Regardless of whether you manage ten or several thousand desktops as part of a centralized, distributed or mixed IT infrastructure, installation, configuration and administration of all Kaspersky Lab security solutions is carried out through a single management console.

Centralized management. Scalability. Flexibility

Kaspersky Security Center enables efficient management mobile devices(MDM) across platforms, vulnerability monitoring and patch management, and control of devices and applications allowed on your corporate network.

Kaspersky Security Center supports multi-level protection and management technologies that are activated through a single, convenient console. Kaspersky Security Center allows you to easily scale your protection system and add new tools and functions to it - both in small, rapidly growing companies and in large corporations with complex distributed IT infrastructure. Each subsequent level of the Kaspersky Security for Business solution opens up additional protection and management capabilities within a single platform - in accordance with your current needs.

Levels of Kaspersky Security for Business: consistent expansion of functionality

	Malware protection	Control of applications, devices, web control	Mobile Device Security	Data encryption	System administration	Protecting mail servers, Internet gateways and collaboration servers
STARTING
STANDARD
ADVANCED
TOTAL SECURITY

All-round protection. Full control

Centralized management allows you to increase the transparency of the corporate IT infrastructure, optimize costs and achieve maximum efficiency in managing the security system. Tightly integrated functions and tools within Kaspersky Security Center (KSC) provide effective management of all technologies implemented in a single Kaspersky Lab security platform.

• Deploying, configuring and managing endpoint protection from a single center allows you to ensure reliable and up-to-date protection for every endpoint and device in the corporate network.
• Mobile device security and management tools allow you to centrally manage the security of mobile devices across platforms through the same single console that you use to manage endpoint security. This greatly simplifies monitoring and control of the security of corporate IT infrastructure without the need for additional effort or technology.
• Vulnerability monitoring and patch management enable you to quickly detect vulnerabilities, prioritize them, and centralize patching. Administrators have complete information about detected vulnerabilities. Patches and updates can be installed automatically in the shortest possible time, which increases the level of security of the entire IT infrastructure.
• Centralized web, program and device control helps regulate and limit the use of unwanted or unsafe devices, programs and web resources.
• Centralized management of encryption technologies provides an additional layer of security, helping to combat the growing threat of data loss due to device theft or malicious attack.
• Advanced management capabilities include automated centralized administration of the security system, including hardware and software, creating OS and application images, as well as remote installation Software and remote troubleshooting.
• Support for workstations, mobile devices and virtual machines makes it possible to manage the protection of the entire IT infrastructure through a single console, providing effective monitoring and full control of the corporate network.

Main features and benefits of Kaspersky Security Center

OPTIMAL DEFAULT SETTINGS
They are especially relevant for small companies that do not always have enough IT resources to perform additional administration tasks. Use the settings recommended by our experts, or choose those that are necessary for you.

SUPPORT FOR MULTI-PLATFORM ENVIRONMENTS
Security management for physical (Windows®, Linux®, Mac), mobile (Android™, iOS, Windows Phone) And virtual devices as part of the corporate IT infrastructure is carried out through a single console.

SCALABLE PROTECTION FOR COMPANIES OF ANY SIZE
Supports up to a million objects Active Directory®, as well as the differentiation of administrator rights based on roles and configuration profiles provide flexible operation of the solution in complex environments.

WIDE INTEGRATION OPPORTUNITIES
Integration with major SIEM systems for reporting and security. Integration with external NAC systems including Cisco® NAC, Microsoft® NAP and SNMP server.

REMOTE OFFICE SUPPORT
Traffic optimization and flexible patch distribution. A local workstation can act as an update agent for an entire remote office, enabling remote deployment of updates and reducing traffic between offices.

DETAILED REPORTS
A wide range of predefined report templates, with the ability to customize and generate individual reports. Additional dynamic filtering and sorting of reports by any parameters.

WEB CONSOLE
Allows for effective remote management of the security of workplaces and mobile devices.

VIRTUALIZATION SUPPORT
Recognition of virtual machines and load balancing during intensive work, as well as preventing performance-reducing antivirus “storms” - and all this through a single management console.


HOW TO PURCHASE

Kaspersky Security Center is included at all levels of the line, as well as a number of solutions for protecting individual network nodes.

For consultation and to receive a commercial offer, send a request to: [email protected]

By choosing Kaspersky Lab products, you get reliable protection IT infrastructure and the ability to control security in the company using a single, convenient management console Kaspersky Security Center.

• System administration

Review

Previously, IT departments had to work simultaneously with multiple management consoles to manage multiple security tools and perform basic system administration functions. Kaspersky Lab has created a solution that simplifies the work of the administrator.

Easy to control
The main goal creating Kaspersky Security Center was committed to simplifying and speeding up the setup, startup and management processes for IT security tools and systems in complex IT environments. A single management console helps you control all the Kaspersky Lab security and system administration tools you use. With Kaspersky Security Center you can control every workplace and every device on your network, centrally address security concerns, reduce operational costs and improve productivity.

Intuitive interface
When developing Kaspersky Security Center, our specialists sought to provide the user with the most easy-to-use interface with clearly organized monitoring panels.

Easy installation
Using the installation wizard, you can quickly and easily install and configure Kaspersky Lab security solutions throughout your IT environment.

