Installing Kaspersky Security Center. Installing Kaspersky Security Center Installing kaspersky security center 10

Choosing Kaspersky Lab products, you get reliable protection of your IT infrastructure and the ability to control security in your company using a single convenient management console Kaspersky Security Center.

  • System administration

Overview

In the past, the IT department had to work with multiple management consoles at the same time to manage multiple security tools, as well as to perform basic system administration functions. Kaspersky Lab has created a solution that simplifies the work of the administrator.

Ease of controls
The main goal of creating Kaspersky Security Center was to simplify and speed up the processes of configuring, launching and managing IT security tools and systems in a complex IT environment. A unified management console helps you control all the security and system administration tools you use at Kaspersky Lab. With Kaspersky Security Center, you can control every workplace and every device on your network, centrally address security challenges, and lower operating costs and increase productivity.

Intuitive interface
When developing Kaspersky Security Center, our specialists tried to provide the user with the most easy-to-use interface with clearly organized dashboards.

Easy installation
Using the setup wizard, you can quickly and easily install and configure Kaspersky Lab security solutions across the entire IT environment.

Remote access
In addition to the local management console, Kaspersky Security Center has a convenient web console. The presence of such a console allows you to use any computer with Internet access to monitor the protection status of the corporate network.

Simple reporting
Kaspersky Security Center allows you to create and configure various reports on the protection status. Reports can be generated both on demand and according to a specified schedule.

Support for multi-platform environments
Working in the Windows operating system, Kaspersky Security Center supports the management of many operating systems and platforms, including servers and workstations under Windows control, Linux and Novell Netware, as well as mobile devices for Android, iOS, BlackBerry, Symbian, Windows Mobile and Windows Phone.

How to get Kaspersky Security Center

Kaspersky Security Center is included in Kaspersky TOTAL Security for Business and in all Kaspersky products Endpoint Security for business: START, STANDARD and ADVANCED. Kaspersky Security Center will include only those management tools that are required to work with the Kaspersky Lab product of your choice. If you decide to upgrade to more high level Kaspersky Endpoint Security for Business or until the most complete solution, Kaspersky TOTAL Security for Business, additional management tools will automatically appear in the Kaspersky Security Center management console.

Workplace protection management

Installation, configuration and management of workplace protection in Kaspersky Lab solutions are performed in Kaspersky Security Center. From a single console, you can manage the security of your business and protect it from known and new malware software, prevent IT security risks and reduce protection costs.

  • Antivirus protection and firewall
    Allows the administrator to audit the use of applications, allow or block their launch.
  • Whitelisting
    Kaspersky Security Center provides flexible options for managing anti-malware protection tools:
    • set and manage security policies for multiple platforms, including Windows, Linux and Mac;
    • configure protection settings for individual devices, groups of servers and workstations;
    • perform anti-virus scans on demand and on schedule;
    • process quarantined objects;
    • manage anti-virus database updates;
    • manage cloud protection of Kaspersky Security Network;
    • configure and manage your firewall and intrusion prevention system (HIPS).
  • Control of applications, devices and Web Control
    Centralized management of IT infrastructure allows you to create security policies and provide additional protection for valuable data, You can set rules for groups and individual users.
    • limit the launch of unwanted applications on your network using Application Control;
    • create access rules for devices that users connect to the network, based on the type or serial number device, as well as based on the method of connecting the device;
    • Track and control Internet access for the entire enterprise or user groups.
  • File server protection
    A single infected object from the network storage can infect a large number of computers. To avoid this, Kaspersky Security Center allows you to configure and manage all protection functions for file servers.
    • Monitor malware protection for file servers running:
      • Windows;
      • Linux;
      • Novell NetWare.
  • Encryption
    Many encryption products are considered difficult to deploy and require a separate management console. All Kaspersky Lab encryption technologies can be managed from the same Kaspersky Security Center management console from which you manage other Kaspersky Lab security solutions.
    • You can create comprehensive policies that control encryption, anti-malware, device and software control, and other desktop security features.
    • You can create comprehensive policies that control encryption, anti-malware, device and software control, and other desktop security features.
      • hard drives (file and folder encryption or full disk encryption);
      • removable devices (file and folder encryption or full disk encryption).

Mobile device management

Needs for access to corporate systems mobile devices are growing, and Kaspersky Security Center helps to protect them and ensure the safety of using personal devices for work.

