Regardless of whether you manage ten or several thousand workplaces as part of a centralized, distributed or mixed IT infrastructure, installation, configuration and administration of all Kaspersky Lab security solutions is carried out through a single management console.
Centralized management. Scalability. Flexibility
Kaspersky Security Center allows you to effectively manage mobile devices (MDM) across platforms, monitor vulnerabilities and manage patches, and control which devices and applications are allowed on your corporate network.
Kaspersky Security Center supports multi-level protection and management technologies that are activated through a single convenient console. Kaspersky Security Center makes it easy to scale the protection system and add new tools and functions to it - both in small, rapidly growing companies and in large corporations with a complex distributed IT infrastructure. Each next level of Kaspersky Security for Business opens up additional protection and management capabilities within a single platform - in accordance with your current needs.
Levels of Kaspersky Security for Business: gradual expansion of functionality
Malware Protection |
Control of applications, devices, web control |
Mobile Security |
Data encryption | System administration |
Protection of mail servers, Internet gateways and collaboration servers |
|
STARTING | ||||||
STANDARD | ||||||
ADVANCED | ||||||
TOTAL SECURITY |
Centralized management allows you to increase the transparency of the corporate IT infrastructure, optimize costs and achieve maximum efficiency in managing the protection system. Tightly integrated functions and tools within Kaspersky Security Center (KSC) provide efficient management of all technologies implemented in a unified security platform of Kaspersky Lab.
BEST DEFAULT SETTINGS
Especially relevant for small companies that do not always have enough IT resources to perform additional administrative tasks. Use the settings recommended by our experts, or choose the ones that are right for you.
SUPPORT FOR MULTIPLATFORM ENVIRONMENTS
Security management of physical (Windows®, Linux®, Mac), mobile (Android™, iOS, Windows Phone) and virtual devices as part of the corporate IT infrastructure is carried out through a single console.
SCALABLE PROTECTION FOR COMPANIES OF ANY SIZE
Support for up to a million Active Directory® objects, as well as role-based administrator rights and settings profiles, provide flexible operation of the solution in complex environments.
EXTREME INTEGRATION CAPABILITIES
Integration with major SIEM systems for reporting and security. Integration with external NAC systems including Cisco® NAC, Microsoft® NAP and SNMP server.
REMOTE OFFICE SUPPORT
Traffic optimization and flexible patch distribution. The local workstation can act as an update agent for the entire remote office, allowing updates to be deployed remotely and reducing traffic between offices.
DETAILED REPORTS
A wide range of pre-installed report templates, with the ability to customize and generate individual reports. Additional dynamic filtering and sorting of reports by any parameters.
WEB CONSOLE
Allows you to provide effective remote security management of workplaces and mobile devices.
VIRTUALIZATION SUPPORT
Virtual machine recognition and load balancing during periods of intensive work, as well as the prevention of performance-degrading anti-virus "storms" - all through a single management console.
HOW TO BUY
Kaspersky Security Center is included in all levels of the line, as well as a number of solutions for protecting individual network nodes.
For consultation and receiving a commercial offer, send a request to the address: [email protected]
The article examines the product of Kaspersky Lab Kaspersky Endpoint Security and its use in a corporate environment, using the example of our clientsGood day, dear visitor. From the title of the article, you already understood that today we will talk about protection. In one of the previous articles, I reviewed a product related to this area of IT, which showed itself well. Today I will tell you about an equally interesting product of Kaspersky Lab, of which we are partners, Kaspersky Endpoint Security. It will be covered in a Hyper-V virtual environment, on Generation 2 machines. The server part will be implemented on a Windows Server 2012 R2 OS domain controller, Windows Server 2012 R2 AD mode, and the client part on Windows 8.1.
It should be noted that we constantly use this product in our IT outsourcing practice.
What is Kaspersky Endpoint Security?
Kaspersky Endpoint Security for Windows combines world-class anti-malware technologies with Application Control, Web Control and Device Control, and data encryption - all within a single application. All functionality is managed from a single console, which simplifies the deployment and administration of a wide range of Kaspersky Lab solutions.
Opportunities:
Kaspersky Endpoint Security for Windows is a single application that includes a wide range of critical security technologies, such as:
Kaspersky Endpoint Security differs in the set of incoming modules that contain a different number of modules depending on the edition:
In our case, we will use ADVANCED.
The following features are available as part of the Kaspersky Endpoint Security for Business START-UP solution:
The following features are available as part of the Kaspersky Endpoint Security for Business STANDARD solution:
…as well as other Kaspersky Lab technologies for IT security
The following features are available as part of Kaspersky Endpoint Security for Business ADVANCED and Kaspersky Total Security for Business:
Architecture
Server part:
Client side:
So let's get started
Installing the administration server
In our case, the administration server will be installed on an AD controller in Windows Server 2012 R2 mode. Let's start the installation:
I forgot to clarify, we will use Kaspersky Security Center 10. Install full distribution , downloaded from the Kaspersky Lab website, which includes the installation package of Kaspersky Endpoint Security 10, respectively, and Network Agent 10
In the next window of the wizard, select the path for unpacking the distribution and click "Install".
After unpacking the distribution kit, we are greeted by the Kaspersky Security Center installation wizard, after clicking the "Next" button, the wizard asks "Network size", because we will have only two clients, one x86, and the other x64 bit, then we indicate “Less than 100 computers on the network”.
Set the account under which the "Administration Server" will start. In our case, the domain administrator account.
Kaspersky Security Center stores all its data in a DBMS. During installation, the wizard prompts you to install Microsoft SQL Server 2008 R2 Express, or, if you already have a DBMS installed, you can select the name of the SQL server and the name of the database.
At the stage "Address of the administration server", the wizard asks you to specify the address of the server, because Since we have AD and DNS integrated, it would be wiser to specify the server name.
After selecting plug-ins for management, the installation of Kaspersky Security Center will begin.
After successful installation and the first launch of Kaspersky Security Center, we are greeted by the initial setup wizard, in which we can specify the key, accept the agreement to participate in KSN, and specify the email address for notifications.
The update parameters are also specified and a policy with tasks is created.
After installation on our server will be installed:
But Kaspersky Endpoint Security will not be installed. Let's perform a remote installation, because If the network agent is already installed, then we will be able to deploy Kaspersky Endpoint Security to the server. If the administration agent is not available and all incoming connections are blocked in Windows Firewall, remote installation will fail. Expand the Remote Install node and select Run the Remote Install Wizard. Select the installation package and click the "Next" button
In the "Select computers for installation" window, select the installation option for computers located in administration groups. Then select the server and click the "Next" button.
A system restart will be required after updating important modules of Kaspersky Endpoint Security, as the package is new enough, then a reboot is not needed. In the choice of credentials, we will leave everything by default, i.e. empty. After clicking the "Next" button, we will see the installation progress of Kaspersky Endpoint Security.
Create groups
Because Since the policies and tasks intended for servers differ from the policies and tasks for workstations, we will create groups corresponding to the type of administration for different machines. Expand the "Managed computers" node and select "Groups", click "Create subgroup". Let's create two subgroups, "Workstations" and "Servers". From the "Managed computers - Computers" menu, using "drag and drop" or "cut & copy", we will transfer "DC" to the "Servers" group and create a policy and tasks for this group different from the tasks and policies in the "Managed computers" node ".
Installing Kaspersky Endpoint Security
To install Kaspersky Endpoint Security remotely, disable UAC during installation. The requirement is "uncomfortable" so we'll create a Windows Firewall policy in the GPO that will allow incoming connection with the following predefined "File and Printer Sharing" rule.
After configuring and distributing Group Policy, let's go to the administration console. Expand the "Administration Server" node and select "Install Kaspersky Anti-Virus", click "Start Remote Installation Wizard". In the window of the installation package selection wizard, select the required package and click "Next". Select clients in the "Unassigned computers" group and click "Next".
In the next window, leave everything as default and click "Next". After the window with the key selection, the wizard offers to ask the user about rebooting the system after the installation of Kaspersky Endpoint Security is complete, leave it by default and click Next. At the "Remove incompatible programs" step, you can make adjustments, of course, if they are needed. Next, the wizard suggests moving client computers to one of the groups, in our case, moving them to the Workstations group.
As we can see, the console "talks" about the successful installation of Kaspersky Endpoint Security on client stations.
As we can see, after the installation, the administration server transferred the client machines according to the condition in the remote installation task.
Kaspersky Endpoint Security on the client machine.
Let's create a policy for client stations, in which we enable "Password protection", this is necessary, for example, if the user wants to turn off the antivirus.
Let's try to disable protection on the client machine.
Rules for moving computers
On the administration server, you can set up movement rules for client computers. For example, let's create a situation in which Kaspersky Endpoint Security is installed on a newly discovered PC. This is useful in a scenario where a new PC has been installed in an organization.
To automate the deployment of Kaspersky Endpoint Security, let's define movement rules for computers. To do this, select the "Unassigned computers" node and select the "Configure rules for moving computers to administration groups" item and create a new rule.
In the created rule, a new detected PC will be added to the "Workstations" group from the specified range of IP addresses.
Next, let's create a task to automatically deploy anti-virus protection for machines on which it is not installed. To do this, select the "Workstations" group and go to the "Tasks" tab. Let's create a task to install anti-virus protection with the "Immediate" schedule.
So, we see that the client computer has been added to the Workstations group.
Let's go to the "Tasks" tab and see that the installation task is running.
Let me remind you that the situation was reproduced on a machine without anti-virus protection (although before that I demonstrated remote installation on one of them, after that the anti-virus was removed to demonstrate this scenario) and, as you can see, the installation takes place on a machine without anti-virus protection, a machine with anti-virus protection protection was not affected. After installing anti-virus protection, the KES policy will be applied to this client computer.
Reports
The reports in Kaspersky Endpoint Security are more than informative. For example, let's look at the report "About versions of Kaspersky Lab applications".
The report, in some detail, displays information about installed Kaspersky Lab applications. You can see how many agents, client solutions and servers are installed. Reports can be removed and added. You can also view the status of anti-virus protection using the "Computer Selection", which helps you conveniently sort computers with infected objects or critical events.
In conclusion, I would like to say that only a small part of the Kaspersky Lab anti-virus complex was considered. Management is really convenient and intuitive. But it is worth noting the huge workload of client systems during the search for viruses and potential threats, this workload is mainly due to heuristic analysis, which requires quite a few resources. The product is very easy to administer and is suitable for both AD and workgroup environments. This product is installed by many of our customers and shows itself only from the good side.
Everything, people, peace be with you!
Kaspersky Security Center is a tool for managing the security of corporate networks.
For greater convenience of data transfer and management, devices in various firms and large enterprises are combined into one network. Creating a corporate network is, of course, logical and good. However, it is also worth worrying about its safety. In this case, Kaspersky Security Center will help you, which will be discussed below.
The program allows you to generate a single control center for a system of devices used by staff members. It is noteworthy that the software supports not only desktop computers, but also portable devices - tablets and phones. The device administrator has full control over the system, providing it with reliable protection against viruses and other dangers. Protection is complex, so its implementation takes place at several levels.
The Control Center is responsible for launching programs, managing their operation (for example, restricting access to certain resources), and blocking unwanted software. Absolutely all programs and applications installed on PCs connected to the corporate network fall under control. By controlling user actions, the administrator can choose from built-in security policy templates or customize their own settings.
In addition, Kaspersky Security Center regularly scans the system for vulnerabilities, updates new protection components, and monitors for updates for installed software. Scanning the system, Kaspersky issues reports on the work done. If regular scanning is activated, the creation of reports will be issued automatically, but the program can also generate reports at the request of the user, as well as export them to PDF, HTML and XML files.
We reviewed the functionality of Kaspersky Endpoint Security 8, which provides a comprehensive multi-level protection system for computers running Windows operating systems. Kaspersky Security Center is used to centrally manage all deployed copies of Kaspersky Endpoint Security 8 on computers in an organization. In the second part of the review, we will take a closer look at how administration works with the new, ninth version of Kaspersky Security Center and what key features it provides.
