Kaspersky Endpoint Security for Business Core review

Many SMBs find deploying network security a daunting prospect, but Kaspersky aims to take the fear out of the job through simplification. Its latest Endpoint Security for Business (ESB) software offers a huge range of options, including anti-malware for servers and workstations, patch management and mobile device security, yet everything can be deployed and managed from a single console.

ESB comes in four flavours. On review we have the base Core edition, which comprises the Security Center console and anti-malware for workstations, but there’s also the Select edition, which adds file-server and mobile device protection, plus application controls; the Advanced edition for encryption and systems management; and Total, which bolsters this with mail-server, gateway and collaboration security. Each package can be expanded with extra modules, as the need arises.

Security Center takes only a few minutes to install and it then loads all the relevant updates and signature databases from the Kaspersky support site. The main console hasn’t seen any major design changes for a few years but, unlike AVG’s Internet Security Business Edition 2013, it still works very well.

There are plenty of workstation deployment options, and it’s worth checking them out first to ensure you use the best method. The console’s search facilities show anything from subnet or workgroup contents to lists of Active Directory (AD) computers. The Network Agent and Endpoint Security components can then be deployed manually by selecting multiple systems from one of the searches and pushing both components to them in one go. Alternatively, you can pick a single system and fire the software straight at it. Automatic installation is quickest: add all unassigned systems to a console group with this feature enabled, and it will do it all for you.

For testing we used virtual Windows XP, 7 and 8 clients hosted on VMware ESX and Hyper-V servers. All systems were AD domain members and all were listed correctly by the console search facility. We found workstation deployment took at least 15 minutes per system, which is slower than AVG’s Business Edition 2013. However, we found Kaspersky to be less resource-hungry, with CPU usage rarely going above 50%.

Once installed, the software uses group policies to control how Network Agent and Endpoint Security behave and are applied when a client joins a group. Subgroups can be created, which inherit settings from the top level or have their own policies. Lists of group members can also be viewed from the console, and a set of multicoloured icons provide simple, at-a-glance status updates, allowing you to drill down into each client’s properties, view status reports and run tasks such as full system scans or updates.

With group polices in action, users can’t fiddle with the Endpoint Security client settings, but they can load its console, see what’s going on and run custom malware scans. Policies also keep users out of the decision process when malware is detected. When we introduced a selection of malware to our test clients, Endpoint Security blocked them all, disinfected or deleted the dodgy files, posted warnings in the Security Center console and alerted us via email.

In fact, Kaspersky never disappoints for malware-detection performance. In the latest Dennis Technology Labs enterprise antivirus report, Kaspersky grabbed the top slot with a near-perfect score.

Reporting is another area where Kaspersky excels. Where AVG’s reporting tools look positively prehistoric, the Security Center console’s reports look slick, and there’s a huge list to choose from. These include detailed and exportable HTML reports on detected malware, the most infected systems and users, client protection status and much more. Endpoint Security also gathers Registry data on each client, allowing you to compile hardware and software inventory reports.

Finally, there’s also a client firewall, a network-attack blocker and a system watcher that keeps an eye out for suspicious application behavior.

Kaspersky’s Endpoint for Business Core is slightly more costly than several competing security products, but it’s worth the extra outlay. It provides sophisticated workstation anti-malware, which performs well and can be upgraded with further security measures whenever you need them.