  • Mobile protection management
    Kaspersky Security Center helps you deploy and configure protection for mobile devices:
    • customize the protection of mobile workplaces, including the creation of security policies for iOS;
    • install and update software via SMS, e-mail messages or through users' computers;
    • Track whether all users have fully deployed protections to their devices.
    • control access to the corporate network;
    • set policies for groups or individual users using Active Directory;
    • configure ActiveSync settings.
  • Malware protection
    Kaspersky Lab technologies provide comprehensive protection of mobile devices against malicious programs, and Kaspersky Security Center helps to flexibly manage the functions of this protection:
    • Perform malware checks on demand and on schedule.
    • use anti-spam tools to filter out unwanted calls and text messages (except for iOS).
  • Mobile App Management
    Kaspersky Security Center allows you to control which applications can be launched on a user's mobile device running Android:
    • use the "Permission by default" mode to prohibit the launch of only applications from the black list;
    • use the "Deny by default" mode to allow launching only programs from the white list;
    • create a policy to control cases of unauthorized flashing of devices
  • Data encryption on mobile devices
    In addition to managing data encryption in your IT infrastructure, Kaspersky Security Center also allows you to control data encryption on mobile devices:
    • manage full disk encryption on iOS devices;
    • configure encryption of files and folders.
  • Containers
    Kaspersky Security Center allows you to manage the storage of corporate data on personal devices used for work:
    • configure containers to completely isolate corporate data from personal data on the user's device;
    • manage container encryption;
    • control access of programs to certain resources on a mobile device;
    • set restrictions on access to data;
    • use remote troubleshooting tools when you encounter problems with applications or containers.
  • Anti-Thief
    Remote management using Kaspersky Security Center allows you to still control some important functions in the event of a loss or theft of a mobile device:
    • remote blocking will prevent unauthorized access to your corporate network;
    • the search function allows you to determine the approximate location of the missing mobile device;
    • the purge function gives you the option of deleting corporate data or resetting to factory defaults at your choice.

When purchasing Kaspersky Endpoint Security for Business STANDARD, Kaspersky Endpoint Security for Business ADVANCED, Kaspersky TOTAL Security for Business or Kaspersky Security for Mobile Devices, all options for managing mobile devices will be available in Kaspersky Security Center. Thus, you can use a single console to manage your mobile devices, workplace protection and many other Kaspersky Lab technologies.

System administration tools

In addition to granular control over IT infrastructure security, Kaspersky Security Center provides system administration tools that simplify infrastructure management tasks and improve productivity and reduce operating costs.

  • Deploying OS and Programs
    Kaspersky Security Center allows you to manage OS and application images: create, quickly copy and deploy.
  • Installing the software
    The remote software installation function in Kaspersky Security Center saves administrators' time and helps to reduce the volume of traffic transmitted over the corporate network.
    • software deployment on demand or on schedule.
    • Using dedicated update servers
  • License management and accounting of hardware and software
    Kaspersky Security Center allows you to manage hardware and software, as well as track software licenses within your IT infrastructure:
    • Track all devices on your network with automatic hardware inventory;
    • monitor application usage and track license upgrade problems using summary reports generated by Kaspersky Security Center.
  • Vulnerability monitoring
    After inventorying your hardware and software, you can scan for vulnerabilities in operating systems and applications that have not been patched:
    • generate detailed reports on vulnerabilities;
    • Perform vulnerability assessments and prioritize patching.
  • Patch installation management
    Having discovered vulnerabilities, you can efficiently organize the distribution of the most important fixes using Kaspersky Security Center:
    • manage the download of patches from Kaspersky Lab servers;
    • Manage the installation of Microsoft updates and patches on computers on your network.
  • Network access control
    Network Access Control not only automatically discovers devices on the corporate network, but also simplifies setting policies for guest mobile devices:
    • manage policies for granting access to your corporate network from various devices;
    • manage guest access to the Internet and corporate network resources.

All system administration tools will be available in your Kaspersky Security Center management console if you use Kaspersky Endpoint Security for Business ADVANCED, Kaspersky TOTAL Security for Business or Kaspersky Systems Management.

Full list of supported apps:

Kaspersky Security Center manages the operation of the following Kaspersky Lab solutions for protection against information threats:

  • protection of mobile devices:
    • Kaspersky Endpoint Security for Smartphone
  • protection of workstations:
    • Kaspersky Endpoint Security for Linux
    • Kaspersky Endpoint Security for Mac
    • Kaspersky Anti-Virus 6.0 for WindowsWorkstationsMP4
    • Kaspersky Anti-Virus 6.0 Second Opinion Solution MP4
  • server protection:
    • New! Kaspersky Endpoint Security for Windows
    • Kaspersky Anti-Virus for Windows Server s Enterprise Edition
    • Kaspersky Anti-Virus for data storage systems
    • Kaspersky Anti-Virus for Linux File Server
    • Kaspersky Anti-Virus 6.0 for WindowsServersMP4
    • Kaspersky Anti-Virus 5.7 for Novell NetWare
  • protection of virtual environments:
    • New! Kaspersky Security for Virtualization

Please note that support for some versions of security solutions for Microsoft Exchange and ISA Server, as well as previous versions of applications for protecting servers and workstations under Linux management is still performed using Kaspersky Administration Kit - previous version means of centralized management of the protection system.

