platforms.
Application Control, Device Control and Web Control
Easy-to-configure Application Control tools assist administrators in managing which applications are allowed to launch on the corporate network – and also control how the applications are permitted to run:
Application Startup Control – controls the launch of each application, so you can easily allow, block or audit individual applications
Application Monitor – monitors programs and lets you categorise them as ‘untrusted’, ‘restricted’ or ‘trusted’ applications
Application Privilege Control – lets you control whether an application is allowed to access specific system resources, including the registry and the file system
A choice of Default Allow or Default Deny:
Default Allow automatically blocks blacklisted applications, but allows other applications to run
Default Deny automatically blocks any applications that are not whitelisted
Kaspersky is the only security vendor that has invested in setting up its own Whitelist Lab. The lab is responsible for assessing the security of commonly used applications and continually issuing updates for Kaspersky’s whitelist database of applications that are safe to run.
The whitelist updates are delivered from the cloud-enabled Kaspersky Security Network, to ensure Kaspersky customers benefit from up-to-date whitelisting data.
Controls for devices
Small, removable devices can be easily attached to computers – so businesses need to guard against the use of unauthorised devices that may be a source of malware or can be used to steal corporate information. Kaspersky’s Device Control technologies let you:
Control the access privileges granted to devices. You can set different privileges for:
Different types of device
Different device buses
A specific individual device
Manage the times during which your selected device control policies are in operation – for example, to prevent the use of removable devices after office hours
Controls for web access
Web Control technologies let you monitor and filter each employee’s web browser usage. You can allow, block, limit or audit users’ access to individual websites or categories of websites – including games websites, gambling sites or social networks – and ensure employees are not using the corporate network to access inappropriate content from the Internet.
Kaspersky Endpoint Security for Business ADVANCED includes Kaspersky Security Center – the centralised management console that simplifies the management of virtually all Kaspersky security technologies that you run on your corporate network. The use of a single management console – for an array of different systems management and IT security tasks – means administrators don’t have to keep switching between different management interfaces for different day-to-day administration activities.
The following Kaspersky applications are all included within Kaspersky Endpoint Security for Business ADVANCED: