Windows’ dominance makes it an ongoing target for cybercriminals.
Built-in security features aren’t enough to protect your business from next-generation cyberthreats. But just adding-on multiple, disjointed technologies leads to management complexity – and reduces effectiveness.
Kaspersky Endpoint Security for Windows is the world’s most tested, most awarded security application powered by next-generation technologies to protect all Windows endpoints – and the data on them.
It combines multi-layered, next-generation threat protection with additional proactive technologies such as Application, Web and Device controls, vulnerability and patch management and data encryption into an EDR-ready endpoint agent with an extensive systems management toolkit. Kaspersky’s flagship product offers comprehensive features and benefits:
Our comprehensive, independently tested solutions are powered by multi-layered, next-generation protection that minimizes the opportunities for threats to reach endpoints while reliably identifying and blocking the ones that do.
Several signature-less components, such as HIPS, Kaspersky Security Network, Behavior Detection and Exploit Prevention, help to detect threats even without frequent updates. Protection is powered by static machine learning for pre-execution stages and dynamic machine learning for post-execution stages. Behavior Detection analyzes process activity in real-time and if it identifies a process as malicious, the issue is flagged, the process terminated and the remediation engine rolls back any changes.
Kaspersky Endpoint Security for Windows can integrate with Kaspersky Sandbox and Kaspersky EDR Optimum for advanced prevention detection and response capabilities.
Kaspersky Endpoint Security for Business can be further boosted with the new Kaspersky EDR Optimum. The result is full visibility and the ability to apply root-cause analysis for a complete understanding of the status of your corporate defenses against advanced threats. Your IT security specialist is provided with the information and insights needed for effective investigation and a fast, accurate response to incidents before any damage can occur – as well as basic threat hunting capabilities (IoC scan).
Kaspersky Sandbox automatically protects against advanced threats designed to bypass endpoint protection. Based on dynamic threat emulation technology, Kaspersky Sandbox uses our best practices in combating complex threats and APT-level attacks, ensuring an automated response across all endpoints.
Our mathematical model analyses over 100,000 sample features and uses 10-million logs to 'teach' the behavior models – in one lightweight 2MB client-side package. Our extensive cloud threats database includes 50TB of data and 4 billion+ hashes, all without impacting on your resources or performance.
Each piece of next-generation technology is designed to deliver the fastest reaction times, lowest false positive rate and highest levels of protection, as verified in independent tests. These optimized performance levels use fewer resources and less energy, reducing your TCO.
With the introduction of our new Cloud Mode for protection components, the latest version of Kaspersky Endpoint Security for Windows:
In Q3 2018 alone, over 250 million unique URLs were recognized as malicious by Kaspersky technologies. Even a favorite, trusted website or corporate node can be compromised, making everyday operations insecure.
Kaspersky Endpoint Security for Windows is powered by Kaspersky Security Network (KSN), our cloud-assisted threat intelligence network. Millions of globally distributed nodes feed real-world threat intelligence to our systems, ensuring a near real-time response to even the newest emerging or evolving threats – including mass attacks.
KSN adds a further layer of security to the endpoint, enabling rapid, accurate decisions about URL or file safety to be made without requiring full content analysis. Response times are as low as 0.02 seconds - significantly faster than traditional protection methods.
The Web Threat Protection component scans HTTPS traffic to intercept, identify and block the latest threats, including those using encryption to penetrate the system undetected. The und user experience is seamless and uninterrupted.
Network Threat Protection identifies and blocks attacks on your corporate network. It's the component that can prevent infections from spreading through a buffer-overrun attack - when malicious code executes by modifying a process already downloaded in memory. New Network Attack Blocker functionality protects against attacks that exploit vulnerabilities in the ARP protocol in order to spoof a device's MAC address.
Cybercriminals use tools and scripts to collect administrator passwords to control infected hosts remotely. They also use legitimate utilities to launch fileless attacks, making it impossible for traditional protection engines to block them. Kaspersky's Behavior Detection protects against new, advanced threats, including ransomware. It does this by detecting and analyzing suspicious activity on workstations, shared folders and file servers, and by using behavior analysis to detect evolving threats – identifying them by their actual behavior rather than their emulated activity at the intrusion prevention stage. If an attack is detected, the malware is blocked and automatic rollback reverses any malicious actions that have already taken place.
Windows Subsystem for Linux (WSL) is a popular subsystem enabling *NIX/Linux applications to run on Windows 10. This subsystem is now protected, with scanning of WSL files, apps and traffic.
Kaspersky's Exploit Prevention prevents malware from executing and exploiting software or operating system vulnerabilities. The most targeted applications - including Adobe® Reader, Microsoft® Internet Explorer®, Microsoft® Office®, and Java – are monitored, providing an extra layer of protection against unknown, zero-day threats.
Kaspersky Endpoint Security for Windows instances can integrate with Endpoint Detection and Response (EDR) Advanced, serving as its sensors on workstations and servers. This enables large volumes of data to be captured and analyzed onshore, without impacting on user productivity. Advanced threat hunting looks for evidence of intrusion, such as file specimens matching Indicators of Compromise (IoCs).
