Security for Business
Ultimate security for every aspect of your business
Kaspersky Lab’s most comprehensive business security solution, Kaspersky Total Security for Business delivers rigorous protection for your corporate IT network. As well as security for desktops, laptops and file servers – plus data encryption, endpoint control tools and mobile security – it delivers protection for mail servers, collaboration servers and traffic flowing through Web gateways. Extended systems management tools automate a wide range of administration tasks to save time and resources.
- Multi-layered protection, powered by a unique combination of big data threat intelligence, machine learning and human expertise.
- Granular security management makes it easy to administrate and control all security issues with no need for additional integration and management solutions.
- Improved business efficiency by enabling secure communication and collaboration.
- Enhanced mobile security and device management to protect data wherever it’s accessed.
- Provides the best possible protection for customers as proven by independent testing. Kaspersky Lab is the world’s most tested, most awarded security with the best detection rates in the industry.
Protection from any kind of cyber threat your business faces
Kaspersky Total Security for Business delivers multi-layered protection against known, unknown and advanced threats, powered by a unique combination of big data threat intelligence, machine learning and human expertise for higher levels of protection. Powerful control tools help manage how applications run, block the use of unauthorized removable devices and implement Internet access policies.
Protecting sensitive business information
The loss of a laptop or mobile device can result in confidential data falling into the wrong hands. Our encryption features help you to enforce the encryption of files, folders, disks and removable devices. Data encryption is easy to configure and can be managed from the same management console used to control all other Kaspersky Lab security technologies running on your network.
Improving business efficiency by securing mobile endpoints
By combining mobile security technologies, flexible Mobile Device Management (MDM) and Mobile Application Management (MAM) features, Kaspersky Total Security for Business protects smartphones and tablets – and the corporate systems and data they access. Compatible with the most popular mobile platforms, our technologies defend both corporate-issued and BYOD mobiles including protection for lost / stolen devices.
Protecting email communication
Even a single email with a malicious attachment can cause havoc and disrupt business operations. Optimized security scanning and intelligent spam filtering combine to protect mail traffic, block spam emails with almost no false positives and reduce the volume of traffic on your corporate network. A wide range of mail servers are supported.
Securing browsing for employees
We all spend more and more time online at work. With security technologies that protect web traffic flowing through the most popular Windows-based or Linux-based Web gateways, Kaspersky Total Security for Business ensures that your employees can access the Internet without exposing the company to risk.
Enabling secure collaboration
Useful for efficiency gains, collaboration tools need protection too. Our security for SharePoint includes anti-malware, content filtering and file filtering to help enforce your business’s collaboration policies and prevent inappropriate content being stored on your corporate network.
Optimizing security management
Managing security for an ever growing amount of devices in a company can be a complicated time-consuming task. By including Kaspersky Security Center – our highly integrated management console that gives you centralized control over all of our security technologies – Kaspersky Total Security for Business helps to cut through management complexity.
For smaller companies we provide a choice of preconfigured policies – so you can rapidly implement security across your network and start benefiting from protection. If you need more flexibility we provide wide range of setup options to adjust the solution to your security needs. Integration with security information and event management (SIEM) products, such as HP ArcSight and IBM QRadar helps ensure enterprise-level businesses get the real-time monitoring data they need.
World-class security for complex IT environments – including laptops, desktops, servers, mobile devices, web gateways, mail and collaboration systems* – together with extended IT systems management functionality.
*Exact feature set varies depending on platform.
Multi-layered security for desktops, servers and mobile devices
Multi-layered security and control
Kaspersky Total Security for Business combines multiple technologies to protect all devices and environments against a constantly evolving cyber-threat landscape. Security controls along with Automatic Exploit Prevention, Host-Based Intrusion Prevention System and others significantly reduce the probability of a malware intrusion. A host of other technologies and processes detect and identify the malware at endpoint to stop it in its tracks and roll-back its actions.
The best of machine learning and human ingenuity
Kaspersky Lab’s unique HuMachine™ approach is powered by a combination of big data threat intelligence, machine learning and human expertise to ensure higher levels of multi-layered detection – without complexity or management headaches.
Using the power of cloud intelligence
Millions of Kaspersky customers worldwide voluntarily provide anonymized threat data from their devices to Kaspersky Security Network (KSN). This cloud-based threat lab gathers and stores massive volumes of metadata from suspicious files that enable it to make rapid, accurate decisions about the safety of files and URLs without having to completely analyze their content. This enables protection from unknown threats.
