Kaspersky Endpoint Security for Business: 4 Key Capabilities

[Update] Kaspersky Banned by Western Countries Following Russia-Ukraine War

Many Western governments and companies are banning Russian businesses, including Kaspersky, in response to the ongoing war between Ukraine and Russia. The ban on Kaspersky was initiated by US government agencies and private enterprises.

In September 2019, the US Federal Acquisition Regulation Council implemented a policy that forbids federal agencies from purchasing Kaspersky products. In response to the Russian-Ukraine war, the Federal Communications Commission (FCC) added Kaspersky and their subsidiaries to a list of companies posing an unacceptable risk to the security of US citizens and national security. Following US sanctions, Germany’s cyber authority also advised organizations and citizens to ban Kaspersky products.

If you are looking for alternative endpoint protection solutions, learn more about the Cynet 360 security platform , providing complete endpoint protection, EDR, and XDR.

Kaspersky Endpoint Security for Business Editions

Kaspersky Endpoint Security for Business SELECT

Endpoint Security for Business SELECT is a basic, on-premises endpoint security solution for small and midsize businesses (SMBs).

Here are key endpoint security features:

• Exploit prevention—protects against unknown vulnerabilities and zero-day attacks and prevents malware execution and exploits.
• Behavioral detection—protects against fileless attacks, compromised privileged accounts, and ransomware.
• Automatic rollback—enables instant reversal of the changes on a compromised endpoint.
• Encryption protection—employs an anti-cryptor to block encryption on shared resources. It works when the encryption originates from a different machine.
• Network threat protection—identifies various network attacks like malware that can modify running processes and traffic from known bad sources.
• Web console—provides centralized management of endpoints that run on physical and virtual machines (VMs) in AWS, Azure, and on-premises.

Here are key mobile security features:

• Anti-malware—employs machine learning to detect unknown threats. It includes scheduled and on-demand malware scans.
• Over the Air (OTA) provisioning—enables you to configure and deploy apps to mobile endpoints using SMS, PC workstations, and emails.
• Anti-theft—provides tools that enable remote inspection of a SIM. You can use it to wipe or lock a machine remotely and identify the current location of lost or stolen devices.

Here are key endpoint controls:

• Application control—enables administrators to enforce policies that control the installation and usage of specific restricted applications and what software is allowed to run on PCs. It lets you run Dynamic Whitelisting using Kaspersky’s legitimate software database.
• Device control—allows you to schedule and enforce removable storage and peripherals policies.
• Host intrusion prevention—lets you use Kaspersky’s reputation database to restrict access to sensitive data on endpoints and recording processes.

Kaspersky Endpoint Security for Business ADVANCED

Kaspersky Endpoint Security Business ADVANCED offers the same capabilities in the Business SELECT edition alongside additional features, including:

• Patch management—detects application and operating system vulnerabilities and applies the latest security updates and patches.
• Encryption—prevents access to sensitive data on endpoints by enforcing encryption of data at rest.
• Adaptive security—protects applications against attacks by automatically raising the security level in each application to the highest level suitable for internal users.
• Protection for sensitive data—manages OS-embedded encryption, complies with FIPS 140.2 and Common Criteria encryption, and helps achieve compliance with GDPR.
• System image management—automatically creates, clones, and stores system images to enable easy deployment of system updates and new systems.

4 Key Capabilities of Kaspersky Endpoint Security for Business

1. Endpoint Protection Layers

Kaspersky Endpoint Security for Business provides advanced protection against ransomware and fileless attacks. It offers the following layers of endpoint protection:

• Machine learning enhanced anti-malware engine and exploit prevention
• Ransomware detection engine
• Automatic rollback on suspicious behavior detection—identifies and blocks advanced threats such as fileless malware and admin account hijacking, and rolls back to previous good configuration.
• Mobile threat prevention with enterprise mobility management (EMM) Integration
• Host-based intrusion prevention (HIPS)
• Device firewall and operating system firewall management
• Automated threat intelligence via the Kaspersky Security Network
• Data encryption via operating system built-in encryption management
• Security Policy Advisor feature monitors changes to security settings
• Vulnerability assessment and patch management
• Integration with security information and event management (SIEM)

2. System Hardening

Kaspersky Endpoint Security for Business provides the following system hardening measures:

• Application control through category-based whitelisting.
• Adaptive anomaly control to monitor and block suspicious activity determined via behavioral analysis.
• Device Control, a feature that controls and blocks plugins and extensions on endpoint devices.
• Web Control, a feature that blocks or restricts access to websites that are potentially dangerous or inappropriate for a work environment.