Remote access
In addition to the local management console, Kaspersky Security Center has a convenient web console. The presence of such a console allows you to use any computer with Internet access to monitor the security status of your corporate network.

Simple reporting
Kaspersky Security Center allows you to create and configure various reports on the protection status. Reports can be generated either on demand or according to a specified schedule.

Support for multi-platform environments
Running on the Windows operating system, Kaspersky Security Center supports management of multiple operating systems and platforms, including servers and workstations running Windows control, Linux and Novell Netware, as well as mobile devices running Android control, iOS, BlackBerry, Symbian, Windows Mobile and Windows Phone.

How to get Kaspersky Security Center

Kaspersky Security Center is included in Kaspersky TOTAL Security for Business and all products Kaspersky Endpoint Security for business: STARTER, STANDARD and ADVANCED. Kaspersky Security Center will include only those management tools that are necessary to work with the Kaspersky Lab product you have chosen. If you decide to upgrade to more high level Kaspersky Endpoint Security for business or up to complete solution Kaspersky TOTAL Security for Business, additional management tools will automatically appear in the Kaspersky Security Center management console.

Job security management

Installation, configuration and management of endpoint protection in Kaspersky Lab solutions are performed in Kaspersky Security Center. From a single console, you can manage and protect your business from known and emerging malware, prevent IT security risks, and reduce security costs.

• Antivirus protection and firewall
  Allows the administrator to audit the use of applications, allow or block their launch.
• Whitelists
  Kaspersky Security Center provides flexible management options for anti-malware protection:
  • Set and manage protection policies for multiple platforms, including Windows, Linux, and Mac;
  • configure protection settings for individual devices, groups of servers and workstations;
  • Perform anti-virus scans on demand and on a schedule;
  • process quarantined objects;
  • manage anti-virus database updates;
  • manage Kaspersky Security Network cloud protection;
  • Configure and manage firewall and intrusion prevention system (HIPS).
• Control of applications, devices and Web Control
  Centralized IT infrastructure management allows you to create security policies and provide additional protection for valuable data. You can set rules for groups and individual users.
  • restrict the launch of unwanted applications on your network using Application Control;
  • Create access rules for devices that users connect to the network based on the device type or serial number, and how the device is connected;
  • Monitor and control Internet access for the entire enterprise or groups of users.
• File server protection
  The only infected object from network storage capable of infecting a large number of computers. To avoid this, Kaspersky Security Center makes it possible to configure and manage all protection functions for file servers.
  • Control malware protection for file servers running:
    • Windows;
    • Linux;
    • Novell NetWare.
• Encryption
  Many encryption products are considered difficult to deploy and require a separate management console. All Kaspersky Lab encryption technologies can be managed from the same Kaspersky Security Center management console from which you manage other Kaspersky Lab security solutions.
  • You can create comprehensive policies that control encryption, anti-malware, device and program control, and other endpoint protection capabilities.
  • You can create comprehensive policies that control encryption, anti-malware, device and program control, and other endpoint protection capabilities.
    • hard drives (file and folder encryption or full disk encryption);
    • removable devices (file and folder encryption or full disk encryption).

Mobile device management

The need for access to corporate systems from mobile devices is growing, and Kaspersky Security Center helps protect them and ensure the safety of using personal devices for work.

• Mobile device protection management
  Kaspersky Security Center helps you deploy and configure protection for mobile devices:
  • configure mobile workplace protection, including creating security policies for iOS;
  • install and update software via SMS, messages email or through users' computers;
  • Monitor whether all users have fully deployed security controls on their devices;
  • control access to the corporate network;
  • set policies for groups or individual users using Active Directory;
  • configure ActiveSync settings.
• Malware protection
  Kaspersky Lab technologies provide comprehensive protection for mobile devices against malware, and Kaspersky Security Center helps you flexibly manage the functions of this protection:
  • Run malware scans on demand and on a schedule;
  • use anti-spam tools to filter out unwanted calls and text messages (except iOS).
• Mobile Application Management
  Kaspersky Security Center allows you to control which programs can be launched on the user's Android mobile device:
  • use the "Default permission" mode to prevent only blacklisted applications from running;
  • use Deny by Default mode to allow only whitelisted programs to run;
  • create a policy to control cases of unauthorized flashing of devices
• Encrypting data on mobile devices
  In addition to managing data encryption in your IT infrastructure, Kaspersky Security Center also allows you to control data encryption on mobile devices:
  • manage full disk encryption on iOS devices;
  • configure encryption of files and folders.
• Containers
  Kaspersky Security Center allows you to manage the storage of corporate data on personal devices used for work:
  • configure containers to completely isolate corporate data from personal data on the user’s device;
  • manage container encryption;
  • control access of programs to certain resources on a mobile device;
  • set restrictions on access to data;
  • Use remote troubleshooting tools when you encounter problems with applications or containers.
• Anti-Theft
  Remote control using Kaspersky Security Center allows you to still control some important functions if your mobile device is lost or stolen:
  • remote blocking will prevent unauthorized access to your corporate network;
  • the search function allows you to determine the approximate location of the missing mobile device;
  • The wipe function gives you the choice to delete corporate data or restore factory settings.