Light-touch control and management for all endpoints from a 'single pane of glass' console – spend less time and resources managing IT assets and security. Define and replicate specific settings and parameters from a universal policy.
Unique wizards for easy deployment across the network, with or without Active Directory domain. Deploy and retain endpoint protection even if networks are physically disconnected from the Internet.
Assign different endpoint groups or management tasks to different administrators via the Role-Based Model and customize the management console so that each administrator can only access the tools and data relevant to their responsibilities.
Kaspersky Security Center is a central management console that makes it easier for administrators to configure, deploy, update and manage their security. It simplifies the application of group tasks, policies and policy profiles and the generation of reports. Three management options are available:
Secure your data with FIPS 140-2 and Common Criteria: EAL2+ certified encryption, or use built-in Microsoft® BitLocker® management to enable OS-embedded encryption.
Whether it's a stolen laptop or lost storage device, encryption make sensitive data useless to criminals or unauthorized viewers. Kaspersky Endpoint Security for Windows uses the Advanced Encryption Standard (AES) 256 bit algorithm and supports Intel® AES-NI for fast encryption.
Full Disk Encryption (FDE) runs on the physical hard drive, making it easy to run an 'encrypt everything at once' strategy without relying on end users to decide which items should be encrypted. Full Disk Encryption enables pre-boot authentication and guarantees a secure, tamper-proof environment external to the operating system – as a trusted authentication layer.
Kaspersky's File Level Encryption enables the encryption of data in specific files and folders on any given drive. This allows system administrators to encrypt files automatically, based on attributes such as location and file type – and this encryption can be enforced for information created in any application. Users can also easily create encrypted, self-extracting packages – ensuring that data is protected when stored in backup or shared via removable devices, email, network or the web.
It's good practice to apply encryption settings under the same policy as anti-malware, device control and other endpoint security settings. This enables the best practice approach of integrated, coherent policies – for example, IT can allow approved USB devices to connect to a laptop, and can also enforce encryption policies to the device. All through the same single console used to manage Kaspersky Endpoint Security.
In the event of password loss or damage to the drive, data can still be recovered and decrypted using a special centrally managed emergency recovery procedure. Built-in Microsoft® BitLocker® management enables OS-embedded encryption, letting you decide which technology to use and control via the single console.
Kaspersky Endpoint Security for Windows 11.2 now allows files and folders to be deleted remotely. Special tasks can be configured in advance and action taken according to a schedule or by timeout, even when not connected to the network. This is especially useful in the following situations:
Host Intrusion Prevention, and centralized web, device and application controls reduce your attack surface and help keep users safe and productive. Kaspersky has its own dedicated Dynamic Allowlisting laboratory, maintaining a constantly monitored and updated database of more than 2.5 billion trusted programs. This database automatically synchronizes with endpoints to simplify routine work for administrators.
For ease of management, powerful endpoint controls are managed from the same console, tightly integrated with Active Directory and next-generation anti-malware protection. This makes setting blanket policies quick and easy.
Prevent torrenting use and potential data leaks with web controls. A new web control category – 'Cryptocurrencies and Mining' – lets administrators block various cryptocurrency mining websites on corporate resources in a single click. Administrators can monitor, filter and control which categories of websites employees can access, directly at the endpoint. Those categories are updated with hundreds of new resources every month. Once categories are synchronized with the endpoint, policies are enforced even when the user is not on the corporate network. Flexible policies enable acceptable browsing at certain times of the day, while integration with Active Directory means policies can be applied across the business quickly and easily.
Powered by Dynamic Allowlisting, Application Control significantly reduces your exposure to zero-day attacks by providing total control over what software, including specific versions, is allowed to run. This includes shadow IT scenarios where, for example, employees install non-corporate software or games on a device, putting the corporate network at risk while at the same time being unproductive. BDenylisted applications are blocked, while your approved and trusted applications from the Dynamic Allowlisting database continue to run smoothly.
Adaptive Anomaly Control automatically helps apply the highest acceptable level of security for each role in the organization. After first monitoring specific actions and collecting information about the behavior of users and applications, it identifies and learns distinctive patterns of behavior, right down to individual user level. If an application then displays abnormal behavior against this pattern, the application is blocked. All without end users being interrupted.
Some applications' activities may be considered high risk – even though the applications themselves are not classed as malicious – and these activities should be controlled.
Our solution restricts application privileges according to assigned trust levels, limiting access to resources like sensitive data. Working in step with local and cloud (KSN) reputations database, Host Intrusion Prevention controls applications and restricts access to critical system resources, audio and video recording devices.
Kaspersky's huge store of default HIPS settings and restrictions for different applications relieve the administrative burden while giving complete control over specific, individual settings.
To prevent users from connecting to potentially insecure public Wi-Fi networks, you can generate a list of trusted networks based on name, encryption/authentication type, and prevent the creation of a network bridge by blocking a second active network connection.
Disabling a USB port doesn’t necessarily fix your removable device issue, because it can impact on other users’ productivity – for example, being unable to connect a 4G modem. Kaspersky Device Control solves this by enabling a more granular level of control at network connection and device type level. Integration with Kaspersky’s encryption technologies allows you to apply encryption policies to specific drive types, as well as:
Kaspersky Endpoint Security for Windows is included in: