February 2017 www.kaspersky.com #truecybersecurity Kaspersky Endpoint Security for Business New Feature List Kaspersky for Business
February 2017
www.kaspersky.com
#truecybersecurity
Kaspersky Endpoint Security for Business New Feature List
Kaspersky for Business
1
Contents
Business Summary 2 What’s New 3 Kaspersky Endpoint Security for Windows – New Features 7 Kaspersky Security Center – New Features 8 Kaspersky Security for Mobile – New Features 11 Kaspersky Endpoint Security for Linux – New Features 12 Kaspersky Endpoint Security for Mac – New Features 12
2
The key functional enhancements include increased flexibility of data protection, multiple usability improvements in security management, centralized management of more Kasper-sky Lab applications, centralized audit, as well as enhancements in device, application and web control covering the following applications inside Kaspersky Endpoint Security for Business
• Kaspersky Endpoint Security for Windows (version 10 Service Pack 2) • Kaspersky Security Center (version 10 Service Pack 2 MR1) • Kaspersky Security for Mobile (version 10 Service Pack 2 MR 1 Update 1) • Kaspersky Endpoint Security for Linux (version 10) • Kaspersky Endpoint Security for Mac (version 10 Service Pack 1)
The product name ‘Kaspersky Systems Management’ changes to ‘Kaspersky Vulnerability and Patch Management’. Kaspersky Vulnerability and Path Management and Kaspersky Encryption, available within Kaspersky Endpoint Security for Business Advanced and Total, and as standalone targeted solutions, are now available as add-ons for Kaspersky Endpoint Security Select as well (except in Russia).
If not explicitly stated otherwise, the New Feature List prepared by HQ is intended for internal use only!
Business Summary
3
What’s newNew and Enhanced Features
Management and administration
IMPROVED SECURITY MANAGEMENT
NEWSupport for Kaspersky Security for Exchange Servers and Kaspersky Security for SharePoint
Kaspersky Security for Exchange Servers and Kaspersky Security for SharePoint can now be managed through Kaspersky Security Center. Detailed information on Kaspersky Security for Exchange and Kaspersky Security for SharePoint, including server and signature status, as well as threat statistics, are available in Kaspersky Security Center. Kaspersky Security Center supports centralized license management for Kaspersky Security for Exchange Servers and Kaspersky Security for SharePoint.
ENHANCED Detailed audit of settings, policies and tasks of Kaspersky Security Center and managed applications
All changes in settings, tasks and policies of Kaspersky Security Center and managed applications are logged and stored for version comparison and roll-back if required. Log-file includes comprehensive, detailed information on what parameters have been changed and how they have changed. The default storage period for the log is three months, but this can be adjusted according to customer needs. All policies and task versions can be exported to a text-file if required. This feature is more relevant for bigger SMB and enterprise customers with several system administrators managing Kaspersky Endpoint Security for Business.
NEWKaspersky Security Network Proxy hierarchy
KSN proxy hierarchy can be now setup according to managing server hierarchy in a corporate network. Thanks to this feature, customers with complex network environments can exchange information with Kaspersky Security Network. KSN Proxy ensures traffic reduction and improves KSN service availability in distributed networks.
ENHANCED Full remote deployment of Kaspersky Endpoint Security for Mac and Linux
Kaspersky Endpoint Security for Mac and Kaspersky Endpoint Security for Linux can be now fully deployed remotely via Kaspersky Security Center, making product installation and administration easier and more efficient
NEWUnified Linux application
Kaspersky Endpoint Security for Business 10 SP10 includes a single application for the protection of Linux endpoints – both workstations and servers. Kaspersky Endpoint Security for Linux 10 combines features of Kaspersky Endpoint Security for Linux and Kaspersky Anti-Virus for Linux File Server.
