In Kaspersky Security Center, the license can apply to different groups of functionality.
When adding a license key in the Administration Server properties window, ensure that you add a license key that lets you use Kaspersky Security Center. You can find this information at the Kaspersky website. Each solution webpage contains the list of applications included in this solution. Administration Server may accept unsupported license keys, for example a license key for Kaspersky Endpoint Security Cloud, but the functionality of Kaspersky Security Center in such cases is not supported.
Basic functionality of Administration Console
The following functions are available:
Kaspersky Security Center with support of the basic functionality of Administration Console is delivered as a part of Kaspersky applications for protection of corporate networks. You can also download it from Kaspersky website.
Before the application is activated or after the commercial license expires, Kaspersky Security Center provides only the basic functionality of Administration Console.
Vulnerability and Patch Management feature
The following functions are available:
The management unit for Vulnerability and Patch Management is a client device in the Managed devices group.
Detailed information about devices' hardware is available during the inventory process as part of Vulnerability and Patch Management. For a proper functioning of Vulnerability and Patch Management, at least 100 GB free disk space must be available.
Mobile Device Management feature
The Mobile Device Management feature is used to manage Exchange ActiveSync (EAS) and iOS MDM mobile devices.
The following functions are available for Exchange ActiveSync mobile devices:
The following functions are available for iOS MDM devices:
In addition, Mobile Devices Management allows executing commands provided by relevant protocols.
The management unit for Mobile Devices Management is a mobile device. A mobile device is considered to be managed after it is connected to the Mobile Devices Server.
Role-based access control
Kaspersky Security Center provides facilities for role-based access to the features of Kaspersky Security Center and managed Kaspersky applications.
You can configure access rights to application features for Kaspersky Security Center users in one of the following ways:
Installation of operating systems and applications
Kaspersky Security Center allows you to create operating system images and deploy them on client devices on the network, as well as perform remote installation of applications by Kaspersky or other vendors. You can capture operating system images from devices and transfer those images to the Administration Server. Such images of operating systems are stored on the Administration Server in a dedicated folder. The operating system image of a reference device is captured and then created through an installation package creation task. You can use the images received for deployment on new networked devices on which no operating system has been installed yet. A technology named Preboot eXecution Environment (PXE) is used in this case.
Integration with cloud environments
Kaspersky Security Center not only works with on-premises devices, but also provides special features for working in a cloud environment, such as Cloud Environment Configuration Wizard. Kaspersky Security Center works with the following virtual machines:
Exporting events to SIEM systems: QRadar by IBM and ArcSight by Micro Focus
Event export can be used within centralized systems that deal with security issues on an organizational and technical level, provide security monitoring services, and consolidate information from different solutions. These are SIEM systems, which provide real-time analysis of security alerts and events generated by network hardware and applications, or Security Operation Centers (SOCs).
Under a special license, you can use the CEF and LEEF protocols to export to SIEM systems general events, as well as the events transferred by Kaspersky applications to the Administration Server.
LEEF (Log Event Extended Format) is a customized event format for IBM Security QRadar SIEM. QRadar can integrate, identify, and process LEEF events. LEEF events must use UTF-8 character encoding. You can find detailed information on LEEF protocol in IBM Knowledge Center.
CEF (Common Event Format) is an open log management standard that improves the interoperability of security-related information from different security and network devices and applications. CEF enables you to use a common event log format so that data can easily be integrated and aggregated for analysis by an enterprise management system. ArcSight and Splunk SIEM systems use this protocol.