System requirements

Administration Server

Software requirements: Hardware Requirements:
  • Microsoft® Data Access Components (MDAC) 2.8 or higher or Microsoft® Windows® DAC 6.0
  • Microsoft® Windows® Installer 4.5 (for Windows Server® 2008 / Windows Vista®)
    		•
    Database management system:
  • Microsoft® SQL Server Express 2005, 2008
  • Microsoft® SQL Server® 2005, 2008, 2008 R2
  • MySQL Enterprise
    		•
    32-bit OS:
  • 512 MB RAM
    		•
    64-bit OS:
  • Windows Server 2003
    		•
  • 512 MB RAM
  • 1 GB free hard disk space
    		•

    Administration Console

    Software requirements: Hardware Requirements:
  • Microsoft® Management Console 2.0 or later
  • Microsoft® Internet Explorer® 8.0
    		•
    32-bit OS:
  • Windows Server 2003 (including Windows Small Business Server 2003)
  • Windows Server 2008
  • Windows XP Professional SP2 / Vista SP1 / 7 SP1
    		•
  • 1 GHz processor or faster
  • 512 MB RAM
  • 1 GB free hard disk space
    		•
    64-bit OS:
  • Windows Server 2003
  • Windows Server 2008 SP1 (including Windows Small Business Server 2008)
  • Windows Server 2008 R2 (including Windows Small Business Server 2011)
  • Windows XP Professional / Vista SP1 / 7 SP1
    		•
  • 1.4 GHz processor or higher
  • 512 MB RAM
  • 1 GB free hard disk space
    		•

    Administration web console server

    Software requirements: Hardware Requirements:
  • Web server: Apache 2.2
    		•
    32-bit OS:
  • Windows Server 2003 (including Windows Small Business Server 2003)
  • Windows Server 2008 (including Core mode)
  • Windows XP Professional SP2 / Vista SP1 / 7 SP1
    		•
  • 1 GHz processor or faster
  • 512 MB RAM
  • 1 GB free hard disk space
    		•
    64-bit OS:
  • Windows Server 2003
  • Windows Server 2008 SP1 (including Windows Small Business Server 2008 and Core mode)
  • Windows Server 2008 R2 (including Windows Small Business Server 2011 and Core mode)
  • Windows XP Professional / Vista SP1 / 7 SP1
    		•
  • 1.4 GHz processor or higher
  • 512 MB RAM
  • 1 GB free hard disk space
    		•

    All features of Kaspersky Security Center are included in Kaspersky TOTAL Security for Business. When using other Kaspersky Lab products, the set of capabilities of Kaspersky Security Center will depend on the functionality of the selected solution.

    New Web Console

    The main advantages of Web Console over MMC:

    No client-side installation required, only a web browser needed

    Since you only need a browser, it doesn't matter what operating system

    If you work on a mobile device, you can view reports directly from the beach

    The Web Console supports the User-Centric model, that is, the administrator assigns the policy not to the device, but to the user. The User-Centric management model works when AD devices are assigned owners. The KSC will be able to retrieve this information and assign policy profiles not to devices, but to device owners. The old mode of Device-Centric management, where policy profiles were assigned to devices, remains available and applied by default.

    Web Console is a separate distribution. It can be installed both on a computer with KSC and on a separate computer.

    Interaction scheme:

    The Web Console is a Node.js web server.

    The server side of the Web Console connects to the KSC using the new KSC Open API protocol based on HTTPs. Client part is a SPA (Single Page Application).

    In its simplest form, SPA is a web application whose components are loaded once per page, and content is loaded as needed. Those. when we click on any element of the interface in the Web Console, JavaScript is launched, which loads the modules and renders what we requested. And everything will look as if we went to another page.

    Changes in the interface of the MMC Administration Console

    Several new nodes have appeared in the console tree:

    Multitenant applications - this can include LC applications that have functionality for supporting Multitenancy, for example, KSV.

    Deleted objects - deleted entities, such as tasks, policies, installation packages, go here

    Triggering of rules in Smart Training mode - this contains information about triggering rules in training mode for the new AAC component

    Active threats (formerly Unprocessed files)

    So, what can get into the Deleted objects node. All entities that have a Revisions section in their properties go to the Deleted objects node after deletion.

    Namely: - Policies - Tasks - Installation packages - Virtual Administration Servers - Users - Security groups - Administration groups

    We can say that this is an analogue of the Recycle Bin in Windows.