3. Kaspersky Sandbox

Kaspersky Sandbox can detect threats that could otherwise bypass endpoint security measures. It works as follows:

• File analysis requests are sent by the Endpoint Security for Business agent installed on the end-user’s computer to the Kaspersky Sandbox environment.
• The object is queued on one of the clustered servers operated by Kaspersky Sandbox.
• A scanned object is run by a clustered sandbox server in an isolated virtual machine that simulates a workstation.
• Kaspersky Sandbox runs the file and records all actions taken. It analyzes the retrieved data for malicious and suspicious activity.
• Finally, the sandbox returns a decision to the Kaspersky Endpoint Security for Business agent that requested the scan.
• Decisions are also sent to the action cache so that other hosts can quickly retrieve information about the scanned object without re-analysis. This reduces the load on the Kaspersky Sandbox servers and reduces threat response time.

If a file is detected as malicious, Kaspersky Sandbox uses intrusion tracing (IoC) to initiate automatic recovery in the Kaspersky Endpoint Security for Business engine. Automatic recovery deletes the file from all other computers on the network.

Techniques used by Kaspersky Sandbox include:

• Monitoring interactions with Internet resources
• Automated module loading
• Synchronous and asynchronous scans
• Counter evasion capabilities
• User action modeling and simulation
• Automatic IoC generation and infrastructure scan

4. Kaspersky EDR

Kaspersky Endpoint Detection and Response Optimum complements Kaspersky Endpoint Security for Business. It provides complete visibility over endpoint activity and rapid root-cause analysis, allowing security analysts to identify and respond to advanced threats on endpoints before they can do damage.

Kaspersky Endpoint Detection and Response Optimum enables root cause analysis via the following techniques:

• Visualizes propagation path of an attack to show how the threat reached the endpoint
• Provides information about suspicious files including metadata, file origin, revision data, and digital signatures.
• Provides rich information about hosts and users.
• Provides detailed information about detected threats.
• Provides details on process injection, file drops, or registry key changes, if discovered on the device.
• Provides details on inbound and outbound connections on the device.

When a threat is detected, several one-click, automated response options are available:

• Isolate the host
• Launch scan of the host
• Remove (quarantine) file
• Kill process
• Prevent process from executing

If the threat requires further investigation, the solution enables import of IoCs or generating them based on discovered threats, and scanning for them in additional endpoints.

Endpoint Protection—Prevention, Detection and Protection with Cynet 360

Cynet 360 is a security solution that includes a complete Endpoint Protection Platform (EPP), with built-in EDR security , a Next-Generation Antivirus (NGAV) , and automated incident response. Cynet makes it easier to adopt a modern security toolset by offering an “all in one” security model: Cynet 360 goes beyond endpoint protection, offering network analytics , UEBA and deception technology.

Cynet’s platform includes:

• NGAV—blocks malware, exploits, LOLBins, Macros, malicious scripts, and other known and unknown malicious payloads.
• Zero-day protection—uses User and Entity Behavior Analytics (UEBA) to detect suspicious activity and block unknown threats.
• Monitoring and control—asset management, endpoint vulnerability assessments and application control, with auditing, logging and monitoring.
• Response orchestration—automated playbooks and remote manual action for remediating endpoints, networks and user accounts affected by an attack.
• Deception technology—lures attackers to a supposedly vulnerable honeypot, mitigating damage and gathering useful intelligence about attack techniques.
• Network analytics—identifying lateral movement, suspicious connections and unusual logins.

Learn more about the Cynet 360 security platform.