Detecting suspicious behavior
Kaspersky Endpoint Security for Business Select uses behavioral detection at both pre-execution and execution stage. Behavioral detection is supported by Kaspersky Security Network which stores huge amount of suspicious files’ metadata.
Prior to a file launching, behavioral detection using emulation plays a critical role in identifying unknown and advanced threats. Once an application has launched, SystemWatcher monitors files for signs of suspicious activity. Malicious files are blocked and any actions rolled back automatically.
Protecting against exploits
No application or operation system can boast that it is 100% free from vulnerabilities. These vulnerabilities can be exploited by malware to penetrate your network, infect your workstations and servers and disrupt your operations. Our innovative Automatic Exploit Prevention (AEP) technology helps to ensure malware can’t exploit vulnerabilities within the operating systems or applications that are running on your network. AEP specifically monitors the most frequently targeted applications – including Adobe Reader, Internet Explorer, Microsoft Office, Java and many more – to deliver an extra layer of security monitoring and protection against unknown threats.
Blocking network attacks
Threats targeting corporate networks, including port scanning, denial-of-service attacks and buffer-overrun attacks are on the increase. Network Attack Blocker technology detects and monitors suspicious activities on your corporate network and lets you preconfigure how your systems should respond if suspicious behavior is identified.
Security beyond the desktop
Securing all server environments
It’s not unusual for businesses to run a variety of server platforms across their IT infrastructure, from Windows-and Linux cluster servers to Microsoft and Citrix terminal servers. Kaspersky protects them all, and optimized scanning processes mean minimal impact on server performance. Should one of your file servers develop a fault, our technologies automatically re-launch when the file server restarts.
Ensuring mobile security
Mobile devices are used in every business today, opening up a potential route into your corporate network. Kaspersky Endpoint Security for Business Select protects mobile devices against the latest mobile threats; anti-phishing technology protects against websites that try to steal information; and anti-spam filters out unwanted calls and texts.
Containerization technology separates corporate data and applications from a user’s personal data, keeping corporate data safe if a device goes missing. Remotely operated protection features can delete the corporate container safely without affecting personal data and settings.
Security controls to manage applications, devices and Internet access
Dynamic whitelisting for application control
There are thousands of new applications on the market, and the number is growing every day. Keeping track of which are potentially dangerous and which aren’t is a challenge. Kaspersky’s dynamic whitelisting approach allows system administrators to activate a Default Deny policy that blocks all applications – unless they’re on your whitelist. Our in-house whitelisting lab constantly checks applications for security issues, adding them to the database of whitelisted applications (this database includes over 1.3 billion unique files – with 1 million files being added every day). Kaspersky customers have access to this database for use as is, or to adapt to their specific business requirements. Test mode ensures that no accidental blocking of business-critical applications takes place and there is no unwanted impact on functionality.
Control applications on servers and workstations
Our System Watcher technology monitors an application’s behavior as it launches on the server or employee machine to identify malicious patterns of activity. Malicious files are blocked – and on workstations, malicious activities are rolled back.
Control application privileges to minimize risks
For some applications – even though the applications may not be classified as malicious – their activities may be regarded as high-risk. In many cases, it’s advisable that these activities are restricted. Our Application Privilege Control (Host-Based Intrusion Prevention System – HIPS) restricts activities within the endpoint, according to the ‘trust level’ that has been assigned to the application and limits the rights of applications to access certain resources, including system and user files. Access of applications to audio and video recording devices can also be controlled.
Preventing unauthorized devices gaining access
To prevent unauthorized devices gaining access to your network, Kaspersky’s device controls enable you to set up controls based on time of day, geographical location or type of device. You can align the controls with Active Directory for granular administration and policy assignment and employ masks in the creation of Device Control rules and whitelist multiple devices if required. Kaspersky Total Security for Business also logs all ‘delete and copy’ operations performed on removable USB devices, and manages user rights for file ‘read and write’ operations on CD/DVDs.
Flexible Wi-Fi control
Use of untrusted public Wi-Fi networks exposes devices – and the corporate network – to attack. By creating a list of trusted networks specifically for employees, you can allow access to trusted Wi-Fi networks and prohibit use of other networks without impacting on worker mobility.