    Common and end-to-end forKSC subnet list

    In the KSC, subnets can be used in multiple locations. For example, in the properties of KSC, when we want to limit the transmission of traffic by time. In the Agent policy, when configuring connection profiles.

    In KSC 10, it was necessary to set the subnet parameters separately in each of these places, which was not very convenient.

    In KSC 11, a new section has appeared in the properties of the Administration Server, where you can specify a list of subnets within an organization once, and this list will be available anywhere in the KSC, where you must select a subnet as a parameter.

    Installation package: protection level indicator

    The KES 11.1 installation package in KSC 11 no longer has installation options.

    But we added a protection indicator to the properties of the installation package, before such an indicator was only in the policy. If the administrator decides to disable the installation of an important KES 11.1 component, the indicator will change color. You can also see what influenced the change in the level of protection.

    KSC 11: supportdiff - update files

    The update servers store several sets of databases, full and so-called diff files (the difference (delta) between the current and the previous update). Diffs can be daily or weekly. KSC 10 was only able to download full set bases, now it can download both sets, full and diffs.

    The paradox is that KES has been able to work with diffs for a long time, but only when updating from the Internet, now KES can also use diffs when updating from KSC. This will significantly reduce internal traffic many times over.

    Network Agents: Supportdiff - update files

    The option download updates in advance (offline update mode) is enabled in the default Agent policy

    Diff relaying does not work when offline update mode is enabled

    Diff files will not be transferred to older versions of Agents

    BUT! In the properties of the Network Agent there is an option "Download updates from KSC in advance". So if this option is enabled, and it is enabled by default, then KES will be updated the old fashioned way without using diffs.

    KSC 11: Update Agents

    Update Agents can now distribute update DIFF files too.

    In addition, they can now act as KSN Proxy and can forward KSN requests from protected devices to the Administration Server or directly to global KSN servers.

    UpdateAgent: support 10,000 nodes

    By default, KSC assigns Update Agents automatically.

    In KSC 10, if the administrator wanted to manually assign the Update Agent, then in large networks this caused inconvenience. Why? Because before, one Update Agent could support up to 500 hosts. And if there are several thousand hosts on the network, then you had to assign many Update Agents to cover the entire network. In addition, not every computer can become an Update Agent; it must satisfy certain system requirements.

    In general, manually assigning Update Agents on large networks used to be a daunting task.

    Now this problem has disappeared, tk. now one Update Agent supports up to 10,000 hosts.

    Since the number of supported hosts has increased, the system requirements for the computer, which can be assigned an Update Agent, have correspondingly increased (processor frequency 3.6 GHz or higher, OP from 8GB, Free disk space from 120GB)

    FolderKLSHARE has moved: C: \ ProgramData \ KasperskyLab \ adminkit \ 1093 \ .working \ share \

    KSC 11: Backward compatibility of plugins KES

    KSC11 introduces backward compatibility for KES plugins.

    Previously, if the network used different versions KES, then the administrator had to maintain separate sets of policies and tasks for each version. Now, the policies and objectives of KES 11.1 will apply to KES 11 as well.

    KSC 11 - remote installation

    The Remote Installation Wizard has a new section - Behavior for devices managed through other Administration Servers.

    If there are several KSC servers on the network, they can see the same devices. The option avoids installation on a device that is connected to another KSC.

    KSC 11: improvements inRBAC

    First, RBAC no longer requires an Administration Server license.

    Secondly, new roles have appeared: - Auditor - Security Officer - Supervisor. By default, they are not assigned to anyone.

    Thirdly, it is now possible to re-translate the list of roles to slave Administration Servers. Previously, you had to work with roles separately on each Server, it was not very convenient. Now you can create and configure roles in one place on the Main Administration Server and move them down the hierarchy.

    KSC 11: new reports

    Report on the status of application components- allows the administrator to clearly understand where which components are installed and their current status. it important information since an installed but not running component reduces the effectiveness of end-node protection. Previously, the administrator did not have the opportunity to view the status of KES components in one place on all devices at once. To find out which components were installed and running, you had to look at each host separately, which was inconvenient and time-consuming.

    If necessary, on the basis of this report, you can build detailed reports on individual components, for example, see where the Endpoint Sensor is installed.

    Reportonthreatdetectiondistributedbycomponentanddetectiontechnology- information about which component of the protection detected the threat and with the help of which technology. This allows you to visually show the operation of detection technologies and the usefulness of protection components.

    Integration withSIEM via syslog

    You no longer need a license to send events from the KSC to the SIEM system via the syslog protocol.

    But this only applies to Syslog, you still need a license to integrate with ArcSight, QRadar and Splunk!

