Kaspersky Security Center licensing options

In Kaspersky Security Center, the license can apply to different groups of functionality.

When adding a license key in the Administration Server properties window, ensure that you add a license key that lets you use Kaspersky Security Center. You can find this information at the Kaspersky website. Each solution webpage contains the list of applications included in this solution. Administration Server may accept unsupported license keys, for example a license key for Kaspersky Endpoint Security Cloud, but the functionality of Kaspersky Security Center in such cases is not supported.

Basic functionality of Administration Console

The following functions are available:

• Creation of virtual Administration Servers that are used to administer a network of remote offices or client organizations.
• Creation of a hierarchy of administration groups to manage specific devices as a single entity.
• Control of the anti-virus security status of an organization.
• Remote installation of applications.
• Viewing the list of operating system images available for remote installation.
• Centralized configuration of applications installed on client devices.
• Viewing and editing existing licensed applications groups.
• Statistics and reports on the application's operation, as well as notifications about critical events.
• Encryption and data protection management.
• Viewing and manual editing of the list of hardware components detected by polling the network.
• Centralized operations with files that were moved to Quarantine or Backup and files whose processing was postponed.
• Management of user roles.

Kaspersky Security Center with support of the basic functionality of Administration Console is delivered as a part of Kaspersky applications for protection of corporate networks. You can also download it from Kaspersky website.

Before the application is activated or after the commercial license expires, Kaspersky Security Center provides only the basic functionality of Administration Console.

Vulnerability and Patch Management feature

The following functions are available:

• Remote installation of operating systems.
• Remote installation of software updates, scanning and fixing of vulnerabilities.
• Hardware inventory.
• Licensed applications group management.
• Remote permission of connection to client devices through a component of Microsoft® Windows® named Remote Desktop Connection.
• Remote connection to client devices through Windows Desktop Sharing.

The management unit for Vulnerability and Patch Management is a client device in the Managed devices group.

Detailed information about devices' hardware is available during the inventory process as part of Vulnerability and Patch Management. For a proper functioning of Vulnerability and Patch Management, at least 100 GB free disk space must be available.

Mobile Device Management feature

The Mobile Device Management feature is used to manage Exchange ActiveSync (EAS) and iOS MDM mobile devices.

The following functions are available for Exchange ActiveSync mobile devices:

• Creation and editing of mobile device management profiles, assignment of profiles to users' mailboxes.
• Configuration of mobile devices (email synchronization, apps usage, user password, data encryption, connection of removable drives).
• Installation of certificates on mobile devices.

The following functions are available for iOS MDM devices:

• Creating and editing configuration profiles, and installing configuration profiles on mobile devices.
• Installing applications on mobile devices through App Store® or using manifest files (.plist).
• Locking mobile devices, resetting the mobile device password, and deleting all data from the mobile device.

In addition, Mobile Devices Management allows executing commands provided by relevant protocols.

The management unit for Mobile Devices Management is a mobile device. A mobile device is considered to be managed after it is connected to the Mobile Devices Server.

Role-based access control

Kaspersky Security Center provides facilities for role-based access to the features of Kaspersky Security Center and managed Kaspersky applications.

You can configure access rights to application features for Kaspersky Security Center users in one of the following ways:

• By configuring the rights for each user or group of users individually.
• By creating standard user roles with a predefined set of rights and assigning those roles to users depending on their scope of duties.

Installation of operating systems and applications

Kaspersky Security Center allows you to create operating system images and deploy them on client devices on the network, as well as perform remote installation of applications by Kaspersky or other vendors. You can capture operating system images from devices and transfer those images to the Administration Server. Such images of operating systems are stored on the Administration Server in a dedicated folder. The operating system image of a reference device is captured and then created through an installation package creation task. You can use the images received for deployment on new networked devices on which no operating system has been installed yet. A technology named Preboot eXecution Environment (PXE) is used in this case.

Integration with cloud environments

Kaspersky Security Center not only works with on-premises devices, but also provides special features for working in a cloud environment, such as Cloud Environment Configuration Wizard. Kaspersky Security Center works with the following virtual machines:

• Amazon EC2 instances
• Microsoft Azure virtual machines
• Google Cloud virtual machines instances

Exporting events to SIEM systems: QRadar by IBM and ArcSight by Micro Focus

Event export can be used within centralized systems that deal with security issues on an organizational and technical level, provide security monitoring services, and consolidate information from different solutions. These are SIEM systems, which provide real-time analysis of security alerts and events generated by network hardware and applications, or Security Operation Centers (SOCs).

Under a special license, you can use the CEF and LEEF protocols to export to SIEM systems general events, as well as the events transferred by Kaspersky applications to the Administration Server.

LEEF (Log Event Extended Format) is a customized event format for IBM Security QRadar SIEM. QRadar can integrate, identify, and process LEEF events. LEEF events must use UTF-8 character encoding. You can find detailed information on LEEF protocol in IBM Knowledge Center.

CEF (Common Event Format) is an open log management standard that improves the interoperability of security-related information from different security and network devices and applications. CEF enables you to use a common event log format so that data can easily be integrated and aggregated for analysis by an enterprise management system. ArcSight and Splunk SIEM systems use this protocol.