Kaspersky Endpoint Security for Windows

FEATURES AND BENEFITS

ML-driven threat protection that's effective even without regular updates

Our comprehensive, independently tested solutions are powered by multi-layered, next-generation protection that minimizes the opportunities for threats to reach endpoints while reliably identifying and blocking the ones that do.

Several signature-less components, such as HIPS, Kaspersky Security Network, Behavior Detection and Exploit Prevention, help to detect threats even without frequent updates. Protection is powered by static machine learning for pre-execution stages and dynamic machine learning for post-execution stages. Behavior Detection analyzes process activity in real-time and if it identifies a process as malicious, the issue is flagged, the process terminated and the remediation engine rolls back any changes.

Kaspersky Endpoint Security for Windows can integrate with Kaspersky Sandbox and Kaspersky EDR Optimum for advanced prevention detection and response capabilities.

Kaspersky EDR Optimum

Kaspersky Endpoint Security for Business can be further boosted with the new Kaspersky EDR Optimum. The result is full visibility and the ability to apply root-cause analysis for a complete understanding of the status of your corporate defenses against advanced threats. Your IT security specialist is provided with the information and insights needed for effective investigation and a fast, accurate response to incidents before any damage can occur – as well as basic threat hunting capabilities (IoC scan).

Kaspersky Sandbox

Kaspersky Sandbox automatically protects against advanced threats designed to bypass endpoint protection. Based on dynamic threat emulation technology, Kaspersky Sandbox uses our best practices in combating complex threats and APT-level attacks, ensuring an automated response across all endpoints.

Our mathematical model analyses over 100,000 sample features and uses 10-million logs to 'teach' the behavior models – in one lightweight 2MB client-side package. Our extensive cloud threats database includes 50TB of data and 4 billion+ hashes, all without impacting on your resources or performance.

Each piece of next-generation technology is designed to deliver the fastest reaction times, lowest false positive rate and highest levels of protection, as verified in independent tests. These optimized performance levels use fewer resources and less energy, reducing your TCO.

With the introduction of our new Cloud Mode for protection components, the latest version of Kaspersky Endpoint Security for Windows:

Halves the installation size, for rapid deployment
Reduces disk and RAM consumption
Reduces network load.

In Q3 2018 alone, over 250 million unique URLs were recognized as malicious by Kaspersky technologies. Even a favorite, trusted website or corporate node can be compromised, making everyday operations insecure.

Kaspersky Endpoint Security for Windows is powered by Kaspersky Security Network (KSN), our cloud-assisted threat intelligence network. Millions of globally distributed nodes feed real-world threat intelligence to our systems, ensuring a near real-time response to even the newest emerging or evolving threats – including mass attacks.

KSN adds a further layer of security to the endpoint, enabling rapid, accurate decisions about URL or file safety to be made without requiring full content analysis. Response times are as low as 0.02 seconds - significantly faster than traditional protection methods.

The Web Threat Protection component scans HTTPS traffic to intercept, identify and block the latest threats, including those using encryption to penetrate the system undetected. The und user experience is seamless and uninterrupted.

Network Threat Protection identifies and blocks attacks on your corporate network. It's the component that can prevent infections from spreading through a buffer-overrun attack - when malicious code executes by modifying a process already downloaded in memory. New Network Attack Blocker functionality protects against attacks that exploit vulnerabilities in the ARP protocol in order to spoof a device's MAC address.

Cybercriminals use tools and scripts to collect administrator passwords to control infected hosts remotely. They also use legitimate utilities to launch fileless attacks, making it impossible for traditional protection engines to block them. Kaspersky's Behavior Detection protects against new, advanced threats, including ransomware. It does this by detecting and analyzing suspicious activity on workstations, shared folders and file servers, and by using behavior analysis to detect evolving threats – identifying them by their actual behavior rather than their emulated activity at the intrusion prevention stage. If an attack is detected, the malware is blocked and automatic rollback reverses any malicious actions that have already taken place.

Kaspersky Endpoint Security for Windows instances can integrate with Endpoint Detection and Response (EDR) Advanced, serving as its sensors on workstations and servers. This enables large volumes of data to be captured and analyzed onshore, without impacting on user productivity. Advanced threat hunting looks for evidence of intrusion, such as file specimens matching Indicators of Compromise (IoCs).

Management for mixed IT environments

Light-touch control and management for all endpoints from a 'single pane of glass' console – spend less time and resources managing IT assets and security. Define and replicate specific settings and parameters from a universal policy.

Kaspersky Security Center is a central management console that makes it easier for administrators to configure, deploy, update and manage their security. It simplifies the application of group tasks, policies and policy profiles and the generation of reports. Three management options are available:

The Kaspersky Security Center MMC console
The Kaspersky Security Center's Web Console
The Kaspersky Security Center Cloud Console

Encryption and data protection for every business

Secure your data with FIPS 140-2 and Common Criteria: EAL2+ certified encryption, or use built-in Microsoft® BitLocker® management to enable OS-embedded encryption.

Kaspersky's File Level Encryption enables the encryption of data in specific files and folders on any given drive. This allows system administrators to encrypt files automatically, based on attributes such as location and file type – and this encryption can be enforced for information created in any application. Users can also easily create encrypted, self-extracting packages – ensuring that data is protected when stored in backup or shared via removable devices, email, network or the web.

It's good practice to apply encryption settings under the same policy as anti-malware, device control and other endpoint security settings. This enables the best practice approach of integrated, coherent policies – for example, IT can allow approved USB devices to connect to a laptop, and can also enforce encryption policies to the device. All through the same single console used to manage Kaspersky Endpoint Security.

In the event of password loss or damage to the drive, data can still be recovered and decrypted using a special centrally managed emergency recovery procedure. Built-in Microsoft® BitLocker® management enables OS-embedded encryption, letting you decide which technology to use and control via the single console.

Kaspersky Endpoint Security for Windows 11.2 now allows files and folders to be deleted remotely. Special tasks can be configured in advance and action taken according to a schedule or by timeout, even when not connected to the network. This is especially useful in the following situations:

A lost device
Having to remove corporate data for contract employees or BYOD employees using their own PCs for work-related tasks
Compliance.

Cloud-enabled controls for policy refinement and breach prevention

Host Intrusion Prevention, and centralized web, device and application controls reduce your attack surface and help keep users safe and productive. Kaspersky has its own dedicated Dynamic Allowlisting laboratory, maintaining a constantly monitored and updated database of more than 2.5 billion trusted programs. This database automatically synchronizes with endpoints to simplify routine work for administrators.
For ease of management, powerful endpoint controls are managed from the same console, tightly integrated with Active Directory and next-generation anti-malware protection. This makes setting blanket policies quick and easy.

Prevent torrenting use and potential data leaks with web controls. A new web control category – 'Cryptocurrencies and Mining' – lets administrators block various cryptocurrency mining websites on corporate resources in a single click. Administrators can monitor, filter and control which categories of websites employees can access, directly at the endpoint. Those categories are updated with hundreds of new resources every month. Once categories are synchronized with the endpoint, policies are enforced even when the user is not on the corporate network. Flexible policies enable acceptable browsing at certain times of the day, while integration with Active Directory means policies can be applied across the business quickly and easily.

Powered by Dynamic Allowlisting, Application Control significantly reduces your exposure to zero-day attacks by providing total control over what software, including specific versions, is allowed to run. This includes shadow IT scenarios where, for example, employees install non-corporate software or games on a device, putting the corporate network at risk while at the same time being unproductive. BDenylisted applications are blocked, while your approved and trusted applications from the Dynamic Allowlisting database continue to run smoothly.

Adaptive Anomaly Control automatically helps apply the highest acceptable level of security for each role in the organization. After first monitoring specific actions and collecting information about the behavior of users and applications, it identifies and learns distinctive patterns of behavior, right down to individual user level. If an application then displays abnormal behavior against this pattern, the application is blocked. All without end users being interrupted.

Some applications' activities may be considered high risk – even though the applications themselves are not classed as malicious – and these activities should be controlled.

Our solution restricts application privileges according to assigned trust levels, limiting access to resources like sensitive data. Working in step with local and cloud (KSN) reputations database, Host Intrusion Prevention controls applications and restricts access to critical system resources, audio and video recording devices.

Kaspersky's huge store of default HIPS settings and restrictions for different applications relieve the administrative burden while giving complete control over specific, individual settings.

To prevent users from connecting to potentially insecure public Wi-Fi networks, you can generate a list of trusted networks based on name, encryption/authentication type, and prevent the creation of a network bridge by blocking a second active network connection.

Disabling a USB port doesn’t necessarily fix your removable device issue, because it can impact on other users’ productivity – for example, being unable to connect a 4G modem. Kaspersky Device Control solves this by enabling a more granular level of control at network connection and device type level. Integration with Kaspersky’s encryption technologies allows you to apply encryption policies to specific drive types, as well as:

Create rules for allowed devices
Set read/write permissions for devices
Log delete/copy operations
Align device controls with Active Directory users

FEATURES AND BENEFITS

ML-driven threat protection that's effective even without regular updates

Kaspersky EDR Optimum

Kaspersky Sandbox

Management for mixed IT environments

Light-touch control and management for all endpoints from a 'single pane of glass' console – spend less time and resources managing IT assets and security. Define and replicate specific settings and parameters from a universal policy.

Encryption and data protection for every business

Secure your data with FIPS 140-2 and Common Criteria: EAL2+ certified encryption, or use built-in Microsoft® BitLocker® management to enable OS-embedded encryption.

Cloud-enabled controls for policy refinement and breach prevention

How to buy

SYSTEM REQUIREMENTS

For the most complete, up-to-date requirements, please refer to Kaspersky Knowledge Base.

FEATURES AND BENEFITS

ML-driven threat protection that's effective even without regular updates

Integration for advanced prevention, detection and response

Lower your cost of ownership

Tackle the dangers of browsing – in real-time

Substantially reduce your network-based exposure

Block ransomware, fileless attacks and administrative account takeovers

Develop and run Open Source applications without risk

Shield common software against zero-day attack

See next-generation technology in action

Spot attacks and intrusions more rapidly

Management for mixed IT environments

Light-touch control and management for all endpoints from a 'single pane of glass' console – spend less time and resources managing IT assets and security. Define and replicate specific settings and parameters from a universal policy.

Deploy across diverse and air-gapped networks

Scalable management

Central console – simplifies administration tasks

Encryption and data protection for every business

Secure your data with FIPS 140-2 and Common Criteria: EAL2+ certified encryption, or use built-in Microsoft® BitLocker® management to enable OS-embedded encryption.

Prevent data breaches

Protect data at rest

Secure data sharing and backup

Central management and choice centrally

Remote wipe for data safety and compliance

Cloud-enabled controls for policy refinement and breach prevention

Control inappropriate resource use

Reduce exposure to attacks

Automate custom-hardening for each PC

Regulate access to sensitive data and recording devices

Stop threats associated with public Wi-Fi or USB devices

How to buy

SYSTEM REQUIREMENTS

For the most complete, up-to-date requirements, please refer to Kaspersky Knowledge Base.

General requirements

Operating systems

Virtual platforms

Version requirements for subscription