|
|
|
Feature or property
|
Kaspersky Security Center operation mode
|
|
No license
|
Commercial license
|
Basic functionality of Administration Console
The following functions are available:
- Creation of virtual Administration Servers that are used to administer a network of remote offices or client organizations.
- Creation of a hierarchy of administration groups to manage specific devices as a single entity.
- Remote installation of applications.
- Centralized configuration of applications installed on client devices.
- Control of the anti-virus security status of an organization.
- Management of user roles.
- Statistics and reports on the application's operation, as well as notifications about critical events.
- Centralized operations with files that were moved to Quarantine or Backup and files whose processing was postponed.
- Encryption and data protection management.
- Viewing and editing existing licensed applications groups.
- Viewing and manual editing of the list of hardware components detected by polling the network.
- Viewing the list of operating system images available for remote installation.
|
|
|
Vulnerability and patch management: basic functionality
The following tasks do not require a commercial license:
- The Find vulnerabilities and required updates task
Through this task, Kaspersky Security Center receives the lists of detected vulnerabilities and required updates for the third-party software installed on the managed devices.
- The Install Windows Update updates task
This task can be used to install Windows Update updates only. To use this task, you must manually specify the required updates in the task settings.
- The Fix vulnerabilities task
The Fix vulnerabilities task uses recommended fixes for Microsoft software and user fixes for third-party software. To use this task, you must manually specify user fixes for vulnerabilities in the task settings.
|
|
|
Vulnerability and patch management: advanced functionality
The following functions are available:
- Remote installation of software updates and fixing of vulnerabilities automatically, according to the rules that you define.
- Usage of Administration Server as the Windows Server Update Services (WSUS) server to provide updates to Windows Update services on devices in centralized mode and with the set frequency.
|
|
|
Mobile Device Management feature in MMC-based Administration Console
The Mobile Device Management feature is used to manage Exchange ActiveSync (EAS) and iOS MDM mobile devices.
The following functions are available for Exchange ActiveSync mobile devices:
- Adding new devices under management of Kaspersky Security Center.
- Creation and editing of mobile device management profiles, assignment of profiles to users' mailboxes.
- Configuration of mobile devices (email synchronization, apps usage, user password, data encryption, connection of removable drives).
- Installation of certificates on mobile devices.
The following functions are available for iOS MDM devices:
- Adding new devices under management of Kaspersky Security Center.
- Creating and editing configuration profiles, and installing configuration profiles on mobile devices.
- Installing applications on mobile devices through App Store® or using manifest files (.plist).
- Locking mobile devices, resetting the mobile device password, and deleting all data from the mobile device.
The following functions are available for Android devices:
- Adding new devices under management of Kaspersky Security Center.
- Managing Kaspersky Endpoint Security for Android through policy.
In addition, Mobile Devices Management allows executing commands provided by relevant protocols.
The management unit for Mobile Devices Management is a mobile device. A mobile device is considered to be managed after it is connected to the Mobile Devices Server.
|
|
(A license key must be added to the Administration Server properties.)
|
Mobile device protection in Kaspersky Security Center Web Console
Kaspersky Security Center Web Console provides you with the following features to manage Android and iOS mobile devices:
- Adding new devices under management of Kaspersky Security Center.
- Managing Kaspersky Endpoint Security for Android and Kaspersky Security for iOS through policies.
- Sending commands to the mobile devices through relevant protocols and executing the commands.
|
|
(A license key must be added on each mobile device.)
|
Systems management
The following functions are available:
- Installation of operating systems and applications.
Kaspersky Security Center allows you to create operating system images and deploy them on client devices on the network, as well as perform remote installation of applications by Kaspersky or other vendors. You can capture operating system images from devices and transfer those images to the Administration Server. Such images of operating systems are stored on the Administration Server in a dedicated folder. The operating system image of a reference device is captured and then created through an installation package creation task. You can use the images received for deployment on new networked devices on which no operating system has been installed yet. A technology named Preboot eXecution Environment (PXE) is used in this case.
- Licensed applications group management.
- Remote permission of connection to client devices through a component of Microsoft® Windows® named Remote Desktop Connection.
- Remote connection to client devices through Windows Desktop Sharing.
- Remote connection through Kaspersky Remote Desktop Session Viewer.
|
|
|
Integration with cloud environments
Kaspersky Security Center not only works with on-premises devices, but also provides special features for working in a cloud environment, such as Cloud Environment Configuration Wizard. Kaspersky Security Center works with the following virtual machines:
- Amazon EC2 instances
- Microsoft Azure virtual machines
- Google Cloud virtual machines instances
- Yandex.Cloud virtual machines
|
|
|
Exporting events to SIEM systems: using the Syslog protocol
Using the Syslog protocol, you can relay any events that occur on the Kaspersky Security Center Administration Server and in Kaspersky applications that are installed on managed devices. The Syslog protocol is a standard message-logging protocol. You can use it to export events to any SIEM system.
|
|
|
Exporting events to SIEM systems: QRadar by IBM and ArcSight by Micro Focus
Event export can be used within centralized systems that deal with security issues on an organizational and technical level, provide security monitoring services, and consolidate information from different solutions. These are SIEM systems, which provide real-time analysis of security alerts and events generated by network hardware and applications, or Security Operation Centers (SOCs).
Under a special license, you can use the CEF and LEEF protocols to export to SIEM systems general events, as well as the events transferred by Kaspersky applications to the Administration Server.
LEEF (Log Event Extended Format) is a customized event format for IBM Security QRadar SIEM. QRadar can integrate, identify, and process LEEF events. LEEF events must use UTF-8 character encoding. You can find detailed information on LEEF protocol in IBM Knowledge Center.
CEF (Common Event Format) is an open log management standard that improves the interoperability of security-related information from different security and network devices and applications. CEF enables you to use a common event log format so that data can easily be integrated and aggregated for analysis by an enterprise management system. ArcSight and Splunk SIEM systems use this protocol.
|
|
|