    Updates installation diagnosticsWindows

    This option automatically enables tracing of the Network Agent. Trace files are stored in the folder -% WINDIR% \ Temp

    TOTALKSC 11:

    A full-fledged KSC Web Console has appeared

    Support for update DIFF files has been implemented

    Implemented backward compatibility support for KES plugins

    Update Agents can act as KSN proxies and support up to 10,000 nodes

    Adding new roles to RBAC does not require a KSC license

    Added new reports

    Integration with SIEM systems via syslog no longer requires a license

    Extended diagnostics of Windows updates installation

    We reviewed the functionality of Kaspersky Endpoint Security 8, which provides a comprehensive multi-level protection system for computers running Windows operating systems. For centralized management of all deployed copies of Kaspersky Endpoint Security 8 on corporate computers, the Kaspersky Security Center solution is used. In the second part of the review, we will take a closer look at how administration is carried out using the new, ninth version of Kaspersky Security Center and what main features it provides.

    The main purpose of Kaspersky Security Center is to provide the administrator with tools for configuring all components of the protection system and access to detailed information about the security level of the corporate network. Kaspersky Security Center is a single tool for centralized management a large set means of protection in the organization provided by Kaspersky Lab. The set of software products that can be managed using Kaspersky Security Center includes solutions for protecting workstations, servers, and mobile devices:

    • Kaspersky Endpoint Security 8 for Smartphone
    • Kaspersky Endpoint Security 8 for Windows
    • Kaspersky Endpoint Security 8 for Linux
    • Kaspersky Endpoint Security 8 for Mac
    • Kaspersky Anti-Virus 6.0 for Windows Workstation;
    • Kaspersky Anti-Virus 6.0 Second Opinion Solution;
    • Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition;
    • Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition;
    • Kaspersky Anti-Virus 8.0 for data storage systems;
    • Kaspersky Anti-Virus 8.0 for Linux File Server;
    • Kaspersky Anti-Virus 6.0 for Windows Servers;
    • Kaspersky Anti-Virus 5.7 for Novell NetWare.

    Figure 1. Logic of using Kaspersky Security Center when protecting an organization's network

    Kaspersky Security Center can operate in two modes - the usual one, which is described in this review, and the mode required for the operation of service providers that provide other organizations with protection of their networks in the form of a SaaS service. This mode requires a special license.

    Kaspersky Security Center is not a standalone program, but a set of software tools that includes:

    • administration server is a service responsible for security management. It is the main module of Kaspersky Security Center and stores all information about managed computers in a database (MS SQL Server or MySQL). In addition to the main administration server, you can organize a hierarchical structure of administration servers to work through them with remote parts of the local network or the local network of the serviced organization. This is especially true for companies with a distributed structure. In this case local users access only their server.
    • Administration Console is a module implemented as a snap-in for the Microsoft Management Console and designed to manage the Administration Server;
    • web console - a web application that has a function similar to the administration console. The difference is that the web console allows you to access the administration server through a browser using the web interface. However, in comparison with the same administration console, it has limited management capabilities;
    • Kaspersky Security Center Administration Agent is an application designed for interaction between the Administration Server and client computers. It is installed on client systems and allows you to receive information about the current state of programs and events that occurred on client computers, send and receive control commands, and also ensures the functioning of the update agent.
    • application control modules - modules that are installed on the administrator's workstation. Purpose - to gain access to Kaspersky Lab software products in an organization through the administration console.

    Figure 2. Block diagram of interaction of Kaspersky Security Center components

    The diagram shows that the administrator can work through the snap-in with several administration servers, which are, for example, company servers located in different offices. In addition, the administrator has the ability to access the administration server through an Internet browser from any computer without having to install any modules on it, which can be useful if it is necessary to monitor the security system. This method access is also used when deploying protection in an organization by an external service provider, whose administration server can be accessed from the protected network using the web console.

    Figure 3. Diagram of using the web console

    ;

    Kaspersky Security Center allows configuring and managing components and settings on client computers. For each user group or a specific user, the administrator can specify various settings for the following components:

    1. Protection components: file antivirus, mail antivirus, web antivirus, IM antivirus, firewall, protection against network attacks, network monitoring, system monitoring.
    2. Control components: application launch control, application activity control, vulnerability scan, device control, web control.

    Figure 4. Diagram of components managed by Kaspersky Security Center

    The ninth version of Kaspersky Security Center is an evolution of the Kaspersky Administration Kit 8.0 tool. Compared to this, a set of new functions has been added to Kaspersky Security Center. Now it is possible to create virtual administration servers; added control over the operation of the "Application Control", "Vulnerability Control", "Web Control" and "Device Control" components; a web console for managing the administration server through a browser; added functions for managing clients on virtual machines. now it is possible to centrally detect and eliminate vulnerabilities on client computers. The functions of tools for managing installations of various components, obtaining additional information about monitored computers, creating reports and working with accounts.