When you purchase Kaspersky Endpoint Security for Business STANDARD, Kaspersky Endpoint Security for Business ADVANCED, Kaspersky TOTAL Security for Business, or Kaspersky Security for Mobile, all mobile device management capabilities will be available in Kaspersky Security Center. This way, you can use a single console to manage your mobile devices, endpoint protection, and many other Kaspersky Lab technologies.

System administration tools

In addition to detailed control over the security of the IT infrastructure, Kaspersky Security Center provides system administration tools that simplify infrastructure management tasks and increase productivity and reduce operational costs.

• Deployment of OS and programs
  Kaspersky Security Center allows you to manage OS and program images: create, quickly copy and deploy.
• Software installation
  The remote software installation feature in Kaspersky Security Center saves administrators time and helps reduce the amount of traffic transmitted over the corporate network.
  • Deploy software on demand or according to a schedule.
  • Using dedicated update servers
• License management and hardware and software
  Kaspersky Security Center allows you to manage hardware and software, as well as track software licenses within your IT infrastructure:
  • Keep track of all devices on your network with automatic hardware inventory;
  • Monitor application usage and track license renewal issues using summary reports generated by Kaspersky Security Center.
• Vulnerability monitoring
  After inventorying your hardware and software, you can search for vulnerabilities in operating systems and applications that have not been patched:
  • generate detailed reports on vulnerabilities;
  • Perform vulnerability assessments and prioritize patches.
• Patch installation management
  Once you find vulnerabilities, you can efficiently distribute the most important patches using Kaspersky Security Center:
  • manage the download of patches from Kaspersky Lab servers;
  • Manage the installation of Microsoft updates and patches on computers on your network.
• Network access control
  Network access control not only provides automatic discovery of devices on the corporate network, but also simplifies setting policies for guest mobile devices:
  • manage policies for providing access to your corporate network from various devices;
  • Manage guest access to the Internet and corporate network resources.

All system administration tools will be available in your Kaspersky Security Center management console if you use Kaspersky Endpoint Security for Business ADVANCED, Kaspersky TOTAL Security for Business, or Kaspersky Systems Management.

Full list of supported applications:

Kaspersky Security Center provides management of the following Kaspersky Lab solutions for protection against information threats:

• mobile device protection:
  • Kaspersky Endpoint Security for Smartphone
• workstation protection:
  • Kaspersky Endpoint Security for Linux
  • Kaspersky Endpoint Security for Mac
  • Kaspersky Anti-Virus 6.0 for Windows Workstations MP4
  • Kaspersky Anti-Virus 6.0 Second Opinion Solution MP4
• server protection:
  • New! Kaspersky Endpoint Security for Windows
  • Kaspersky Anti-Virus for Windows Servers Enterprise Edition
  • Kaspersky Anti-Virus for data storage systems
  • Kaspersky Anti-Virus for Linux File Server
  • Kaspersky Anti-Virus 6.0 for Windows Servers MP4
  • Kaspersky Anti-Virus 5.7 for Novell NetWare
• protection of virtual environments:
  • New! Kaspersky Security for Virtualization

Please note that support for some versions of security solutions for Microsoft Exchange and ISA Server, as well as previous versions of applications for protecting servers and workstations running Linux, is still supported using Kaspersky Administration Kit - previous version means of centralized management of the protection system.

System Requirements

Administration Server

Software requirements:	Hardware requirements:
Microsoft® Data Access Components (MDAC) 2.8 or higher or Microsoft® Windows® DAC 6.0 Microsoft® Windows® Installer 4.5 (for Windows Server® 2008 / Windows Vista®)
Database management system: Microsoft® SQL Server Express 2005, 2008 Microsoft® SQL Server® 2005, 2008, 2008 R2 MySQL Enterprise
32-bit OS:	512 MB RAM
64-bit OS: Windows Server 2003	512 MB RAM 1 GB of free hard disk space

Administration Console

Software requirements:	Hardware requirements:
Microsoft® Management Console 2.0 or later Microsoft® Internet Explorer® 8.0
32-bit OS: Windows Server 2003 (including Windows Small Business Server 2003) Windows Server 2008 Windows XP Professional SP2 / Vista SP1 / 7 SP1	1 GHz processor or higher 512 MB RAM 1 GB of free hard disk space
64-bit OS: Windows Server 2003 Windows Server 2008 SP1 (including Windows Small Business Server 2008) Windows Server 2008 R2 (including Windows Small Business Server 2011) Windows XP Professional / Vista SP1 / 7 SP1	1.4 GHz processor or higher 512 MB RAM 1 GB of free hard disk space

Web administration console server

Software requirements:	Hardware requirements:
Web server: Apache 2.2
32-bit OS: Windows Server 2003 (including Windows Small Business Server 2003) Windows Server 2008 (including Core mode) Windows XP Professional SP2 / Vista SP1 / 7 SP1	1 GHz processor or higher 512 MB RAM 1 GB of free hard disk space
64-bit OS: Windows Server 2003 Windows Server 2008 SP1 (including Windows Small Business Server 2008 and Core mode) Windows Server 2008 R2 (including Windows Small Business Server 2011 and Core mode) Windows XP Professional / Vista SP1/ 7 SP1	1.4 GHz processor or higher 512 MB RAM 1 GB of free hard disk space

Kaspersky TOTAL Security for Business includes all the features of Kaspersky Security Center. When using other Kaspersky Lab products, the set of Kaspersky Security Center capabilities will depend on the functionality of the selected solution.