Monitoring and control of Internet access
With more and more time spent online, including at work, Kaspersky’s web control tools let you set up Internet access policies and monitor Internet usage. It’s easy to prohibit, limit, allow and audit users’ activities on individual websites and/or categories of sites, such as games websites, social networks or gambling sites. Geographic and time-of-day controls can be aligned with Active Directory to help administrate and set policies.
Encryption for ultimate protection of confidential data
Strong, compliant encryption
KKaspersky Endpoint Security for Business Advanced uses the AES-256 encryption algorithm to deliver strong encryption to protect confidential information. If files or systems are lost or stolen, unauthorized users can’t access the encrypted data. Our encryption is fully FIPS 140-2 compliant.
Integrated encryption for improved manageability
Data encryption is easy to configure and can be managed from the same management console that you use to control all other Kaspersky Lab endpoint security technologies running on your network. Our encryption technologies have been developed in-house from a unified code base, making it easier to apply encryption settings in line with the same policies that cover your anti-malware defenses, endpoint controls and other endpoint security technologies.
Full Disk and File-Level Encryption
Full Disk Encryption (FDE) operates on the physical sectors of the disk and makes it easy to run an ‘encrypt everything at once’ strategy. File-Level Encryption (FLE) enables the secure sharing of data across your network. For additional security – when a file is encrypted – the original, unencrypted file can be wiped from the hard drive.
Encryption of removable media
Removable Media Encryption can perform Full Disk Encryption and File-Level Encryption to protect data on removable devices.
Portable mode encryption
If you need to transfer sensitive data, you can easily set up password-protected, encrypted, self-extracting packages of files and folders. A special portable mode for File-Level Encryption on removable media enables the secure transfer of data – even onto computers that aren’t running Kaspersky Security products.
Simplified sign-on and smartcard / token support
When a user turns on their PC and enters their username and password, Single Sign-On feature gives them immediate access to the encrypted data on their PC's hard drive. This ensures that the encryption and decryption processes are virtually transparent to the user, helping to boost efficiency and productivity. Two-factor authentication, via smartcards and tokens, is also supported.
Microsoft BitLocker management
Hard drive encryption on Microsoft Windows devices can be managed using Microsoft BitLocker technology. Microsoft BitLocker management enables the use of OS-embedded encryption technology to improve hardware compatibility while minimizing user impact.
Support for Intel AES-NI and more
By supporting Intel AES-NI, we enable faster encryption and decryption of data for many Intel processor-based and AMD processor-based systems**. Our Full Disk Encryption technology also supports UEFI-based platforms. Non-QWERTY keyboards are also supported.
**Not all processors support AES-NI.
Securing collaboration and preventing data loss
Protecting SharePoint environments
Easy-to-use security, file filtering and content filtering let you manage the protection of an entire Microsoft SharePoint server farm from a single, central console. Impact on system performance is minimal.
For more efficient data storage, our file filtering technologies help to eliminate unnecessary files and make it easier to enforce document storage policies. Create lists of prohibited file names and extensions or use preset file type profiles to rapidly implement policies for music, video, executable files and others. By analyzing real file formats – regardless of the file extension name – our technology ensures security policies can’t be violated by files that avoid the use of a prohibited file extension.
Providing flexible content filtering
By checking all documents against lists of prohibited content – including explicit words / phrases and the use of offensive language – content filtering helps to control and assign internal collaboration policies. With pre-installed dictionaries / categories – as well as the ability to create your own list of prohibited words and phrases – it’s easy to configure content filtering according to your requirements.
Delivering real-time status information
Our dashboard provides access to real-time data, including IT security status, database versions and license status for all protected servers. Kaspersky Total Security for Business makes it easy to generate reports on events and security status.
Boosting data protection and compliance
Kaspersky Total Security for Business analyzes the content of documents stored in Microsoft SharePoint Server and automatically registers and blocks anything that holds confidential or sensitive data. It scans for words in pre-installed glossaries – or custom glossaries – as well as for structured data.*
*Data Loss Protection features are licensed separately.
Protecting corporate mail from data leakage
Securing multiple platforms
With support for a wide range of mail servers – including Microsoft Exchange, IBM Lotus Notes / Domino, Sendmail, qmail, Postfix, Exim and CommuniGate Pro – our mail server security technologies protect mail traffic and groupware servers against malware and spam. Kaspersky Total Security for Business can also be used to set up a dedicated mail gateway.