The main purpose of Kaspersky Security Center is to provide the administrator with tools to configure all components of the protection system and access detailed information about the security level of the corporate network. Kaspersky Security Center is a single tool for centralized management of a large set of security tools in an organization provided by Kaspersky Lab. The set of software products that can be managed using Kaspersky Security Center includes solutions for protecting workstations, servers, and mobile devices:
Figure 1. The logic behind using Kaspersky Security Center to protect an organization's network
Kaspersky Security Center can operate in two modes - the normal one, which is described in this overview, and the mode required for the operation of service providers that provide other organizations with the protection of their networks as a SaaS service. This mode requires a special license.
Kaspersky Security Center is not a separate program, but a set of software tools that includes:
Figure 2. Structural diagram of interaction between Kaspersky Security Center components
It can be seen from the diagram that the administrator has the ability to work with several administration servers through the snap-in, which are, for example, company servers located in different offices. In addition, the administrator has the ability to access the administration server through an Internet browser from any computer without the need to install any modules on it, which can be useful if you need to monitor the security system. This access method is also used when protection is deployed in an organization by an external service provider, whose administration server can be accessed from the protected network using the web console.
Figure 3. Scheme of using the web console
;
Kaspersky Security Center allows you to configure and manage components and settings on client computers. For each user group or specific user, the administrator can set different settings for the following components:
Figure 4. Scheme of components managed by Kaspersky Security Center
The ninth version of Kaspersky Security Center is a development of the Kaspersky Administration Kit 8.0 tool. Compared to it, a set of new features has been added to Kaspersky Security Center. It became possible to create virtual administration servers, management of the operation of the Application Control, Vulnerability Control, Web Control and Device Control components was added, a web console for managing the administration server through a browser was added, functions for managing clients on virtual machines were added, it became possible to centrally detect and eliminate vulnerabilities on client computers. The functions of tools for managing installations of various components, obtaining additional information about controlled computers, creating reports and working with accounts have been significantly expanded.
To work with Kaspersky Security Center 9, the computer must meet the general system requirements specified in Table 1.
Table 1. Hardware requirements for operation on different operating systems
Operating system version | Hardware Requirements |
32-bit OS | |
Microsoft Windows Server 2003; Microsoft Windows Server 2008 deployed in Server Core mode; Microsoft Windows XP Professional SP2, Vista SP1, 7 SP1. | processor with a frequency of 1 GHz or higher; 512 MB of RAM; 1 GB of free hard disk space. |
64-bit OS | |
Microsoft Windows Server 2003; Microsoft Windows Server 2008 SP1, 2008 R2, 2008 R2 deployed in Server Core mode; Microsoft Windows XP Professional SP2, Vista SP1, 7 SP1; | processor with a frequency of 1.4 GHz or higher; 512 MB of RAM; 1 GB of free hard disk space. |
Since Kaspersky Security Center 9 includes three components - the administration server, the administration console, and the administration web console server, for each of them to work, the following requirements must be met.
Administration Server
Database management system
Administration Console
Administration web console server
The main functions of Kaspersky Security Center are to deploy protection on client computers, centrally administer these applications, and receive information about events on protected computers.
Deploying protection
Administration
Monitoring
Also, Kaspersky Security Center now has the ability to manage the protection of virtual workstations. When a new virtual machine appears on the network, it is automatically located, connected to the administration console, and all the necessary protection components are installed on it. Kaspersky Security Center allows you to distinguish between virtual and physical machines and combine them into different groups for the convenience of virtual infrastructure administration. Dynamic mode support for Virtual Desktop Infrastructure (VDI) has also been implemented.
To install Kaspersky Security Center, you need to run the installation file of the application, after which the welcome window of the installation wizard will appear.
Figure 5. The initial window of the Kaspersky Security Center Installation Wizard
Next, you need to read the license agreement and accept its terms. After that, you need to select the type of installation. Standard installation contains a minimum set of components and is recommended for networks with up to 200 computers. Custom installation allows you to configure additional settings for Kaspersky Security Center and is recommended for networks with more than 200 computers. Select custom installation and click Next.
Figure 6. Selecting the installation type of Kaspersky Security Center
The next step is to select the components to be installed.