We have reviewed functionality Kaspersky Endpoint Security 8 program, which provides a comprehensive multi-level system of protection for computers running operating systems Windows systems. To centrally manage all deployed copies of Kaspersky Endpoint Security 8 on an organization's computers, the Kaspersky Security Center solution is used. In the second part of the review, we will look in detail at how administration occurs using the new, ninth version of Kaspersky Security Center and what main capabilities it provides.

The main purpose of Kaspersky Security Center is to provide the administrator with tools for configuring all components of the security system and access to detailed information about the security level of the corporate network. Kaspersky Security Center is a single tool for centralized management of a large set of security tools in an organization, provided by Kaspersky Lab. The range of software products that can be managed using Kaspersky Security Center includes solutions for protecting workstations, servers and mobile devices:

• Kaspersky Endpoint Security 8 for Smartphone;
• Kaspersky Endpoint Security 8 for Windows;
• Kaspersky Endpoint Security 8 for Linux;
• Kaspersky Endpoint Security 8 for Mac;
• Kaspersky Anti-Virus 6.0 for Windows Workstation;
• Kaspersky Anti-Virus 6.0 Second Opinion Solution;
• Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition;
• Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition;
• Kaspersky Anti-Virus 8.0 for data storage systems;
• Kaspersky Anti-Virus 8.0 for Linux File Server;
• Kaspersky Anti-Virus 6.0 for Windows Servers;
• Kaspersky Anti-Virus 5.7 for Novell NetWare.

Figure 1. Logic of using Kaspersky Security Center to protect an organization’s network

Kaspersky Security Center can operate in two modes - the usual one, which is described in this review, and the mode necessary for the work of service providers who provide other organizations with protection of their networks in the form of a SaaS service. This mode requires a special license.

Kaspersky Security Center is not a separate program, but a set of software tools that includes:

• Administration server – a service responsible for security management. It is the main module of Kaspersky Security Center and stores all information about managed computers in a database (MS SQL Server or MySQL). In addition to the main administration server, you can organize a hierarchical structure of administration servers to work through them with remote parts local network or the local network of the serviced organization. This is especially true for companies whose structure is distributed. In this case, local users access only their server.
• administration console – a module implemented as a snap-in for the Microsoft Management Console and intended for managing the administration server;
• web console – a web application that has a purpose similar to the administration console. The difference is that the web console allows you to access the administration server through a browser using the web interface. However, compared to the same administration console, it has limited management capabilities;
• Kaspersky Security Center Administration Agent is a program designed for interaction between the administration server and client computers. It is installed on client systems and allows you to receive information about the current state of programs and events that occurred on client computers, send and receive control commands, and also ensures the functioning of the update agent.
• program management modules – modules that are installed on the administrator’s workstation. The purpose is to gain access to Kaspersky Lab software products in an organization through the administration console.

Figure 2. Block diagram of interaction between Kaspersky Security Center components

The diagram shows that the administrator has the ability to work through the snap-in with several administration servers, which are, for example, company servers located in different offices. In addition, the administrator has the ability to access the administration server through an Internet browser from any computer without having to install any modules on it, which can be useful when it is necessary to monitor the security system. This method access is also used when deploying protection in an organization by an external service provider, whose administration server can be accessed from the protected network using the web console.

Figure 3. Web console usage diagram

;

Kaspersky Security Center allows you to configure and manage components and settings on client computers. For each user group or specific user, the administrator can specify different settings for the following components:

1. Protection components: file antivirus, mail antivirus, web antivirus, IM antivirus, firewall, firewall protection network attacks, network monitoring, system monitoring.
2. Control components: program launch control, program activity control, vulnerability scan, device control, web control.

Figure 4. Diagram of components managed by Kaspersky Security Center

Ninth Kaspersky version Security Center is a development of the Kaspersky Administration Kit 8.0 tool. In comparison, a set of new functions has been added to Kaspersky Security Center. It has become possible to create virtual administration servers, control over the operation of the Application Control, Vulnerability Control, Web Control and Device Control components has been added; a web console has appeared for managing the administration server via a browser; functions for managing clients on virtual machines have been added, it became possible to centrally detect and eliminate vulnerabilities on client computers. The functions of tools for managing installations of various components, obtaining additional information about controlled computers, creating reports and working with accounts have been significantly expanded.

System Requirements

To work with Kaspersky Security Center 9, your computer must meet the general requirements system requirements indicated in table 1.

Table 1. Hardware requirements for working on different operating systems

Operating system version	Hardware requirements
32-bit OS
Microsoft Windows Server 2003; Microsoft Windows Server 2008 deployed in Server Core mode; Microsoft Windows XP Professional SP2, Vista SP1, 7 SP1.	processor with a frequency of 1 GHz or higher; 512 MB RAM; 1 GB of free hard disk space.
64-bit OS
Microsoft Windows Server 2003; Microsoft Windows Server 2008 SP1, 2008 R2, 2008 R2 deployed in Server Core mode; Microsoft Windows XP Professional SP2, Vista SP1, 7 SP1;	processor with a frequency of 1.4 GHz or higher; 512 MB RAM; 1 GB of free hard disk space.

Since Kaspersky Security Center 9 includes three components - the administration server, the administration console and the web administration console server, for each of them to work, the following requirements must be met.

