Kaspersky Lab Endpoint Security for Business
Strengths: Very comprehensive and full of features.
Weaknesses: Reporting does not address, explicitly, reports intended for supporting regulatory compliance.
Verdict: This is one of the strong players in this field. Although it shows, clearly, a legacy of anti-malware (to the point where it still refers to “anti-virus,” even though it really addresses all malicious software), this tool is a capable contender for endpoint security in general.
Kaspersky Endpoint Security for Business (KESB) is a platform for securing endpoints at each layer of the network. KESB protects against known, unknown and advanced threats, identifies vulnerabilities, distributes patches, provides systems management capabilities and secures web gateways, email and collaboration servers. It is among the most full-featured of the tools we looked at this month, even though it is built out from anti-malware, Kaspersky's traditional strong point.
We dropped into the landing screen of the Security Centre. This is where everything is managed. The primary focus is anti-malware. This covers such things as deployment protection settings, monitoring, management, etc. From the Security Centre we deployed endpoint agents. The tool has auto-detection and that is the first step. Discovery can be tied to Active Directory for discovery - but it does not change AD based on changes in Security Centre - and will revert to a ping sweep if necessary. We found deployment of agents to be very straightforward. The tool has excellent, and granular, drill-down to the details of each device on the network.
The tool also covers patch management in two ways: third-party systems and Windows. For Windows, for example, it can access Windows Update Service to push out Windows updates to all affected devices. There is a similar approach for third-party patch management tools with which it is compatible. For efficiency, the system allows distributed update agents. These are updated and all devices managed by the update agents then updated from the agent rather than updating individually over the network.
The anti-malware runs in layers of protection, so we went to the General Protection Settings, which allowed us to configure anti-malware functions broadly. Functionality of everything running on the endpoint is monitored by the System Watcher. This looks for malicious activity and, for example in ransomware, it would note the malicious activity rather than the malware itself. There are several other anti-malware functions that cover files, mail, web and instant messaging. The Kaspersky Security Network is a cloud-based database that provides reputation services for both file and source reputation.
The offering has a software-based firewall. The firewall rules include application controls, network packets and networks allowed or denied. Associated with the firewall - though not explicitly part of it - is the network attack blocker, which is basically an intrusion detection and prevention system. Finally, we configured the BadUSB functions, which are not on by default.
The system offers encryption of the full disk, files and folders and removable devices. This is the company's own encryption based on AES256 and are compatible with BitLocker. We decided to set up custom folder and file encryption for sensitive files using the Kaspersky encryption. We also set up removable drive encryption, selecting file and folder encryption in portable mode so that we didn't need to plug into a Kaspersky-managed system to use it. By forcing this, we can avoid data leakage via removable drives in clear text.
Executables and dlls can be white or blacklisted at your choice and each one can be granularly controlled by users or groups. We selected whitelisting since that says to deny everything not on our list, obviating the need to know every bad application in existence all of the time. The device control policy allows control of removable drives. That, plus the encryption, gave us a reasonable level of DLP.
Finally, we set up web control to provide content filtering. This is content filtering only and does not look for malware. That is covered by Web AV which we set up earlier. We could have set up protection for mobile devices (iOS and Android), but as we have none on our test enterprise, we did not. This functionality is typical of mobile device management systems.
Reporting is comprehensive. You can create your own reports and, unlike many similar products, you can modify the report templates for existing, supplied reports. While there are no reports explicitly for regulatory compliance, since report creation is so simple, you can create your own. Finally, all data can be exported to SIEMs.
Pricing is mid-range and support is comprehensive. The website is what one would expect from a company with Kaspersky's experience, and documentation is extensive as well.