Figure 7. Selecting Kaspersky Security Center components for installation
Figure 8. Network size selection
At the next step, you need to select the account under which the Administration Server will run on the computer. You can choose from two types of accounts - a system account (not available in Windows Vista and later Microsoft operating systems) or a user account.
Figure 9. Selecting an account under which Kaspersky Security Center will be launched
After that, you need to select the type of database for the administration server - Microsoft SQL Server (Express Edition) or MySQL. When choosing MS SQL Server, if this DBMS is not available, it will be installed. If you choose the MySQL DBMS for operation, it must already be installed in the system.
Figure 10. Selecting a database server for Kaspersky Security Center
The next step is to configure the connection settings to the server with the database. And then an account is configured to connect to the server.
Figure 11. Configuring the connection parameters to the server with the database
After that, you need to determine the location and name of the shared folder in which the installation files and updates will be stored. You can create a new folder or select an existing one.
Figure 12. Creating a shared folder
Next, you need to specify the port number for connecting to the administration server (port 14000 is used by default) and the SSL port number for secure connection to the administration server using the SSL protocol (port 13000 is used by default).
Figure 13. Configuring the settings for connecting to the administration server
After that, you need to set the address of the administration server. The address can be a DNS name, NetBIOS name, or IP address.
Figure 14. Setting the administration server address
The next step is to select modules for program management. We need a module for managing Kaspersky Endpoint Security 8 for Windows, so we select it.
Figure 15. Selecting modules for installation
This completes the setup process, you can start installing the program. Next, you need to restart the operating system, after which the installation can be considered completed.
After installation, you will need to make a number of additional settings - specify a key or registration code, decide on the use of "cloud" technologies, configure sending notifications about events and proxy server settings. After that, you can start working with Kaspersky Security Center.
The administration server is managed through the administration console. It is a special snap-in that is integrated into the Microsoft Management Console (MMC).
Figure 16. Microsoft Management Console snap-in window
The benefit of using the snap-in is a standard interface that is familiar to Windows administrators. In addition, several different snap-ins can be added to one management console. For example, Windows Firewall, the Diskeeper defragmenter, the Performance snap-in, and Kaspersky Security Center.
Figure 17. An example of creating a management console
The main window for working with Kaspersky Security Center consists of a menu, a toolbar, an overview panel (console tree), and a workspace. After installing Kaspersky Security Center, we get access to the administration server, through which we will manage instances of Kaspersky Endpoint Security 8 installed on computers on the local network.
With a distributed structure of the company, it is necessary to create a set of administration servers that will allow servicing each segment of the network separately, but at the same time, centrally managing everything from one point. This will reduce traffic within the local network, simplify work with remote offices or local network segments. If you have several administration servers, you can delegate the responsibility for security and the authority to manage each virtual server to individual administrators. Administration servers can be added from the context menu of the "Kaspersky Security Center" node ("Create" - "Kaspersky Administration Server" - "Administration Server..."). The created hierarchy allows you to create inheritance rules for tasks and policies for different administration servers.
The hierarchy of tools for the administrator's work is shown in Figure 18.
Figure 18. Hierarchy of tools for administrator work
The Administration Server can be used as a proxy server for Kaspersky Security Network (KSN), a special service, KSN Proxy, is responsible for this. Its use allows all computers managed by the administration server to send and receive data to the "cloud" even if they do not have access to the Internet. Also, due to caching requests, KSN Proxy allows you to reduce the load on Internet access.
Figure 19. Configuring KSN Proxy settings
The logic of working with the program when deploying protection and administration is built as follows. First, the administrator configures the administration server settings. After that, administration groups are created in accordance with the logic of the protected network. For example, accountants can be prohibited from using any removable media, and for programmers, set the most stringent web control settings.
Computers are added to the created groups, and Network Agent and Kaspersky Endpoint Security 8 are installed on each computer. Then, security policies are created and configured for each user group. Also, the administrator can create various tasks (virus scan, update, etc.) and set the criteria for their execution (by timer, by event, etc.). After that, work with the program goes into the background - the administrator needs to periodically review reports, respond to threats, add new users for protection, and perform other network maintenance work. Let's take a look at how it works.
To manage protection settings on client computers, use the "Computer Management" group, which contains four panels: "Groups", "Policies", "Tasks" and "Computers".