Administration Server

• Microsoft Data Access Components (MDAC) 2.8 or higher or Microsoft Windows DAC 6.0.
• Microsoft Windows Installer 4.5 (for Windows Server 2008 / Windows Vista).

Database Management System

• Microsoft SQL Server Express 2005, 2008;
• Microsoft SQL Server 2005, 2008, 2008 R2;
• MySQL Enterprise.

Administration Console

• Microsoft Management Console 2.0 or later.
• Microsoft Internet Explorer 8.0.

Server web administration console

• Web server: Apache 2.2.
• Browser – Internet Explorer 7, Firefox 3.6 or Safari 4.

Functionality

The main functions of Kaspersky Security Center are to deploy protection on client machines, centralize the administration of these programs, and receive information about events on protected computers.

Deployment of protection

1. Remote installation and removal of endpoint protection software and administrative tools.
2. Deployment of third-party products or your own installation packages on protected computers.
3. Ability to install endpoint protection systems on infected computers.

Administration

1. Creation of virtual administration servers to ensure protection of physically remote segments of an organization’s local network or remote offices.
2. Formation of a hierarchy of administration groups for “flexible” configuration of rules for the work of various user groups.
3. Combining a set of rules and settings of various components into policies and flexible application of the created policies to regulate the activities of a specific user or group of users. The ability to use both standard policies and create new policies.
4. Implementation of centralized (if necessary, remote) management of programs to protect endpoints.
5. Centralized updating of databases and protection modules with endpoint protection programs.
6. Centralized work with files placed in quarantine or in backup storage, as well as with objects whose processing has been postponed.
7. Inventory of hardware devices and software on computers on the organization’s local network.
8. Centralized detection and elimination of vulnerabilities found in the operating system and various software.
9. Management of Kaspersky Endpoint Security 8 deployed in virtual environments (automatic detection of virtual machines, life cycle management of virtual machines, optimization of the load on the host server when performing resource-intensive tasks).

Monitoring

• Obtaining information about critical events on protected computers in real time.
• Receiving statistics and reports on all events on protected computers. It is possible to generate reports containing events in each protection component and administrator actions. Reports can be generated on a schedule or at the request of the administrator. If necessary, you can configure sending reports in a convenient format by email.
• Using the web console allows you to organize access to operational information about the protection status and reports from any computer on the network or remotely.

Also in Kaspersky Security Center there is now the ability to manage the protection of virtual workstations. When a new one appears on the network virtual machine, it is automatically found, connected to the administration console, and all the necessary protection components are installed on it. Kaspersky Security Center allows you to distinguish between virtual and physical machines and combine them into different groups for easy administration of the virtual infrastructure. Dynamic mode support for Virtual Desktop Infrastructure (VDI) is also implemented.

Preparation for use

To install Kaspersky Security Center, you need to run the program installation file, after which the installation wizard welcome window will appear.

Figure 5. Initial window of the Kaspersky Security Center installation wizard

Next, you need to read the license agreement and accept its terms. After this, you need to select the installation type. The standard installation contains a minimum set of components and is recommended for networks containing up to 200 computers. Custom installation allows you to configure additional options operation of Kaspersky Security Center and is recommended for networks containing more than 200 computers. Select a custom installation and click the “Next” button.

Figure 6. Selecting the Kaspersky Security Center installation type

The next step requires you to select the components to install.

Figure 7. Selecting Kaspersky Security Center components for installation

Figure 8. Selecting network size

In the next step, you need to select the account under which the administration server will be launched on the computer. You can choose from two types of accounts - account system (not available in Windows Vista and later Microsoft operating systems) or user account.

Figure 9. Selecting the account under which Kaspersky Security Center will be launched

After this, you need to select the database type for the administration server - Microsoft SQL Server (Express Edition) or MySQL. When you select MS SQL Server, if this DBMS is not available, it will be installed. If you choose MySQL DBMS for operation, it must already be installed on the system.

Figure 10. Selecting a database server for Kaspersky Security Center

The next step is to configure the connection parameters to the server with the database. And then an account is configured to connect to the server.

Figure 11. Configuring connection parameters to a server with a database

After this, you need to determine the location and name of the shared folder in which installation files and updates will be stored. You can create a new folder or select an existing one.

Figure 12. Creating a public folder

Next, you must specify the port number for connecting to the administration server (“port 14000 is used by default”) and the SSL port number for a secure connection to the administration server using the SSL protocol (“port 13000 is used by default”).

Figure 13. Configuring connection parameters to the administration server

After this, you need to set the address of the administration server. The address can be a DNS name, NetBIOS name, or IP address.

Figure 14. Setting the address of the administration server

The next step is to select modules to manage programs. We need a module to manage Kaspersky Endpoint Security 8 for Windows, so we select it.

Figure 15. Selecting modules for installation

This completes the setup process and you can start installing the program. Next you need to reboot operating system, after which the installation can be considered complete.

After installation you will need to make a series additional settings– specify the key or registration code, decide on the use of cloud technologies, configure the sending of notifications about the occurrence of events and proxy server settings. After this, you can start working with Kaspersky Security Center.

Working with the product

The administration server is managed through the administration console. It is a special snap-in that is integrated into the Microsoft Management Console (MMC).