    System requirements

    To work with Kaspersky Security Center 9, the computer must meet the general system requirements specified in Table 1.

    Table 1. Hardware requirements for running on different operating systems

    Operating system version Hardware Requirements
    32-bit OS
    Microsoft Windows Server 2003 Microsoft Windows Server 2008 deployed in Server Core mode Microsoft Windows XP Professional SP2, Vista SP1, 7 SP1.processor with a frequency of 1 GHz or higher; 512 MB of RAM; 1 GB of free hard disk space.
    64-bit OS
    Microsoft Windows Server 2003 Microsoft Windows Server 2008 SP1, 2008 R2, 2008 R2 deployed in Server Core mode; Microsoft Windows XP Professional SP2, Vista SP1, 7 SP1;processor with a frequency of 1.4 GHz or higher; 512 MB of RAM; 1 GB of free hard disk space.

    Since Kaspersky Security Center 9 includes three components - the Administration Server, the Administration Console, and the Web Administration Console Server, for the operation of each of them the following requirements must be met.

    Administration Server

    • Microsoft Data Access Components (MDAC) 2.8 or later or Microsoft Windows DAC 6.0.
    • Microsoft Windows Installer 4.5 (for Windows Server 2008 / Windows Vista).

    Database Management System

    • Microsoft SQL Server Express 2005, 2008;
    • Microsoft SQL Server 2005, 2008, 2008 R2;
    • MySQL Enterprise.

    Administration Console

    • Microsoft Management Console 2.0 or later.
    • Microsoft Internet Explorer 8.0.

    Administration web console server

    • Web server: Apache 2.2.
    • Browser - Internet Explorer 7, Firefox 3.6, or Safari 4.

    Functionality

    The main functions of Kaspersky Security Center are deploying protection on client computers, centralized administration of these applications, and retrieving information about events on protected computers.

    Deploying protection

    1. Remote installation and removal of programs for endpoint protection and administration tools.
    2. Deploying third-party products or custom installation packages on protected computers.
    3. The ability to install endpoint protection systems on infected computers.

    Administration

    1. Creation of virtual administration servers to ensure protection of physically remote segments of an organization's local network or remote offices.
    2. Formation of a hierarchy of administration groups for "flexible" adjustment of the rules for the operation of various user groups.
    3. Combining a set of rules and settings of various components into policies and flexible application of created policies to regulate the activities of a specific user or group of users. The ability to use both standard policies and the creation of new policies.
    4. Implementation of centralized (if necessary - remote) management of programs for endpoint protection.
    5. Centralized updating of databases and protection modules with programs for protecting endpoints.
    6. Centralized work with files placed in quarantine or in backup storage, as well as with objects, the processing of which is deferred.
    7. Inventory of hardware devices and software on computers in the organization's local network.
    8. Centralized detection and elimination of vulnerabilities found in the operating system and various software.
    9. Management of Kaspersky Endpoint Security 8 deployed in virtual environments (automatic detection of virtual machines, lifecycle management of virtual machines, optimization of the load on the host server when performing resource-intensive tasks).

    Monitoring

    • Obtaining information about critical events on protected computers in real time.
    • Obtaining statistics and reports on all events on protected computers. It is possible to generate reports containing events in each protection component and administrator actions. Reports can be generated on a schedule or at the request of the administrator. If necessary, you can configure sending reports in a convenient format by e-mail.
    • Using the web console allows you to organize access to operational information about the protection status and reports from any computer in the network or remotely.

    Also, Kaspersky Security Center now has the ability to manage protection of virtual workstations. When a new virtual machine appears on the network, it is automatically found, connected to the administration console and all necessary components for protection. Kaspersky Security Center allows you to distinguish between virtual and physical machines and combine them into different groups for convenient administration of the virtual infrastructure. Dynamic mode support for Virtual Desktop Infrastructure (VDI) has also been implemented.

    Preparation for use

    To install Kaspersky Security Center, you need to run the installation file of the application, after which the welcome window of the installation wizard will appear.

    Figure 5. The initial window of the Kaspersky Security Center installation wizard

    Next, you need to read the license agreement and accept its terms. After that, you need to select the type of installation. A standard installation contains a minimal set of components and is recommended for networks with up to 200 computers. Custom installation allows you to configure additional settings for Kaspersky Security Center and is recommended for networks containing more than 200 computers. We select a custom installation and click the "Next" button.

    Figure 6. Selecting the type of installation for Kaspersky Security Center

    The next step is to select the components to install.

