Kaspersky Endpoint Protection for Business consistently ranked first place 51 times during previous years and finished in the top three a record 71 percent of the time in independent tests and reviews. Kaspersky’s products all integrate seamlessly with each other, building a multi-layered platform that’s greater than the sum of its parts. This level of integration also translates into enhanced performance, faster updates and a unified look and feel across all solutions – giving you time to focus on what you do best, while Kaspersky Lab takes care of security. But which version is right for you? This article gives a comprehensive comparison between the different editions of Kaspersky Endpoint Security for Business and goes over the differences in each.
There are three editions in Kaspersky Endpoint Security for Business as well as a Cloud Edition
Kaspersky Endpoint Security for Business Select
Stay protected from both known and unknown threats along with advanced threats with their superior technology. The Select version also contains File Server protection mobile protection, and endpoint controls. Application, web and device controls, including dynamic whitelisting supported by Kaspersky’s unique in-house laboratory, add a further dimension to deep endpoint security. Corporate and employee owned (BYOD) mobile devices are also secured, and platforms are unified to be managed, together with all protected endpoints, though the Kaspersky Security Center console. File server protection ensures that infection cannot spread to secured endpoints through stored data.
Detecting Known Threats
From the moment a file is about to be downloaded, web page opened or application launched, Kaspersky Lab’s advanced anti-malware engines simultaneously check, detect and protect against known, unknown and advanced web and mail-based viruses, Trojans, rootkits, worms, spyware, scripts, adware and other known malicious objects and threats.
- Network Attack Blocker – Scans all network traffic, using known signatures to detect and block network-based attacks, including port scanning, denial-of-service (DoS) attacks, buffer overruns and other remote malicious activity
- Blacklisting – Dedicated teams of malware analysts keep Kaspersky Lab’s databases up-to-date with the latest malware signatures and data. These are used to automatically block all known malware
- URL Filtering – Scans and checks all URLs in inbound/outbound traffic against Kaspersky Lab’s database of known malicious and phishing sites, blocking web-based attacks, server side polymorphic malware and ‘command and control’ servers
- Firewall – Analyzes every packet entering and leaving the network, blocking or allowing them. Unauthorized connections are blocked, decreasing the attack surface and possibility of infection. Infected or otherwise compromised machines have their network activity limited, reducing their ability to spread malware and limiting damage.
Detecting Unknown Threats
Once any file has passed through the signature-based checks for known threats, it’s time to take a look at what happens at the moment of the launch attempt. Kaspersky Lab’s multi-layered, proactive technologies analyse and check files as they execute, searching for suspicious or malicious activity that suggests an unknown threat is at play.
- Heuristics – Heuristic analysis provides proactive protection from threats that can’t be detected using conventional anti-virus databases. Kaspersky Lab’s heuristics enable the detection of new malware or unknown modifications to known malware. Static analysis scans code for signs of suspicious commands associated with malware, while dynamic analysis examines the machine code the file might try to execute, responding to emulated ‘calls’ with likely ‘answers’ to establish whether the code is safe or not.
- Heuristic Anti-Phishing – In extremely new phishing attacks where only a small number of users have been affected, Kaspersky Lab’s technology can look for additional evidence of suspicious activity, such as vocabulary, input forms or unreadable sequences of symbols. This is in addition to the more traditional, database-led approach described earlier. Phishing-based threats have been the starting point for many recent, highly dangerous advanced threats.
- Host Intrusion Prevention System (HIPS) – Kaspersky Lab’s HIPS adds an additional layer of protection, detecting and managing suspicious applications and activity, preventing threats from launching. HIPS helps control how applications behave, setting trust levels after the initial analysis. These levels define what resources they can use, what kind of data they can access or modify, etc. It restricts execution of potentially dangerous programs without affecting the performance of authorised, safe applications. An untrusted application will not be allowed to do anything – including launch.