Figure 16. Microsoft Management Console snap-in window

The advantage of using the snap-in is its standard interface, which is familiar to administrators working with Windows OS. In addition, you can add several different snap-ins to one management console. For example, Windows Firewall, Diskeeper defragmentation program, Performance snap-in and Kaspersky Security Center.

Figure 17. Example of creating a management console

The main window for working with Kaspersky Security Center consists of a menu, a toolbar, an overview panel (console tree) and a work area. After installing Kaspersky Security Center, we gain access to the administration server, through which we will manage instances of Kaspersky Endpoint Security 8 installed on computers on the local network.

With a distributed company structure, it is necessary to create a set of administration servers that will allow servicing each network segment separately, but, at the same time, centrally manage everything from one point. This will reduce traffic within the local network and simplify work with remote offices or local network segments. If you have several administration servers, you can delegate responsibility for security and authority to manage each virtual server to individual administrators. You can add administration servers from the context menu of the “Kaspersky Security Center” node (“Create” – “Kaspersky Administration Server” – “Administration Server...”). The created hierarchy allows you to create rules for inheriting tasks and policies for different servers administration.

The hierarchy of tools for the administrator’s work is presented in Figure 18.

Figure 18. Hierarchy of tools for administrator work

The administration server can be used as a proxy server for Kaspersky Security Network (KSN), a special service - KSN Proxy - is responsible for this. Its use allows all computers under the control of the administration server to transmit and receive data to the “cloud” even if they do not have access to the Internet. Also, by caching requests, KSN Proxy allows you to reduce the load on Internet access.

Figure 19. Configuring KSN Proxy parameters

The logic for working with the program when deploying protection and administering it is constructed as follows. First, the administrator configures the administration server settings. After this, administration groups are created in accordance with the logic of the protected network. For example, accounting employees can be prohibited from using any removable media, and programmers can be configured with the most stringent web control parameters.

Computers are added to the created groups, and the Administration Agent and Kaspersky Endpoint Security 8 are installed on each computer. Security policies are then created and configured for each user group. The administrator can also create various tasks (virus scan, update, etc.) and set criteria for their execution (by timer, by event, etc.). After this, work with the program goes into the background - the administrator needs to periodically review reports, respond to threats, add new users for protection and perform other network maintenance work. Let's take a step-by-step look at how it works.

To manage protection settings on client computers, use the “Computer Management” group, which contains four panels: “Groups”, “Policies”, “Tasks” and “Computers”.

Figure 20. Computer Management group

Creating administration groups and setting them up

The “Groups” panel contains tools for managing groups of computers on the “Administration Server”. These administration groups allow you to organize a hierarchy of computers on the network in order to selectively apply various policies and tasks to them in the future. By default, only one, the root, group is available. Using the “Create Group” and “Create Subgroup” commands in the “Groups” panel, you can create the hierarchy of computer groups required in your organization.

Figure 21. Example of creating administration groups

Via the context menu of the “Managed computers” node (command “All tasks” - “Create group structure” in context menu) the hierarchy of computers can be generated automatically. For this purpose, information about the structure of domains and workgroups is used Windows network, Active Directory groups or content text file.

In the “Groups” panel, you can set the conditions for installing programs on computers newly added to the group. You can also specify the criteria by which the user’s computer will be assigned the “Warning” or “Critical” status. For example, if the databases have not been updated for more than X days or more than Y viruses have been found.

Figure 22. Setting criteria for setting statuses for computers

Once the groups have been created and configured, you can begin populating the groups with computers. To do this, use the “Computers” panel, in which you can add and remove computers on the “Administration Server”. You can also view information about each computer on the network - its status, the time the databases with signatures were updated, the number of viruses found, etc.

Figure 23. Computers panel with the filtering panel expanded

To add a new computer, you need to click on the “Add computers” button, after which the wizard window will appear. The first step is to determine how to add client computers.

Figure 24. Window of the Add Client Computers Wizard

When manually adding computers, you need to specify the IP address or range of IP addresses of computers on the network. You can also import a list from a text file with a list of IP addresses.

Figure 25. Manually adding new computers

When adding automatically, just specify necessary computers from the list of detected computers on the network.

Figure 26. Window for adding computers detected by the administration server

If for some reason the computers were not distributed into administration groups, they remain in the folders of the “Unassigned computers” node. You can also apply tasks and configure policies to these computers. New computers found by the administration server when polling the Windows network, IP addresses and Active Directory groups are also placed in these folders. After finding new computers on the network, the administrator can move them to one of the existing groups.

Installing applications via Kaspersky Security Center

Kaspersky Security Center allows installation on computers on a local network various programs. These may be Kaspersky Lab customer protection programs or third-party programs. To install the program on a client computer, you must create a task of the appropriate type and specify the computers for which it will be executed.

Installing programs through Kaspersky Security Center is primarily necessary to deploy protection on client computers when starting to use Kaspersky Lab solutions in an organization and when adding new computers for protection.

To organize protection on client computers, you first need to install administration agents and Kaspersky Endpoint Security 8. The installation package is installed using the Remote Installation Wizard, which is launched from the “Groups” panel by clicking on the “Start installation” button. Select the administration agent and click the “Next” button.

