Kaspersky Endpoint Security Suite: Editions Structure, Pricing and Features
Kaspersky offers a robust set of endpoint security solutions, suitable for small, medium and large enterprises. The solutions provide preventive protection against malware and advanced threats, Endpoint Detection and Response (EDR) that helps respond to cyberattacks against endpoints (see our guide on EDR Cybersecurity), and security awareness training.
The Kaspersky Endpoint Security suite helps organizations secure endpoints such as workstations, servers and mobile devices, and improve security for users. It includes three key capabilities:
Adaptive Endpoint Security—preventive measures to protect the endpoint and its data, including malware and exploit prevention, behavioral threat detection and network threat detection.
Endpoint Detection and Response—helps security teams rapidly respond to incidents and data breaches.
Security Awareness—computer-based training that makes employees aware of security threats such as social engineering.
A central emphasis in the design of Kaspersky’s endpoint solutions is that endpoint security should have minimal or no impact on the performance of the endpoint and the applications running on it.
Editions and Pricing
The Kaspersky suite includes several editions with variable pricing—we describe each edition in more detail in the following sections.
Pricing (annual, for 10 devices)*
Kaspersky Endpoint Security for Business SELECT
On-premise solution with basic capabilities
Kaspersky Endpoint Security for Business Advanced
On-premise solution with enhanced capabilities
Endpoint Security Cloud
Cloud solution with basic capabilities
Endpoint Security Cloud Plus
Cloud solution with enhanced capabilities
* Editions and pricing may change from time to time, see the official pricing pages for each edition.
Kaspersky endpoint solutions support the following environments:
Workstations and mobile
Microsoft SharePoint servers
Tablets and smartphones
What’s Included in Each Edition?
Endpoint Security for Business SELECT
Endpoint Security for Business SELECT is the basic endpoint security offering, aimed at small to medium businesses. It is deployed on-premises.
Core endpoint security features:
Exploit Prevention—prevents execution of malware and exploits and protects against unknown and zero-day threats
Behavioral detection and automatic rollback—protects against ransomware, fileless attacks, compromised privileged accounts. Automatic rollback enables instant reversal of changes made on a compromised endpoint.
Encryption protection—provides an anti-cryptor mechanism that block encryption on shared resources, when encryption originates from another machine
Network threat protection—identifies network attacks such traffic from known bad sources, and malware that modifies currently running processes.
Web console—central management of endpoints running on physical and virtual machines on-premises, in AWS and Azure.
Mobile security features:
Anti-malware—machine-learning based detection of unknown threats, on-demand and scheduled malware scans.
Over the Air (OTA) provisioning—lets you pre-configure and deploy apps to mobile endpoints via SMS, email or PC workstation.
Anti-theft—tools that let you remotely inspect a SIM, remotely lock or wipe a machine and identify current location if a device is lost or stolen.
Application control—lets administrators enforce policies with regard to installation and usage of restricted applications, controls what software can run on PCs, and lets you perform Dynamic Whitelisting based on Kaspersky’s database of legitimate software.
Device control—lets you schedule and enforce policies regarding removable storage and peripherals.
Host Intrusion Prevention—restricts access to sensitive data on the endpoint and recording processes using Kaspersky’s reputation database.
Kaspersky Endpoint Security for Business Advanced
The Business Advanced edition offers identical capabilities to the Business SELECT edition, with the following additional features:
Patch management—identifies operating system and application vulnerabilities and applies the latest patches and security updates.
Encryption—enforces encryption of data at rest to prevent access to sensitive data on the endpoint.
Adaptive security—protects against application-based attacks by automatically raising security within each application to the highest level appropriate for internal users.
Protection for sensitive data—meets FIPS 140.2 and Common Criteria-certified encryption, manages OS-embedded encryption and helps comply with GDPR.
System image management—creates, stores and clones system images automatically, enabling easy deployment of new systems and system updates.
Kaspersky Endpoint Security Cloud
Endpoint Security Cloud is comparable to Business SELECT, but is a cloud-based solution, suitable for smaller businesses or those with limited IT/security staff. It offers predefined security policies and makes it easier to get started. It can also be used to secure remote workers using their personal devices.
The Endpoint Security Cloud edition includes the following features:
File-, Web-, Mail Threat protection
Ransomware and Exploit prevention
Network Attack Blocker
Kaspersky Endpoint Security Cloud Plus
The Endpoint Security Cloud Plus edition offers the same capabilities as Endpoint Security Cloud, with the following additional features which provide improved manageability for larger businesses:
Endpoint Protection—Prevention, Detection and Protection with Cynet 360