Scenario: Configuring network protection

The quick start wizard creates policies and tasks with the default settings. These settings may turn out to be sub-optimal or even disallowed by the organization. Therefore, we recommend that you fine-tune these policies and tasks and create other policies and tasks, if they are necessary for your network.

Prerequisites

Before you start, make sure that you have done the following:

• Installed Kaspersky Security Center Administration Server
• Installed Kaspersky Security Center Web Console (optional)
• Completed the Kaspersky Security Center main installation scenario
• Completed the quick start wizard or manually created the following policies and tasks in the Managed devices administration group:
  • Policy of Kaspersky Endpoint Security
  • Group task for updating Kaspersky Endpoint Security
  • Policy of Network Agent
  • Find vulnerabilities and required updates task

Configuring network protection proceeds in stages:

1. Setup and propagation of Kaspersky application policies and policy profiles

   To configure and propagate settings for Kaspersky applications installed on the managed devices, you can use two different security management approaches—device-centric or user-centric. These two approaches can also be combined. To implement device-centric security management, you can use tools provided in Microsoft Management Console-based Administration Console or Kaspersky Security Center Web Console. User-centric security management can be implemented through Kaspersky Security Center Web Console only.

2. Configuring tasks for remote management of Kaspersky applications

   Check the tasks created with the quick start wizard and fine-tune them, if necessary.

   How-to instructions:

   • Administration Console:
     • Setting up the group task for updating Kaspersky Endpoint Security
     • Scheduling the Find vulnerabilities and required updates task
   • Kaspersky Security Center Web Console:
     • Setting up the group task for updating Kaspersky Endpoint Security
     • Find vulnerabilities and required updates task settings

   If necessary, create additional tasks to manage the Kaspersky applications installed on the client devices.

3. Evaluating and limiting the event load on the database

   Information about events during the operation of managed applications is transferred from a client device and registered in the Administration Server database. To reduce the load on the Administration Server, evaluate and limit the maximum number of events that can be stored in the database.

   How-to instructions:

   • Administration Console: Setting the maximum number of events
   • Kaspersky Security Center Web Console: Setting the maximum number of events

Results

Upon completion of this scenario, your network will be protected by configuration of Kaspersky applications, tasks, and events received by the Administration Server:

• The Kaspersky applications are configured according to the policies and policy profiles.
• The applications are managed through a set of tasks.
• The maximum number of events that can be stored in the database is set.

When the network protection configuration is complete, you can proceed to configuring regular updates to Kaspersky databases and applications.

For details about how to configure automatic responses to threats detected by Kaspersky Sandbox, please refer to the Kaspersky Sandbox 2.0 Online Help.