Figure 27. Selecting the program to install

We indicate that the program is installed “From a shared folder”. After installing the Administration Agent, it is more convenient to carry out all installations through it, since in this case it is possible to centrally manage the installation repository. And when adding a new computer to the network, the administrator will be able to run one task to install the entire list of necessary programs.

Figure 28. Selecting program installation options

In the next step, you can specify accounts that have administrator rights.

Figure 29. Selecting accounts with administrator rights on the target computer

After this, you will need to choose whether to restart the computer after installing the program and, if so, whether to force it or ask the user. At this point, the creation of the program installation task is completed and you can run it.

Figure 30. Running the application installation task

If for some reason installation over the network is not possible (for example, the network is disabled on the computer), then you can create an installation package and provide it to the user for independent installation.

The article examines the Kaspersky Lab product Kaspersky Endpoint Security and its use in a corporate environment, using the example of our clients

Good day, dear visitor. From the title of the article you already understand that today we will talk about protection. In one of the previous articles, I reviewed a product related to this area of ​​IT, which showed itself well. Today I will tell you about an equally interesting product from Kaspersky Lab, of which we are partners, Kaspersky Endpoint Security. It will be reviewed in the Hyper-V virtual environment, on second-generation machines. The server part will be implemented on a domain controller running Windows Server 2012 R2, AD mode Windows Server 2012 R2, and the client part on Windows 8.1.

It is worth noting that we constantly use this product in our IT outsourcing practice.

What is Kaspersky Endpoint Security?

Kaspersky Endpoint Security for Windows combines world-class anti-malware technology with Application Control, Web Control, Device Control, and data encryption - all in one application. All functionality is managed from a single console, which simplifies the deployment and administration of a wide range of Kaspersky Lab solutions.

Possibilities:

• Single application
• Single console
• Unified policies

Kaspersky Endpoint Security for Windows is a single application that includes a wide range of critical security technologies, such as:

• Anti-malware protection (including firewall and intrusion prevention system)
• Workplace control
• Program control
• Web Control
• Device Control
• Data encryption

Kaspersky Endpoint Security differs in the set of included modules, containing a different number of modules depending on the edition:

• STARTING,
• STANDARD
• ADVANCED
• Kaspersky Total Security for business

In our case we will use ADVANCED.

The following features are available as part of the Kaspersky Endpoint Security for Business START solution:

The following features are available as part of the Kaspersky Endpoint Security for Business STANDARD solution:

• Anti-malware, firewall and intrusion prevention system
• Workplace control
• Program control
• Web Control
• Device Control

...as well as other Kaspersky Lab technologies to ensure IT security

The following features are available as part of the Kaspersky Endpoint Security for Business ADVANCED and Kaspersky Total Security for Business solutions:

• Anti-malware, firewall and intrusion prevention system
• Workplace control
• Program control
• Web Control
• Device Control
• Encryption
  ...as well as other Kaspersky Lab technologies to ensure IT security.

Architecture

Server part:

• Kaspersky Security Center Administration Server
• Administration console of Kaspersky Security Center
• Kaspersky Security Center Network Agent

Client part:

• Kaspersky Endpoint Security

So let's get started

Installing the administration server

In our case, the administration server will be installed on the AD controller in Windows mode Server 2012 R2. Let's start the installation:

I forgot to clarify, we will use Kaspersky Security Center 10. Let's install full distribution , downloaded from the Kaspersky Lab website, which includes the installation package of Kaspersky Endpoint Security 10, respectively, and Network Agent 10

In the next wizard window, select the path to unpack the distribution and click “Install”.

After unpacking the distribution, we are greeted by the Kaspersky Security Center installation wizard; after clicking the “Next” button, the wizard asks “Network size”, because We will have only two clients, one x86 and the other x64, then we indicate “Less than 100 computers on the network.”

We specify the account under which the “Administration Server” will start. In our case, the domain administrator account.

Kaspersky Security Center stores all its data in a DBMS. During installation, the wizard prompts you to install Microsoft SQL Server 2008 R2 Express, or, if you have an already installed DBMS, you can select the name of the SQL server and the name of the database.

At the “Administration server address” stage, the wizard asks you to specify the server address, because Since we have AD installed and DNS integrated, it would be wiser to specify the server name.

After selecting the plugins for management, the installation of Kaspersky Security Center will begin.

After successful installation and the first launch of Kaspersky Security Center, we are greeted by a wizard initial setup, in which we can specify the key, accept the agreement for KSN participation, and indicate the email address for notifications.

The update parameters are also specified and a policy with tasks is created.

After installation, the following will be installed on our server:

• Administration Server
• Administration Console
• Administration Agent

But Kaspersky Endpoint Security will not be installed. We will perform a remote installation, because... the administration agent is already installed, then we can deploy Kaspersky Endpoint Security to the server. If there is no administration agent and all incoming connections are blocked in the Firewall Windows remote installation will not work. Expand the “Remote Installation” node and select “Run Remote Installation Wizard”. Select the installation package and click the “Next” button

In the “Select computers for installation” window, select the installation option for computers located in administration groups. Then select the server and click the “Next” button.

A system reboot will be required after updating important modules of Kaspersky Endpoint Security, because... The package is new enough that a reboot is not needed. When selecting credentials, let's leave everything as default, i.e. empty. After clicking the “Next” button, we will see the installation progress of Kaspersky Endpoint Security.