Figure 20. Computer Management group
The "Groups" panel contains tools for managing groups of computers on the "Administration Server". These administration groups allow you to organize a hierarchy of computers on the network in order to selectively apply various policies and tasks to them in the future. "By default" only one, root, group is available. Using the "Create Group" and "Create Subgroup" commands on the "Groups" panel, you can create the hierarchy of computer groups necessary for your organization.
Figure 21. An example of creating administration groups
Through the context menu of the "Managed computers" node ("All tasks" - "Create group structure" command in the context menu), the hierarchy of computers can be generated automatically. For this, information about the structure of domains and workgroups of the Windows network, Active Directory groups, or the contents of a text file is used.
In the "Groups" panel, you can set the conditions for installing programs on computers that have newly appeared in a group. You can also specify the criteria by which the user's computer will be assigned the Warning or Critical status. For example, if the databases have not been updated for more than X days or more than Y viruses have been found.
Figure 22. Setting criteria for setting statuses for computers
After the groups have been created and configured, you can start populating the groups with computers. To do this, use the "Computers" panel, in which you can add and remove computers on the "Administration Server". You can also view information about each of the computers on the network - its status, the time when signature databases were updated, the number of viruses found, etc.
Figure 23. Computers panel with expanded filtering panel
To add a new computer, you need to click on the "Add computers" button, after which the wizard window will appear. Its first step is to determine how to add client computers.
Figure 24. Add client computers wizard window
When manually adding computers, you need to specify the ip-address or range of ip-addresses of computers on the network. You can also import a list from a text file with a list of ip-addresses.
Figure 25. Manually adding new computers
When automatically adding, it is enough to specify the necessary computers from the list of discovered computers on the network.
Figure 26. Window for adding computers detected by the administration server
If, for some reason, computers have not been assigned to administration groups, they remain in the folders of the Uncommon Computers node. You can also apply tasks and configure policies to these computers. These folders also contain new computers found by the administration server when polling the Windows network, IP addresses, and Active Directory groups. After finding new computers on the network, the administrator can move them to one of the existing groups.
Kaspersky Security Center allows you to install various applications on computers in the local network. These can be Kaspersky Lab client protection programs or third-party programs. To install the application on client computers, you must create a task of the appropriate type and specify the computers for which it will be executed.
Installing applications through Kaspersky Security Center is primarily needed to deploy protection on client computers when you start using Kaspersky Lab solutions in an organization and when adding new computers for protection.
To organize protection on client computers, you first need to install network agents and Kaspersky Endpoint Security 8. The installation package is installed using the remote installation wizard, which is launched from the Groups panel by clicking the Start installation button. Select the administration agent and click the "Next" button.
Figure 27. Selecting the program to be installed
We indicate that the program is installed "From the shared folder." After installing the Network Agent, it is more convenient to carry out all installations through it, since in this case it is possible to centrally manage the installation repository. And when a new computer is added to the network, the administrator will be able to run one task to install the entire list of necessary programs.
Figure 28. Selecting program installation options
In the next step, you can specify accounts that have administrator rights.
Figure 29. Selecting accounts that have administrator rights on the target computer
After that, you will need to choose whether to restart the computer after installing the program, and if so, whether to do it forcibly or ask the user. This completes the creation of the application installation task and can be launched.
Figure 30. Launching the application installation task
If for some reason network installation is not possible (for example, the network is disabled on the computer), then you can create an installation package and provide it to the user for self-installation.
Kaspersky Security Center is a unique tool that allows you to control the security of corporate networks and centrally manages various security tools
The Control Center is responsible for monitoring the activities of programs, their opening and blocking malicious software. Under its influence are all applications and programs installed on computers that are connected to the corporate network. The administrator manages user actions either by adjusting their own security settings or by using standard templates.
Kaspersky Security Center constantly checks the system for weaknesses, updates protective components, and monitors for updates for running software. When checking the system, the program provides reports on its actions. Reports are generated automatically when regular checks are activated, but the tool is able to generate them at the request of the user and translate them into PDF, HTML and XML files.
The intuitive interface provided by the program facilitates the user's work.