4
IMPROVED USABILITY
ENHANCEDMultiple usability improvements for ease of use
Multiple usability improvements in Kaspersky Security Center make product management and administration more intuitive and efficient. Usability improvements include, among others:• Use of generic terminology in Kaspersky Security Center GUI• New wizard for software update installation• Confirmation request window when a new policy is created for KL application in a
group with already existing policy for this application • Progress bar for the process of signatures renewal in installation packages
IMPROVED MANAGEMENT OF MOBILE DEVICES
ENHANCEDSimplified installation of mobile device management server, setup and connection wizards
Management of mobile devices in Kaspersky Security Center has become easier:• Installation of MDM server for iOS has been simplified and made more intuitive with a
new setup wizard• The new device connection wizard has been improved• The SSP installation process and Google Cloud Messaging setup have been simplified• Command-line backup utility for iOS MDM Server has been implemented.
IMPROVED VULNERABILITY ASSESSMENT AND PATCH MANAGEMENT
ENHANCEDBetter vulnerability monitoring and assessment
Kaspersky Security Center features improved vulnerability assessment and client management tools:• Vulnerability monitoring and prioritization features have been extended• Task-running controls have been enhanced• Permission check for temporary sharing is performed before the OS capture process
starts• Patch management page in Kaspersky Security Center has been redesigned for better
user experience• Generic syslog connector for SIEM systems has been implemented to extend
integration options.
NEW Vulnerability and Patch Management add-on
Vulnerability assessment and patch management features, as well as client management tools, are now available for Kaspersky Endpoint Security for Business Select users as
add-ons. Add-on pricing is available only together with Kaspersky Endpoint Security for Business Select order. Add-on pricing is available in all regions except Russia
NEWEncryption add-on
Kaspersky Encryption is now available for Kaspersky Endpoint Security for Business Select users as an add-on.
5
IMPROVED COMPATIBILITY
NEWSupport for new OS versions and other 3rd party software versions
Kaspersky Security Center supports new OS, database and web server versions to allow customers to use the most recent (or their preferred) software version:
New OS versions• Windows 10 RS2• Windows Server 2016• Debian GNU/Linux 8.x (nagent only)• Ubuntu Server 16 (nagent only)• SUSE Linux Enterprise Desktop 12 (all SPs) (nagent only)• macOS Sierra (10.12) (nagent only)
New Database versions• Microsoft SQL Server 2016 (all editions)• MySQL 5.5, 5,6 and 5.7
New Web server versions• Apache 2.4.23
Performance
ENHANCEDImproved performance
Kaspersky Endpoint Security 10 SP2 for Windows design has been optimized to improve performance. The new, improved SP2 version delivers an impressive 1.5 times lower total impact on end-user operations (compared to the 10SP1 MR3 version). This performance gain is validated by independent testing (silent test conducted by AV-Test, see detailed test results here). Please note that this is a private test.
Kaspersky Security Center Network Agent was optimized for better performance in the following scenarios: boot, sleep and hibernate.
Data protection
NEWMicrosoft BitLocker encryption management
Hard drive encryption on Windows devices can be done using Microsoft BitLocker technology and managed via Kaspersky Security Center. Kaspersky Security Center enables/disables Microsoft BitLocker, monitors the status of encrypted devices and backs-up encryption keys to restore forgotten access credentials. Microsoft BitLocker management enables OS-embedded encryption technology to improve hardware compatibility and minimize performance impact. Please note: either Kaspersky Disk Encryption or Microsoft BitLocker encryption can be used.
ENHANCEDMore encryption options
For Kaspersky Disk Encryption, pre-boot authentication can be done using a virtual keyboard with touchscreen support. A new encryption mode – encryption of occupied disk space only – is available. Recommended for new / formatted devices, this reduces the time required for initial encryption and consequently improves user experience.
6
Device control
NEWBetter USB control
Kaspersky Endpoint Security for Business now logs all delete and copy operations on removable USB devices for further analysis. Logging can be done for all or just specific selected file-types (if selected, file-types should be specified in the policy).
NEWBetter CD / DVD control
Kaspersky Endpoint Security for Business now manages user access rights for read and write operations on CDs/DVDs.