Creating groups

Because Since the policies and tasks intended for servers differ from the policies and tasks of workstations, we will create groups corresponding to the type of administration for different machines. Expand the “Managed computers” node and select “Groups”, click “Create a subgroup”. Let's create two subgroups, “Workstations” and “Servers”. From the “Managed computers – Computers” menu, using “drag and drop” or “cut & copy”, move “DC” to the “Servers” group and create a policy and tasks for this group different from the tasks and policies in the “Managed computers” node "

Installing Kaspersky Endpoint Security

To install Kaspersky Endpoint Security remotely, you need to disable UAC during installation. The requirement is "inconvenient", so we will create a policy in the GPO for Windows Firewall, in which we will allow an incoming connection according to the following predefined rule “File and Printer Sharing”.

After setting up and distributing Group Policy, let's go to the administration console. Expand the “Administration Server” node and select “Install Kaspersky Anti-Virus”, click “Run Remote Installation Wizard”. In the installation package selection wizard window, select the required package and click “Next”. Select clients in the “Unassigned computers” group and click “Next”.

In the next window, leave everything as default and click “Next”. After the window with choosing a key, the wizard prompts you to ask the user to reboot the system after installation of Kaspersky Endpoint Security is completed, leave it as default and click “Next”. At the “Remove incompatible programs” step, you can make adjustments, of course, if they are necessary. Next, the wizard suggests moving client computers to one of the groups; in our case, moving them to the “Workstations” group.

As we can see, the console “speaks” about the successful installation of Kaspersky Endpoint Security on client stations.

As we can see, after installation, the administration server transferred client machines according to the conditions in the remote installation task.

Kaspersky Endpoint Security on the client machine.

Let's create a policy for client stations in which we will enable “Password protection”; this is necessary, for example, if the user wants to turn off the antivirus.

Let's try to disable protection on the client machine.

Rules for moving computers

On the administration server, you can set movement rules for client computers. For example, let's create a situation in which Kaspersky Endpoint Security will be installed on a newly discovered PC. This is useful in a scenario where an organization has installed a new PC.

To automate the deployment of Kaspersky Endpoint Security, we will define movement rules for computers. To do this, select the “Unassigned computers” node and select the “Configure rules for moving computers to administration groups” item and create a new rule.

In the created rule, the newly detected PC will be added to the “Workstations” group from the specified range of IP addresses.

Next, we will create a task to automatically deploy anti-virus protection for machines on which it is not installed. To do this, select the “Workstations” group and go to the “Tasks” tab. Let’s create a task to install anti-virus protection with the “Immediate” schedule.

So, we see that the client computer has been added to the “Workstations” group.

Let's go to the "Tasks" tab and see that the installation task has started.

Let me remind you that the situation was reproduced on a machine without anti-virus protection (although before that I demonstrated a remote installation on one of them, after that the anti-virus was removed to demonstrate this scenario) and, as you can see, the installation takes place on a machine without anti-virus protection, a machine with anti-virus was not touched by the defense. After installing anti-virus protection tools for this client computer KES policy will be applied.

Reports

Reports in Kaspersky Endpoint Security are more than informative. For example, let's look at the report “About versions of Kaspersky Lab programs”.

The report, in some detail, displays information about installed Kaspersky Lab programs. You can see how many agents, client solutions and servers are installed. Reports can be deleted and added. You can also view the status of anti-virus protection using the “Selection of computers”, which helps you conveniently sort computers with infected objects or with critical events.

In conclusion, I would like to say that only a small part of the Kaspersky Lab anti-virus complex was reviewed. The controls are indeed convenient and intuitive. But it is worth noting the enormous workload of client systems during the search for viruses and potential threats; this workload is caused mainly due to heuristic analysis, which requires quite a few resources. The product is very easy to administer and is suitable for both AD and workgroup environments. This product has been installed by many of our clients and shows only good results.

That's it, people, peace to you!

Kaspersky Security Center is a unique tool that allows you to control the security of corporate networks and centrally manages various security tools

Application

Many large organizations create corporate networks between devices to facilitate data transfer and management. Such solutions are very smart, however, we should not forget about certain threats and it is worth thinking about security. Kaspersky Security Center from Kaspersky Lab does an excellent job of this task.

Benefits of the program

This tool generates a common control center for a system of devices used by all members of the organization. The software is universal, compatible with both computers and mobile devices. The system is entirely under the control of the device administrator, who protects it from viruses and various threats. The implementation of protection occurs at different stages, since it is complex.

The Control Center is responsible for monitoring the activities of programs, their opening and blocking of harmful software. It influences all applications and programs installed on computers that are connected to the corporate network. The administrator controls user actions, either by adjusting their own security settings or using standard templates.

Kaspersky Security Center constantly checks the system for weaknesses, updates security components, and monitors the availability of updates for running software. When checking the system, the program provides reports on its actions. Reports are generated automatically when regular checking is activated, but the tool is able to generate them upon user request and translate them into PDF, HTML and XML files.

The intuitive interface that the program is equipped with makes the user's work easier.

Main features:

• Protection for both desktop and mobile devices.
• Supports devices with different operating systems.
• Control is carried out either by several users or by one administrator.
• Blocking unwanted software.
• Convenient security policy settings, the ability to use both standard profiles and create your own.