Filtering out spam
Effective spam filtering improves efficiency and productivity. Our intelligent spam filtering technology helps stop distracting spam from arriving in users’ inboxes. It achieves a very low rate of false positives while reducing traffic on your corporate network.
Supporting server resources
With optimized scanning – plus the option to exclude specific items from a scan – our mail server protection supports load balancing of server resources resulting in effective protection with no significant impact on performance.
Protecting web gateways
Our security technologies deliver protection for traffic flowing through most popular, Windows-based or Linux-based gateways, automatically removing malicious and potentially hostile programs that appear in HTTP(S), FTP, SMTP and POP3 traffic.
Delivering high detection rates without degrading performance
With intelligent, optimized scanning – plus load balancing – Kaspersky Total Security for Business delivers high detection rates without any significant impact on system performance.
Enhancing security and extending IT system management
Identifying and patching vulnerabilities
No application or operation system is 100% free from vulnerabilities – vulnerabilities that can be exploited by malware to penetrate your network, infect your workstations and servers and disrupt your business. With multiple applications running on a corporate network, manually identifying vulnerabilities and keeping software up to date is impracticable and risky.
The vulnerability assessment and patch management features in Kaspersky Total Security for Business automates the process of mitigating software vulnerabilities. Detected vulnerabilities can be automatically prioritized and patches and updates automatically distributed. This drastically minimizes the possibility of exploitation by malware.
Managing your hardware and software assets
All devices on your network are automatically discovered and recorded in hardware and software inventories. The hardware inventory details information about each device and the software inventory helps you control software usage and block unauthorized applications. Even guest devices that appear on your network can be automatically discovered and granted with access privileges without compromising the security of your corporate systems and data.
Optimizing application distribution
You can deploy software at your command or schedule it for after office hours. In some cases, you can specify additional parameters in order to customize the software package being installed. The use of secure, remote connections to any desktop or client computer helps to resolve issues rapidly, while an authorization mechanism prevents unauthorized remote access. For traceability, all activities during a remote access session are logged.
Automating and optimizing OS deployment
Our technologies automate and centralize the creation, storage and cloning of secured system images where they are held in a special inventory, ready to be accessed during deployment. Client workstation image deployment can be made with either PXE servers (Preboot eXecution Environment) that have been previously used on the network, or using our own features. The use of Wake-on-LAN signals lets you automatically distribute the images after hours. UEFI support is also included.
Reducing traffic with remote distribution
If you need to distribute software or patches to a remote office, one local workstation can act as the update agent for the entire remote office, helping to reduce traffic levels on your network.
Integration with SIEM systems
Security information and event management (SIEM) systems can play a key role in helping enterprise-level businesses with real-time monitoring, which is why we’ve included integration with leading SIEM systems to facilitate better reporting and security.
System administrators are stretched, and any time spend on admin and generating reports could be spent on other critical, core business functions instead. Kaspersky Total Security for Business includes Kaspersky Security Center (KSC), a centralized, highly integrated management tool that provides a complete view, and control, of the Kaspersky Lab endpoint security technologies in your business. KSC makes management of mobile devices, laptops, desktops, file servers, and virtual machines easy, while also generating reports, all from a convenient ‘single pane of glass’ console.
Supporting common MDM platforms to manage mobile devices
To manage all your mobile devices centrally you need a security solution that is integrated with all leading mobile device management platforms. Kaspersky Total Security for Business supports Microsoft® Exchange ActiveSync®, iOS MDM and Samsung KNOX™ and enables easy creation of policies for each platform, e.g. mandatory encryption, password enforcement, camera usage, APN/VPN settings. Android for Work enables business profile creation and business application and device management.
Assigning different responsibilities to different administrators
Role-Based Access Control helps divide security management and systems management responsibilities between multiple administrators. For example, you may want one administrator to manage endpoint security, endpoint controls and mobile security, while another needs to take care of data encryption and all systems management functions. Kaspersky Security Center console is easily customized so that each administrator only has access to the tools and information relevant to their responsibilities.
Delivering a higher level of integration
All the technology within Kaspersky Total Security for Business has been developed in-house with a tightly-integrated code, which means there are no compatibility issues for you to deal with, and scalability is easy. Seamlessly integrated security technologies that do more to protect your IT environment – while centralized management saves time.