Kaspersky Endpoint Security for Windows
For laptops, desktops, tablets and servers
Windows’ dominance in the corporate world makes it an ongoing target for cybercriminals.
Relying on built-in security features is not enough to protect your business from next-generation cyberthreats. But adding-on multiple, disjointed technologies leads to management complexity – and reduces effectiveness.
Kaspersky Endpoint Security for Windows is the world’s most tested, most awarded security application powered by next-generation technologies to protect all Windows endpoints – and the data on them.
The application combines next-generation multi-layered threat protection, additional proactive layers such as Application, Web and Device controls, vulnerability and patch management, data encryption and extensive systems management toolset into an EDR-ready endpoint agent. This flagship product in the Kaspersky Lab business portfolio is rich in features and benefits:
- Protects your most valuable business assets – your data, reputation and business process continuity.
- Ensures efficiency – easy to implement and manage from a single console with unified policies.
- Provides the best possible protection for customers as proven by independent testing.
- Future-driven product research and development strategy – all technologies are developed in-house for true integration and innovation.
- Fits into existing infrastructures.
Learn more about True Cybersecurity for business and what our customers are saying about our technologies here.
ML-driven threat protection that's effective even without regular updates
Our comprehensive, independently tested solutions are powered by multi-layered, next-generation protection that minimizes the opportunities for threats to reach endpoints while reliably identifying and blocking the ones that do.
Several signature-less components, such as HIPS, KSN, Behavior Detection, Exploit Prevention and others, provide the ability for a product to detect threats even without frequent updates. Protection is powered by static machine learning (ML) for pre- and dynamic machine learning (ML) for post-execution stages. Behavior Detection analyzes the actual process activity in real time and reveals its malicious nature. All that is needed then is to flag the alarm, terminate the process and Remediation Engine performs rollback of the changes.
Lower your cost of ownership
Our mathematical model analyses over 100,000 sample features and uses 10-million behavior logs to 'teach' the models – in one lightweight 2Mb client-side package. Our vast knowledge system database includes 50TB of data and +4 billion hashes, but these huge volumes of intelligence data don't impact in any way on your resources or performance.
Each piece of next-generation technology is designed to deliver the fastest reaction times, lowest false positive rate and highest levels of protection, as verified in independent tests. These optimized performance levels use fewer resources and less energy, reducing your TCO.
With the introduction of our Cloud Mode for protection components, this latest version of Kaspersky Endpoint Security for Windows:
- Halves the installation size, for rapid deployment
- Reduces disk and RAM consumption
- Reduces network load.
Address the dangers of browsing – in real time
In Q3 2018 alone, over 250 million unique URLs were recognized as malicious by Kaspersky Lab technologies. Even a favourite trusted website or corporate node can be compromised, making everyday operations insecure.
Kaspersky Endpoint Security for Windows is powered by Kaspersky Security Network (KSN), our cloud-assisted threat intelligence network. Millions of globally distributed nodes feed real-world threat intelligence to our systems, ensuring a near real-time response to even the newest emerging or evolving threats – including mass attacks.
KSN adds a further layer of security to the endpoint, enabling rapid, accurate decisions about URL or file safety to be made without requiring full content analysis. Response times are as as low as 0.02 seconds - significantly faster tha with traditional protection methods.
The Web Threat Protection component scans HTTPS traffic to intercept, identify and block the latest threats, including those which use encryption to penetrate the system undetected. End user experience is seamless and uninterrupted.
Dramatically reduce your network-based exposure
Network Threat Protection identifies and blocks attacks to your corporate network. Network Threat Protection is the only component that can prevent infections from spreading through, for example, a buffer-overrun attack - when malicious code is executed through modifying a process already downloaded in memory. New Network Attack Blocker functionality protects against attacks that exploit vulnerabilities in the ARP protocol in order to spoof a device's MAC address.
Block ransomware, fileless attacks and administrative account takeovers
Cybercriminals use tools and scripts to collect administrator passwords, enabling the remote administration of infected hosts. They can also use legitimate utilities to launch fileless attacks – making it impossible for traditional protection engines to block them. This is compounded by the almost constant evolution of threats, as well as the proliferation of ransomware – 2017 will forever be remembered for the huge number of encryption ransomware attacks.
By detecting and analyzing suspicious activity on workstations, shared folders and file servers, and by using behavior analysis to detect evolving threats – identifying them by their actual behavior, rather than their emulated activity, at the intrusion prevention stage - Kaspersky Lab's Behavior Detection can protect against new, advanced threats including ransomware. If a successful attack is detected, the malware is blocked, while automatic rollback will reverse any malicious actions already undertaken.
