Kaspersky Endpoint Security for Business 11.1 Product Review
Summary
Kaspersky Endpoint Security for Business is a multi-layered platform, offered as a cloud-based or on-premises solution, geared toward protection and unified management to secure corporate data and every layer a network. Please note, only Windows servers are supported and this product doesn’t include an appliance offering.
It is ideal for small and medium-sized businesses looking
for easy security management and the benefits of cloud service. It protects
against all threats by identifying vulnerabilities, distributing patches,
delivering extended systems management capabilities and securing gateways,
email and collaboration servers.
Installation with Red Hat Packet Manager and Debian was
straightforward and 32- and 64-bit Windows installers are also available. The
on-premises deployment model requires Windows Server and SQL Server Express,
which took some time to stand up. As with other products, you can create an
installer to deploy through the Server Management Interface. We found the
process of creating a Linux package unclear and suggest Kaspersky include a
more detailed explanation.
The latest version features Adaptive Anomaly Control,
which intelligently perceives and blocks anomalous applications and user
behavior. The console option is more fully featured than the current web
option, however, we were told an update will offer more web-based threat
prevention capabilities.
Exploit Prevention
identifies products with vulnerabilities and blocks operations when there is an
attempt to leverage one. This is based on known installed software
vulnerabilities. This feature has found five zero-day threats in the last seven
months.
We were satisfied the
Kaspersky Security Center functioned as designed. We ran our toolset against it
and it deleted or quarantined the executables. However, the client or dashboard
provide little notification. The notify flag seemingly is separate and would
have to be configured as part of the policy behavior. We were able to change
the hash of a program and take it through execution. This product lacks the
storyboarding capabilities found in other solutions. We suggest including
storyboarding in future releases to bring visibility and context into the full
picture of attacks. We were informed the Security Center will be upgraded.
The console’s design aesthetic felt dated with an interface less clear and concise compared to other products we saw. It functioned adequately, albeit with a clunky navigation experience and less of an intuitive feel. We were impressed with how report-driven this solution is – providing 60 different customizable out-of-the-box templates that show typical items like what was detected, where and what action was taken. All are exportable to PDF or HTML and configured for email.
Tested by Tom Weil
Gloss