Kaspersky Endpoint Security for Business Advanced review: On-prem security done right

Kaspersky's Endpoint Security for Business (ESB) has been the foundation of its on-premises solutions for many years and the latest version introduces tougher security measures than ever before. The new intelligent adaptive anomaly control component watches out for abnormal user behavior and along with the ability to scan inbound and outbound HTTPS traffic, the web protection components have a keen nose for sniffing out mining malware.

ESB comes in three flavours with the Select edition including the Security Center management console, anti-malware, file server and mobile protection as well as device, web and application controls. The Advanced edition on review adds the adaptive anomaly control, encryption and patch management plus remote software installation, while the Total edition bolsters this with mail server, gateway and collaboration security.

Prices for the Advanced version on review start at 760 per year for 10 seats. Platform support is extensive as ESB can protect Windows, Mac and Linux workstations and servers and includes iOS and Android mobile device management (MDM) services using Exchange ActiveSync or its own iOS MDM server.

Kaspersky Endpoint Security for Business Advanced review: Management and deployment

ESB deployment starts by installing the Security Center 11 component on the designated host Windows workstation or server. It expects to have a SQL database made available and for testing, we installed Microsoft's SQL Server 2014 Express SP2.

Functioning as an MMC (Microsoft Management Console) snap-in, the Security Center 11 console receives a fresh lick of paint but retains the same intuitive format as previous versions. The ESB web console, on the other hand, sees a complete redesign and, along with vastly improved status dashboards and reporting, now provides full access to ESB's settings allowing it to be used instead of the Security Center if required.

You're spoilt for workstation deployment choices; ESB can search network subnets, workgroups and Active Directory (AD) domains. The ESB console places all discovered systems in an 'unassigned' list where we selected our Windows test workstations, pushed the Network Agent and Endpoint Security components to them with one job and watched ESB move them to the default managed group.

The automatic installation option is even faster. All unassigned systems can be added to a console group with this feature enabled and ESB will do all the hard work for you. Group structures based on selected workgroups or AD domains can be created where you leave the discovery routine to populate them and then run the entire deployment.

Kaspersky Endpoint Security for Business Advanced review: Group policies

The System Center creates a base set of security policies for the default group so all our test clients were protected immediately. You can create custom groups and apply new policies to define how a client's Network Agent and Endpoint Security components behave when they join a group.

ESB's group policies are a powerful feature as they allow you to centrally manage all endpoint security and threat protection features and stop end users fiddling with the client settings or uninstalling them. Policies can be modified from the System Center or web console and we found changes took around 10 seconds to be pushed out to our clients.

Choosing a group reveals all member systems, with each assigned colour-coded icons for at-a-glance status indicators. Selecting a client shows their properties in a right-hand pane while a drop down menu provides access to options such as running tasks, forcing synchronizations and viewing hardware and software inventories.

A useful support feature is the ability to fire up a remote control session with a selected client using RDP or Windows desktop sharing. Another valuable feature is ESB's integral vulnerability and patch management component which checked our clients, showed all required updates and offered to automatically deploy them.

Kaspersky Endpoint Security for Business Advanced review: Threat protection features

Policies provide easy access to all security features and we found it simple to customize the various components. Advanced threat protection includes access to Kaspersky's Security Network for reputation-based scanning, behavioral detection for ransomware protection and exploit protection.

Essential threat protection features include a memory resident file scanner, transparent scanning of email and web traffic, a client firewall and network attack detection. Many components can be modified easily just by using a slider bar to choose from three levels.

Policy security controls go even further as these allow you to enforce black and white application lists and decide what hardware devices can be used on client systems. The web content filtering component can't match the efficacy of UTM hardware appliances but Kaspersky has increased the number of available URL categories from 15 to 28.

Adaptive anomaly control is also enabled in this policy section and can be applied to Office app, WMI, script and PowerShell activities. We found it initially spends a few days in training mode after which it creates smart rules based on its findings, and you can quickly load reports to see training progress and whether any rules have been triggered.

Reporting is a real strength, too. ESB comes with a wide choice of predefined reports for viewing anything from infected computers and endpoint inventory to detected threats and web browsing behavior. We could easily create custom reports using these as templates, schedule them to run regularly and create tasks to have them emailed to us.

Kaspersky Endpoint Security for Business Advanced review: Verdict

Kaspersky's Endpoint Security for Business is a great choice for companies that prefer on-premises to cloud management. It's easy to deploy, offers a choice of MMC snap-in or web browser management access and delivers an unbeatable range of security measures for hardening your endpoints against malware.

Verdict

An on-premises endpoint protection solution suitable for a wide range of businesses that’s good value, easy to manage and packed to the rafters with tough security measures

Security Center 11: Windows 7/Server 2012 upwards