Develop and run Open Source applications without risk
Windows Subsystem for Linux (WSL) is a popular subsystem enabling *NIX/Linux applications to run on Windows 10. This subsystem is now protected, with scanning of WSL files, apps and traffic.
Shield common software against zero-day attacks
Kaspersky Lab's Exploit Prevention prevents malware from executing and exploiting software or operating system vulnerabilities. The most targeted applications - including Adobe® Reader, Microsoft® Internet Explorer®, Microsoft® Office®, and Java – are monitored, delivering an extra layer of protection against unknown, zero-day threats.
See next-generation technology in action
Our combination of human expertise with big data threat intelligence and machine learning informs our industry-leading intelligence, not just preventing cybersecurity incidents, but predicting, detecting and responding to them – and can you can see the results in action, viewing each layer of protection, the threats detected and blocked.
Spot attacks and intrusions more rapidly
Kaspersky Endpoint Security for Windows instances can integrate with Endpoint Detection and Response (EDR) serving as its sensors on workstations and servers. This enables the capture and analysis of large volumes of data onshore, without impacting on user productivity. Advanced threat hunting seeks out evidence of intrusion, such as file specimens matching Indicators of Compromise (IoCs).
One management console for mixed IT environments
Light-touch control and management for all endpoints from a 'single pane of glass' console – spend less time and resources managing IT assets and security. Define and replicate specific settings and parameters from a universal policy.
Deploy across diverse and air-gapped networks
Unique wizards for easy deployment across the network, with or without Active Directory domain. Deploy and retain endpoint protection even if networks are physically disconnected from the Internet.
Assign different endpoint groups or management tasks to different administrators via the Role-Based Model and customize the management console so that each administrator can only access the tools and data relevant to their responsibilities.
Protection against attempted tampering
Kaspersky Endpoint Security for Windows safeguards the integrity of its own protection and system safety, including intercepting and blocking any attempt to disable it.
Encryption and data protection for every business
Secure your data with FIPS 140-2 and Common Criteria: EAL2+ certified encryption, or use built-in Microsoft® BitLocker® management to enable OS-embedded encryption.
Prevent data breaches
Whether it's a stolen laptop or lost storage device, encryption make sensitive data useless to criminals or unauthorized viewers. Kaspersky Endpoint Security for Windows uses the Advanced Encryption Standard (AES) 256 bit algorithm and supports Intel® AES-NI for fast encryption.
Protect data at rest
Full Disk Encryption (FDE) runs on the physical hard drive, making it easy to run an 'encrypt everything at once' strategy without relying on end users to decide which items should be encrypted. Full Disk Encryption enables pre-boot authentication and guarantees a secure, tamper-proof environment external to the operating system – as a trusted authentication layer.
Secure data sharing and backup
Kaspersky's File Level Encryption enables the encryption of data in specific files and folders on any given drive. This allows system administrators to encrypt files automatically, based on attributes such as location and file type – and this encryption can be enforced for information created in any application. Users can also easily create encrypted, self-extracting packages – ensuring that data is protected when stored in backup or shared via removable devices, email, network or the web.
Central management and choice centrally
It's good practice to apply encryption settings under the same policy as anti-malware, device control and other endpoint security settings. This enables the best practice approach of integrated, coherent policies – for example, IT can allow approved USB devices to connect to a laptop, and can also enforce encryption policies to the device. All through the same single console used to manage Kaspersky Lab endpoint security.
In the event of password loss or damage to the drive, data can still be recovered and decrypted using a special centrally managed emergency recovery procedure. Built-in Microsoft® BitLocker® management enables OS-embedded encryption, letting you decide which technology to use and control via the single console.
Cloud-enabled controls for policy refinement and breach prevention
Host Intrusion Prevention, centralized web, device and application controls reduce your attack surface and help keep users safe and productive. Kaspersky Lab has its own dedicated Dynamic Whitelisting laboratory, maintaining a constantly monitored and updated database of more than 2.5-billion trusted programs. This database automatically synchronizes with endpoints to simplify routine work for administrators.
For ease of management, powerful endpoint controls are managed from the same console, tightly integrated with Active Directory and next-generation anti-malware protection. This makes setting blanket policies quick and easy.