    Figure 7. Selecting Kaspersky Security Center components for installation

    Figure 8. Selecting the size of the network

    At the next step, you need to select an account under which the Administration Server will run on the computer. There are two types of accounts to choose from - Account system (not available on Windows Vista and later Microsoft operating systems) or user account.

    Figure 9. Selecting an account under which Kaspersky Security Center will run

    After that, you need to select the type of database for the administration server - Microsoft SQL Server (Express Edition) or MySQL. If you select MS SQL Server, if this DBMS is not available, it will be installed. If you choose to work MySQL DBMS- it must already be installed on the system.

    Figure 10. Selecting a database server for Kaspersky Security Center

    The next step is to configure the parameters for connecting to a server with a database. And then an account is configured to connect to the server.

    Figure 11. Configuring the settings for connecting to a server with a database

    After that, you need to determine the location and name of the shared folder in which the installation files and updates will be stored. You can create new folder or select an existing one.

    Figure 12. Creating a shared folder

    Next, you must specify the port number for connecting to the administration server (port 14000 is used by default) and the SSL port number for secure connection to the administration server using the SSL protocol (by default, port 13000 is used).

    Figure 13. Configuring the settings for connecting to the Administration Server

    After that, you need to set the address of the administration server. The address can be DNS name, NetBIOS name, or IP address.

    Figure 14. Setting the address of the administration server

    In the next step, you need to select modules for managing programs. We need a module for managing Kaspersky Endpoint Security 8 for Windows, so we select it.

    Figure 15. Selecting modules for installation

    This completes the configuration process, you can start the installation of the program. Next, you need to restart the operating system, after which the installation can be considered complete.

    After installation, you will need to make a number of additional settings - specify the registration key or code, decide on the use of "cloud" technologies, configure the sending of notifications about events and proxy server settings. After that, you can start working with Kaspersky Security Center.

    Working with the product

    The administration server is managed through the administration console. It is a special snap-in that is integrated into the Microsoft Management Console (MMC).

    Figure 16. Microsoft Management Console snap-in window

    The advantage of using the snap-in is the standard interface that Windows administrators are familiar with. In addition, several different snap-ins can be added to one management console. For example, " Windows firewall", The" Diskeeper "defragmentation program, the" Performance "snap-in, and Kaspersky Security Center.

    Figure 17. An example of creating a management console

    The main window for working with Kaspersky Security Center consists of a menu, a toolbar, an overview pane (console tree), and a workspace. After installing Kaspersky Security Center, we gain access to the administration server through which we will manage the instances of Kaspersky Endpoint Security 8 installed on computers in the local network.

    With a distributed structure of the company, it is necessary to create a set of administration servers that will allow servicing each segment of the network separately, but at the same time, centrally managing everything from one point. This will reduce traffic within the local network, simplify work with remote offices or local network segments. If you have multiple administration servers, you can delegate responsibility for security and authority to manage each virtual server individual administrators. You can add administration servers from the context menu of the "Kaspersky Security Center" node ("New" - "Kaspersky Administration Server" - "Administration Server ..."). The created hierarchy allows you to create rules for inheriting tasks and policies for different administration servers.

    The hierarchy of tools for the administrator's work is shown in Figure 18.

    Figure 18. Hierarchy of tools for the administrator's work

    The Administration Server can be used as a proxy server for Kaspersky Security Network (KSN); a special service, KSN Proxy, is responsible for this. Its use allows all computers managed by the administration server to transmit and receive data to the "cloud" even if they do not have access to the Internet. Also, by caching requests, KSN Proxy allows you to reduce the load on the Internet access.

    Figure 19. Configuring KSN Proxy parameters

    The logic of working with the program when deploying protection and administration is built as follows. First, the administrator configures the administration server settings. After that, administration groups are created in accordance with the logic of the protected network. For example, accounting staff can be prohibited from using any removable media, and for programmers, configure the most stringent web control parameters.

    Computers are added to the created groups, and the Network Agent and Kaspersky Endpoint Security 8 are installed on each computer. Then, security policies are created and configured for each user group. The administrator can also create various tasks (scan for viruses, update, etc.) and set the criteria for their execution (by timer, by event, etc.). After that, the work with the program goes into the background - the administrator needs to periodically review the reports, respond to emerging threats, add new users for protection and perform other network maintenance. Let's take a look at how it works.

    To manage settings for protection operation on client computers, the Computer Management group is used, which contains four panels: Groups, Policies, Tasks, and Computers.

    Figure 20. Group "Computer management"

    Creation of administration groups and their configuration

    The "Groups" panel contains tools for managing groups of computers on the "Administration Server". These administration groups allow you to organize the hierarchy of computers in the network in order to selectively apply various policies and tasks to them in the future. By default, only one, root, group is available. Using the Create Group and Create Subgroup commands in the Groups panel, you can create the hierarchy of computer groups you need for your organization.