NEWNew Wi-Fi management option: list of trusted Wi-Fi networks
In addition to the option to completely block access to Wi-Fi networks, a list of trusted networks can now be specified. This list is generated based on Wi-Fi network properties such as network name, encryption and authentication type. Access to trusted Wi-Fi networks is enabled, while other networks are not available.
APPLICATION CONTROL
ENHANCEDBetter application control
• Application startup control is now available on servers • Application startup control now controls DLL modules and drivers • Attributes of digital signature certificates can now be used for startup rules• Reporting on applications blocked during test runs • Startup control of scripts from the PowerShell is now supported• Two operation modes for application startup control are available: ‘blacklist’ and ‘whitelist’• Hash sum for application startup rules has been replaced with SHA256 for increased
security • Access of applications to audio and video recording devices can now be controlled.
WEB CONTROL
ENHANCEDMore web categories
More granular categories of web resources are now available to control end-user web access.
KASPERSKY SECURITY NETWORK
ENHANCEDKaspersky Security Network integration
Objects detected based on Kaspersky Security Network (KSN) data can now be seen in the reports of the Kaspersky Endpoint Security for Windows local interface and in the Kaspersky Security Center Administration Console. File-reputation in the KSN can be requested from the context menu by right-clicking the file-name. KSN server status is now available at client computers with Kaspersky Endpoint Security installed and in Kaspersky Security Center.
NEWKaspersky Security Network for Linux endpoints
Kaspersky Endpoint Security for Linux now supports Kaspersky Security Network and Kaspersky Private Security Network
Please find the exact list of new and enhanced features by application in the following sections.
7
Kaspersky Endpoint Security for Windows – New Features
Kaspersky Endpoint Security for Windows 10 Service Pack 2 offers the following features and improvements:1. Manage hard drive encryption with Microsoft BitLocker technology: • Remotely manage encryption • Monitor and receive reports on encrypted devices • Restore access to encrypted devices
2. Application Startup Control: • Supports server operating systems • Control downloads of DLL modules and drivers • Controls objects based on a new criterion – attributes of digital signature
certificates • Test mode with report generation on launch of blocked applications • Supports two operating modes for Application Startup Control: blacklist and
whitelist • The hash code for control and inventory of objects has been replaced with SHA256 • Supports startup control of scripts from the PowerShell interpreter • Uses trusted system certificate storage
3. Kaspersky Disk Encryption: • Supports credential input in the pre-installation environment of Authentication
Agent using a virtual keyboard • Mode for encrypting only the occupied space on a device (recommended for use
on new devices) • Supports encryption on tablets
4. Application Privilege Control: • Controls access of applications to audio and video recording devices
5. Web Control: • Expanded list of categories for which rules for web resources access can be
configured
6. Device Control: • Logs events associated with deleting and saving files on USB devices • Option to specify a list of trusted Wi-Fi networks based on the following properties:
name, encryption type, authentication type • Manages user access rights for read and write operations on CD/DVDs
7. Kaspersky Security Network: • Reports in the Kaspersky Endpoint Security for Windows local interface and in the
Kaspersky Security Center Administration Console now include the option to see objects detected using Kaspersky Security Network (KSN)
• You can now request information about the reputation of a selected file from KSN from the context menu (by right-clicking the file)
• New ‘availability status’ of KSN servers for client computers with Kaspersky Endpoint Security installed
8