Control inappropriate resource use
Prevent torrenting usage and potential data leakage with web controls. A new Web Control category – 'Cryptocurrencies and Mining' – empowers administrators to block varios cryptocurrency mining websites on corporate resources in one click. Administrators can monitor, filter and control which categories of websites employees can access, directly at the endpoint. Those categories are regularly updated with hundreds of new resources every month. Once categories are synchronized with the endpoint, policies are enforced even when the user is not on the corporate network. Flexible policies enable acceptable browsing at certain times of the day, while integration with Active Directory means policies can be applied across the business quickly and easily.
Reduce exposure to attacks
Powered by Dynamic Whitelisting, Application Control significantly reduces your exposure to zero-day attacks by providing total control over what software, including specific versions, is allowed to run. This includes shadow IT scenarios where, for example, employees install non-corporate software or games on a device, putting the corporate network at risk while at the same time being unproductive. Blacklisted applications are blocked, while your approved and trusted applications from the Dynamic Whitelisting database continue to run smoothly.
Automate custom-hardening for each PC
Adaptive Anomaly Control automatically helps apply the highest acceptable level of security for each role in organization. After first monitoring specific actions and collecting information about the behavior of users and applications, it identifies and learns distinctive patterns of behavior, right down to individual user level. If an application then displays abnormal behavior against this pattern - the application's blocked. All this without end-users even being interupted.
Regulate access to sensitive data and recording devices
Some applications' activities may be considered high risk – even though the applications themselves are not classed as malicious – and these activities should be controlled.
Our solution restricts application privileges according to assigned trust levels, limiting access to resources like sensitive data. Working in step with local and cloud (KSN) reputations database, Host Intrusion Prevention controls applications and restricts access to critical system resources, audio and video recording devices.
Kaspersky Lab's huge store of default HIPS settings and restrictions for different applications helps relieve administrator burden while giving them complete control over specific, individual settings.
Stop threats associated with public Wi-Fi or USB devices
To prevent users from connecting to potentially insecure public Wi-Fi networks, you can generate a list of trusted networks based on name, encryption/authentication type – or prevent the creation of a network bridge by blocking a second active network connection.
Disabling a USB port doesn't necessarily fix your removable device issue, because it can impact on other users' productivity – for example, being unable to connect a 4G modem. Kaspersky Lab's Device Control solves this by enabling a more granular level of control at network connection and device type level. Integration with Kaspersky Lab's encryption technologies allows you to apply encryption policies to specific drive types, as well as:
- Create rules for allowed devices
- Set read/write permissions for devices
- Log delete/copy operations
- Align device controls with Active Directory users
How to buy
Kaspersky Endpoint Security for Windows is included in:
For the most complete, up-to-date requirements, please refer to Kaspersky Knowledge Base.
- 2 GB of free disk space on the hard drive
- Intel Pentium 1 GHz processor (that supports the SSE2 instruction set or compatible equivalent)
- RAM: 1 GB for a 32-bit OS (2 GB for a 64-bit OS)
- Microsoft Windows 10 Pro / Enterprise x86 / x64
- Microsoft Windows 8.1 Pro / Enterprise x86 / x64
- Microsoft Windows 8 Pro / Enterprise x86 / x64
- Microsoft Windows 7 Professional / Enterprise / Ultimate x86 / x64 SP1 or later
- Microsoft Windows Server 2019 x64
- Microsoft Windows Server 2016 x64
- Microsoft Windows Server 2012 Standard / Foundation / Essentials x64 Edition or higher
- Microsoft Windows MultiPoint Server 2012 x64 Edition
- Microsoft Windows Small Business Server 2011 Essentials / Standard x64 Edition
- Microsoft Windows Server 2008 R2 Standard / Enterprise x86/x64 Edition SP1 or higher
- VMWare Workstation 14
- VMWare ESXi 6.5
- Microsoft Hyper-V 2016
- Citrix XenServer 7.2
- Citrix XenDesktop 7.14
- Citrix Provisioning Services 7.14
Version requirements for subscription
This application is available as part of Kaspersky Endpoint Security for Business and can be purchased on subscription with flexible monthly licensing. Please check with your local partner about subscription availability in your country and Application System Requirements here.
Kaspersky Lab's unique combination of big data threat intelligence, machine learning and human expertise enables agile, responsive protection against any kind of threat — with minimal management overheads.
Every 40 seconds, a business is attacked by ransomware. Find out more about why Ransomware was Kaspersky Lab's 'Story of the Year' for 2016.