- Application Control & Whitelisting – Application control blocks or allows administrator-specified applications. Kaspersky Lab’s approach is built on Dynamic Whitelisting – continuously updated lists of trusted applications and software categories that are only allowed to run according to specified rules and policies. Kaspersky Lab has a dedicated whitelisting lab and database of more than one billion files, growing at a rate of one million per day. Application Controls and Whitelisting reduce the risks posed by threats we don’t yet know about; most malware is delivered as an executable file that will not be found on any whitelist. Organizations that adopt this approach (and the supporting technologies) can thus prevent any malicious file from executing, without needing to identify or know what those files actually are.
- Kaspersky Security Network – Effectively a global, cloud-based threat laboratory, Kaspersky Security Network detects, analyses and manages known, unknown and new threats and online attack sources in seconds – and delivers that intelligence straight to customer systems. Using real-time, anonymised data from 60 million endpoint sensors globally, every file that passes through Kaspersky Lab protected systems is subject to analysis based on relevant threat intelligence. The same data ensures the most appropriate action is taken; working together with all the other components of Kaspersky Lab’s engine, Kaspersky Security Network enables protection from unknown threats before signatures are available – traditional signature-based responses can take several hours, Kaspersky Security Network takes about 40 seconds.
Detecting Advanced Threats
Kaspersky Lab’s advanced threat detection technologies are designed to detect and block advanced threats, using a range of proactive, sophisticated behavioural mechanisms that monitor process behaviours, discern suspicious patterns, block malicious activities and roll back harmful changes, including Cryptors.
- System Watcher – This monitors and collects data on application
and other important system activities using tracking activities and discerning behavioural patterns. This information is provided to the other Kaspersky Lab protection components we’ve described. Any activity that corresponds to threat patterns is dealt with according to administrator-set policies – or use the default setting, which is to terminate the malicious process and quarantine for later analysis. The driver that intercepts file operations for Kaspersky’s anti-malware component also gathers information on changes made to the registry, while the firewall gathers data on the network activity of applications. All of this information is fed into System Watcher which, in turn, has its own module capable of reacting to complex system events, such as installation of drivers. Malicious actions and destructive behavior patterns suggestive of malware are blocked.
- Automatic Exploit Prevention (AEP) – This technology specifically targets malware that exploits software vulnerabilities. Developed through in-depth analysis of the features and behaviours of the most widespread exploits, the resulting technology is capable of identifying exploit-characteristic behaviour patterns – and blocking them from completion. AEP acts like a safety net, an extra layer of security that complements Kaspersky Lab’s other technologies. It works in conjunction with Kaspersky Lab’s System Watcher.
- Rollback – This continuous, detailed monitoring of systems enables exceptionally accurate system Rollback functionality, limiting the impact of any infection and returning systems to previous, secure parameters. Rollback mechanisms are updatable and work with created and modified executable files, MBR modifications, important Windows files and registry keys.
- Default Deny – Increasingly viewed as the most effective security posture to adopt in the face of ever-evolving, advanced threats. It simply blocks all applications from running on any workstation – unless they’ve been explicitly allowed by the administrator. Default Deny means all new, file-based malware varieties are automatically blocked,even for targeted attacks.
- Application Control with Dynamic Whitelisting — using real-time file reputations delivered by the Kaspersky Security Network, enables IT administrators to allow, block or regulate applications, including operating a ‘Default Deny’ whitelisting scenario in a live or test environment. Application Privilege Control and Vulnerability Scanning monitor applications and restrict those performing suspiciously.
- Web Control — browsing policies can be created around pre-set or customizable categories, ensuring comprehensive oversight and adminstrative efficiency.
- Device Control — granular data policies controlling the connection of removable storage and other peripheral devices can be set, scheduled and enforced, using masks for
simultaneous deployment to multiple devices.
File Server Security
Managed together with endpoint security through Kaspersky Security Center to ensure infections don’t spread through stored data
- Powerful Security for Mobile Devices — advanced, proactive and cloud-assisted technologies combine to deliver multi-layered realtime mobile endpoint protection.
- Web protection, anti-spam and anti-phishing components further increase device security.
- Remote Anti-Theft — Lock, Wipe, Locate, SIM Watch, Alarm, Mugshot and Full or Selective Wipe all prevent unauthorized access to corporate data if a mobile device is lost or stolen. Administrator and end-user enablement, together with Google Cloud Management support, delivers quick activation if required.
- Mobile Application Management (MAM) — Controls limit the user to running whitelisted applications, preventing the deployment of unwanted or unknown software. ‘Application
Wrapping’ isolates corporate data on employee owned devices. Additional encryption or ‘Selective Wipe’ can be remotely enforced.
- Mobile Device Management (MDM) — a unified interface for Microsoft® Exchange ActiveSync and iOS MDM devices with OTA (Over The Air) policy deployment. Samsung KNOX for Android™-based devices is also supported.
- Self-Service Portal — allows self-registration of employee-owned approved devices onto the network with automatic installation of all required certificates and keys, and user/owner emergency activation of anti-theft features, reducing the IT administrative workload.
Kaspersky Endpoint Security for Business Advanced
The Advanced version contains everything in Select plus systems management tools to optimize IT efficiency and security along with integrated encryption to protect sensitive data. Automated patch management and OS image management, remote software distribution and SIEM integration all help to streamline administration, while hardware and software inventories and license management provide visibility and control. Integrated encryption technology adds a powerful layer of data protection.
- Vulnerability and Patch Management — automated OS and application vulnerability detection and prioritization, combined with the rapid automated distribution of patches and updates.
- Operating System Deployment — easy creation, storage and deployment of OS ‘golden’ images from a central location, including UEFI support.
- Software Distribution and Troubleshooting — remote software deployment and application and OS update available on-demand or scheduled, including Wake-on-LAN support. Time-saving remote troubleshooting and efficient software distribution is supported through Multicast technology.
- Hardware and Software Inventories and Licensing Management — identification, visibility and control (including blocking), together with license usage management, provides insight into all software and hardware deployed across the environment, including removable
devices. Software and hardware license management, guest device detection, privilege controls and
access provisioning are also available.
- SIEM Integration — support for IBM® QRadar and HP ArcSight SIEM systems.
- Role Based Access Control (RBAC) — Administrative responsibilities can be assigned across complex networks, with console views customized according to assigned roles and rights.
- Powerful Data Protection — File/Folder (FLE) and Full Disk (FDE) encryption can be applied to endpoints. Support for “portable mode” ensures encryption administration across devices leaving administrative domains.
- Flexible User Login — Pre-boot authentication (PBA) for added security includes optional ‘single sign-on’ for user transparency. 2-factor or token based authentication is also available.
- Integrated Policy Creation — Unique integration of encryption with application and device controls provides an additional layer of enhanced security and administrative ease.
Kaspersky Total Security for Business
The Total version includes everything in Advanced and is for organizations who demand comprehensive security for their entire IT environment. Kaspersky Total Security for Business delivers the most complete platform of protection and management offered in the industry today. Kaspersky Total Security for Business secures every layer of your network and includes powerful configuration tools to ensure your users are productive and free from the threat of malware, regardless of device or location.
Mail Server Security
Effectively prevents email based malware threats, phishing attacks and spam using cloud-based, real-time updates for exceptional capture rates and minimal false positives. Anti-malware protection for IBM® Domino® is also included. DLP functionality for Microsoft Exchange is available separately.
Security for Internet Gateways
Ensures secure Internet access across the organization by automatically removing malicious and potentially hostile programs in HTTP(S) / FTP / SMTP and POP3 traffic.
Defends SharePoint® servers and farms against all forms of malware. DLP functionality for Sharepoint, available separately, provides content and file filtering capabilities identify confidential data and protect against data leakage.
Kaspersky Endpoint Security for Business Cloud
Kaspersky Endpoint Security for Business Cloud Edition is similar to the Select Version but instead of an on-premise console, it has a simple and intuitive cloud-based console along with pre-configured security profiles. It does not include the application control features that the on-premise editions have. Secure desktops, laptops, file servers, smartphones and tablets with multiple layers of protection. And manage it all from a single and intuitive cloud-based console. Because IT security management is hosted in the cloud, Kaspersky Lab has already taken care of infrastructure for you. No additional hardware is required.