Kaspersky Security Center – New Features
Kaspersky Security Center 10 SP2 MR1 offers the following major features and improvements: 1. Management of Kaspersky Security for Exchange and Kaspersky Security for SharePoint a. Kaspersky Security for Exchange i. Kaspersky Security for Exchange servers are displayed in ‘Managed
computers’ ii. Anti-Virus and Anti-Spam signatures status for Kaspersky Security for
Exchange (and for Kaspersky Security for Linux Mail Server) iii. Kaspersky Security for Exchange servers status iv. Kaspersky Security for Exchange (and Kaspersky Security for Linux Mail
Server) threats statistics v. Kaspersky Security for Exchange (and Kaspersky Security for Linux Mail
Server) Anti-Spam statistics vi. KSN proxy support for Kaspersky Security for Exchange vii. Centralized license management for Kaspersky Security for Exchange viii. Status and start/stop of Kaspersky Security for Exchange services ix. Kaspersky Security for Exchange events monitoring b. Kaspersky Security for SharePoint i. Kaspersky Security for SharePoint servers are displayed in ‘Managed
computers’ ii. Silent install /upgrade tasks for Kaspersky Security for SharePoint servers iii. Signatures status for Kaspersky Security for SharePoint iv. Kaspersky Security for SharePoint servers status v. KSN proxy support for Kaspersky Security for SharePoint vi. Centralized license management for Kaspersky Security for SharePoint vii. Status and start/stop of Kaspersky Security for SharePoint services viii. Kaspersky Security for SharePoint events monitoring
2. Audit enhancements and policy comparison a. Policies, tasks and Kaspersky Security Center settings changes history and audit b. The ability to roll-back to previous policy/task/ Kaspersky Security Center settings
versions c. History filtering by user name/change time d. Adjustable history storage period (three months by default) e. Policies and tasks versions comparison f. Export of policies/tasks versions to a text file
3. KSN Proxy HIERARCHY a. KSN proxy from an Update Agent can connect to the KSN proxy of the
Administration Server instead of to the Internet b. The ability to use KSN in complex and highly-secure corporate network
environments (which improved protection) c. KSN traffic reduction and improvement of KSN service availability in distributed
networks
SECONDARY improvements include:
4. Security for Linux Mail Servers management enhancements a. Anti-Virus and Anti-Spam signatures status for Kaspersky Security for Linux Mail
Server b. Kaspersky Security for Linux Mail Server events monitoring
5. Improved diagnostics during automatic patch deployment process
6. Additional warnings have been added at ‘Administration server backup’ Kaspersky Security
9
Center installer screen to: a. Emphasize the importance of having fresh backup and distributives of the old
Kaspersky Security Center version and of keeping all installed patches available b. Explain how to act in case of upgrade failure: Uninstall Kaspersky Security Center,
carry out a fresh install of the old version and all previously installed patches, then restore from the backup
c. Ask customers for additional confirmation if they really don’t want to do a backup
7. Added Windows Tablets Support for Kaspersky Security Center network agent (Windows 8/8.1, MS Surface)
8. Optimizations in Kaspersky Security Center Network Agent reduce boot time of Windows hosts with installed Kaspersky Endpoint Security for Windows + nagent
9. Optimized Kaspersky Security Center Network Agent operation during the OS Windows suspend (sleep, hibernate) process
10. Added an option in Kaspersky Security Center Initial Setup Wizard to check for the latest versions of Kaspersky Lab plugins and installation packages and to apply available updates. Kaspersky Security Center also shows the availability of updates for Kaspersky Lab plugins/applications/Kaspersky Security Center components in the main dashboard.
11. USABILITY improvements a. Terminology in the Kaspersky Security Center UI has been made more ‘generic’
and Kaspersky Lab application-independent. For example, the term ‘computer’ has been replaced by ‘device’, etc.
b. New wizard has been implemented for Software Updates installation c. More information on task progress. In the tasks pane, the following columns have
been added: i. Counters for devices where a task is ‘Running’, ‘Completed’, ‘Completed
with error’ ii. A status column, with a text description of the task status d. Added an option to manually assign a name for a standalone installation package e. Confirmation is requested if a user tries to create a new policy for a Kaspersky Lab
application in a group where a policy for that application already exists f. An ‘Automatic Relocation Rules’ button at the ‘Unassigned devices’ page has been
added g. ‘Start protection deployment’ checkbox in Kaspersky Security Center Quick Start
Wizard has been comment enabled. h. Tabs on the ‘Statistics’ tab of the Kaspersky Security Center server main panel
have been made more visually distinctive i. Tag auto assignment rules window has been improved j. Usability of RBAC settings in the Administration server properties has been
improved k. A filter for text description field of events has been added l. The ability to create tags directly in the policy profile activation conditions window
has been added m. A ‘Number of profiles’ column has been added to policy lists (clickable) n. An option to choose a column’s exact position in lists has been added o. A progress bar has been added for the process of signatures renewal in installation
packages p. The server installation icon on the main screen of the Kaspersky Security Center
installer has been redesigned q. Wording in the policies and tasks conversion wizard has been improved and made
clearer
12. IMPROVEMENTS in Mobile Device Management (MDM) a. iOS MDM Server installation has been simplified. A Setup Wizard to deploy iOS
MDM server has been implemented (define default settings, APN-certificate, etc.) b The Self-Service-Portal installation process has been simplified. Kaspersky
Security Center now includes a dedicated window for SSP management. c The ‘New device’ connection wizard has been improved. The wizard guides users
through the device connection stages: choose OS of the connecting device –
10
choose connection method (Google Play or personal installation package for Android, iOS MDM profile or Safe Browser for iOS) – choose or add mobile user – form and send invitation to connect.
d. Setup of Google Cloud Messaging for synchronization of connected Android devices has been simplified. Context-sensitive tips and explanations why and when GCM could be useful has been included.
e. A command-line backup utility for iOS MDM Server has been implemented. f. An option for Kaspersky Security Center administrator to manually specify
Kaspersky Security for Android connection certificate expiration date while (re)issuing the certificate has been implemented.
g. The Self-Service-Portal console version number is now displayed in the Self-Service user interface.
h. If Kaspersky Security Center is installed with the ‘Mobile devices support’ option, all required actions to enable Kaspersky Security for Mobile and MDM functionality are performed by Kaspersky Security Center Installer and Initial Setup Wizard.
13. Systems management improvements a. The patch management page in Kaspersky Security Center has been redesigned. b. Improved Vulnerability Assessment and Patch Management: i. extended monitoring and vulnerability prioritization capabilities ii. enhanced task running controls iii. refined documentation c. Generic syslog connector for SIEM d. Hardware types everywhere in Kaspersky Security Center user interface have been
unified. e. Information on VAPM task results has been expanded. f. OS deployment: Ability to check permissions to the temporary share before OS
image capture process starts has been added. g. An incident is generated if free space is exceeded at Update Agent host storage.
14. Support of improvements in Kaspersky Lab applications a. Kaspersky Endpoint Security for Windows: protects AC user categories from
accidental deletion in Kaspersky Security Center b. Kaspersky Endpoint Security for Windows: a warning is generated to the
administrator if the installation of Kaspersky Endpoint Security for Windows patch also requires an update of Kaspersky Endpoint Security for Windows plugin in Kaspersky Security Center
c. Kaspersky Endpoint Security for Windows: Microsoft BitLocker management has been added
d. Kaspersky Endpoint Security for Windows: policy creation wizard usability has been improved
e. Kaspersky Endpoint Security for Windows: an option to display a Kaspersky Endpoint Security for Windows software update severity has been added
f. Kaspersky Endpoint Security for Windows: ability to report on blocked applications in ‘Default deny’ test mode has been added
g. Kaspersky Endpoint Security for Windows: actual information on KSN/KPSN service availability for managed hosts has been added
h. Kaspersky Endpoint Security for Windows: an option to restore access to encrypted data by FDE host after its deletion from Kaspersky Security Center server has been added
i. Kaspersky Endpoint Security for Windows: supported creation of application categories by certificate
j. Kaspersky Endpoint Security for Windows: support of SHA-256 hashes in application categories
k. Kaspersky Endpoint Security for Mac: remote deployment tasks for Kaspersky Security Center Network agent / Kaspersky Endpoint Security for Mac have been implemented
l. Kaspersky Endpoint Security for Mac: an option to choose EULA language has been added
m. Kaspersky Endpoint Security for Android: the ‘Locate’ command doesn’t block the device
n. Kaspersky Endpoint Security for Android: if Kaspersky Security for Mobile has no
11
access to the accessibility service of the Android device and WebFilter is unable to operate, the device is marked as ‘critical’.
o. Kaspersky Endpoint Security for Android: if geolocation is unavailable for Kaspersky Endpoint Security for Mobile on an Android device, the Kaspersky Security Center administrator has the option to setup the status change of such devices to ‘Warning’
p. Kaspersky Endpoint Security for Android: if Kaspersky Endpoint Security for Mobile on Android device has no Device Admin permission, the Kaspersky Security Center administrator has the option to setup a status change of such devices to ‘Warning’
q. Kaspersky Endpoint Security for Android: trial licenses for Kaspersky Endpoint Security for Mobile and associated devices are now displayed in Kaspersky Security Center UI/Reports
Kaspersky Security for Mobile – New Features
Kaspersky Security for Mobile SP 2 MR 1 Update 1 offers the following major features and improvements:1. New mobile OS supported: Android 7.0 and 7.1.1 2. The trial license period has been extended to up to 30 days. The trial license is now
activated via the activation server according to regular license management rules and policies. Repeated usage of trial license is not available.
3. Custom device management scenarios for Android 7 have been implemented. For example, the unlock code no longer changes the device PIN as in previous Android versions – it only unlocks the device screen. Please see http://support.kaspersky.com/13159 for more details.
4. Mobile device no longer become locked after the Alarm command is sent from the management console.
5. A device name in Kaspersky Security Center now includes the device model name and the user’s e-mail, for example: LG Nexus [email protected]
6. Usability of Anti-Theft features has been improved. All Anti-Theft commands were removed from policy and can now be performed from the device list in the Kaspersky Security Center console (by right-clicking on the device name).
7. New notification management: administrators can now granularly manage what Kaspersky Security for Mobile notifications are displayed on a user’s mobile device screen (available for Android devices only).
8. New Kaspersky Security for Mobile update scenario available: starting from Kaspersky Endpoint Security for Android SP1 MR3 update can be performed via policy in the Kaspersky Security Center. For details on the update scenario please refer to http://support.kaspersky.com/9605.
9. The first product start for Android users has been significantly simplified: the number of steps in the First Run Wizard has been reduced (all screens without a call to action for the user were removed, the accessibility permission request has become optional, device admin permission is required only if the device is connected to Kaspersky Security Center or Kaspersky Endpoint Security Cloud (required for Anti-Theft functionality), it’s no longer necessary to install the Kaspersky Security Center connection (general) certificate into the system’s storage).
12
Kaspersky Endpoint Security for Linux – New Features
Kaspersky Endpoint Security for Mac – New Features
Kaspersky Endpoint Security for Linux 10 offers the following major new features and improvements:1. Single application for protection of Linux endpoints – both workstations and servers:
Kaspersky Endpoint Security for Linux 10 combines features of Kaspersky Endpoint Security for Linux and Kaspersky Anti-Virus for Linux File Server
2. Product installation has been significantly simplified3. Kaspersky Endpoint Security for Linux supports OS updates with no re-installation / re-
setup of the application necessary after an OS update 4. Support for cloud reputation services – Kaspersky Security Network and Kaspersky Private
Security Network5. An improved command line interface simplifies product management6. Files can be scanned by regular, unprivileged users 7. Virus-scan of disks boot sectors is now available 8. Memory of launched process can be scanned9. Multiple improvements in application deployment and management
Kaspersky Endpoint Security for Mac 10 SP1 offers the following major updates: 1. Support for subscriptions licensing2. Support for policy profiles3. Support for latest operating system: macOS Sierra.
www.kaspersky.com
© 2017 AO Kaspersky Lab. All rights reserved. Registered trademarks and service marks are the property of their respective owners.
Expert Analysis
HuMachine™
Big Data / Threat Intelligence
MachineLearning