    Figure 21. An example of creating administration groups

    Through the context menu of the "Managed computers" node (command "All tasks" - "Create group structure" in context menu) the hierarchy of computers can be generated automatically. For this, information about the structure of domains and workgroups of the Windows network, Active Directory groups, or the contents of a text file is used.

    In the "Groups" panel, you can set the conditions for installing applications on computers that have newly appeared in the group. You can also specify the criteria by which the user's computer will be assigned the "Warning" or "Critical" status. For example, if the databases were not updated for more than X days or more than Y viruses were found.

    Figure 22. Setting the criteria for setting statuses for computers

    After the groups have been created and configured, you can start populating the groups with computers. To do this, use the "Computers" panel, where you can add and remove computers on the "Administration Server". You can also view information about each of the computers on the network - its status, the time the signature databases were updated, the number of viruses found, etc.

    Figure 23. Panel "Computers" with expanded filtering panel

    To add a new computer, you need to click on the "Add computers" button, after which a wizard window will appear. The first step is to determine how to add client computers.

    Figure 24. Window of the Add Client Computers Wizard

    When adding computers manually, you need to specify the ip-address or a range of ip-addresses of computers in the network. You can also import a list from a text file with a list of ip-addresses.

    Figure 25. Manually adding new computers

    When adding automatically, it is enough to specify required computers from the list of detected computers on the network.

    Figure 26. The window for adding computers discovered by the administration server

    If, for some reason, computers were not assigned to administration groups, they remain in the folders of the "Uncommon computers" node. You can also apply tasks and configure policies to these computers. These folders also contain new computers found by the Administration Server when polling the Windows network, IP addresses, and Active Directory groups. After finding new computers on the network, the administrator can move them to one of the existing groups.

    Installing applications via Kaspersky Security Center

    Kaspersky Security Center allows you to install various applications on computers in the local network. These can be Kaspersky Lab applications for client protection or third-party applications. To install the application on client computers, you need to create a task of the appropriate type and specify the computers for which it will run.

    Installing applications through Kaspersky Security Center is primarily required for deploying protection on client computers when starting to use Kaspersky Lab solutions in an organization and when adding new computers for protection.

    To organize protection on client computers, you first need to install Network Agents and Kaspersky Endpoint Security 8. The installation package is installed using the Remote Installation Wizard, which is launched from the Groups panel by clicking the Start installation button. Select the administration agent and click the "Next" button.

    Figure 27. Selecting the program to install

    We indicate that the program is installed "From the shared folder". After the installation of the administration agent, it is more convenient to carry out all installations through it, since in this case it is possible to centrally manage the installation repository. And when a new computer is added to the network, the administrator will be able to run one task to install the entire list of required programs.

    Figure 28. Selecting application installation parameters

    In the next step, you can specify accounts with administrator rights.

    Figure 29. Selecting accounts with administrator rights on the target computer

    After that, you will need to choose whether to restart the computer after installing the program and, if so, whether to do it forcibly or ask the user. This completes the creation of the application installation task and can be launched.

    Figure 30. Starting the application installation task

    If for some reason installation over the network is impossible (for example, the network is disconnected on the computer), then you can create an installation package and provide the user for self-installation.

    The larger the network, the more the system administrator (or IT department) tries to automate management software products... Antivirus software is no exception in this regard.

    Many antivirus vendors have tools in their arsenal remote administration, today we will talk about a similar solution from Kaspersky Lab.

    In general, Kaspersky Security Center is a rather serious application, which cannot be described in one article for sure. Therefore, in this article, we will analyze only its deployment.

    You can download Kaspersky Security Center. The product itself consists of a server that will need to be deployed, an administration console that can be installed on another computer for remote server administration, a web console as an alternative to the usual one, and an administration agent that is installed on client computers and is responsible for communication between the anti-virus software and the server.

    The server itself needs to be deployed only on operating systems Windows family... Moreover, the presence of a server edition is optional. Systems from XP and higher are supported, but only in Professional / Enterprise / Ultimate editions. WITH complete list Supported systems are available on the website.

    In addition, the server needs MS SQL or MySQL for its work (you can also remotely). If there is no ready-made database server at hand, the installer of Kaspersky Security Center will install MS by itself. SQL Express which is sufficient for most organizations.

    So, to deploy the server, download and run setup file(I recommend downloading the full distribution). As test bench we have selected a computer with the operating system Windows Server 2012 R2.

    You will see a convenient menu in which we are currently interested in the "Install Kaspersky Security Center 10" item.

    After starting the installation, you will be prompted to accept license agreement and also select the type of installation. For better control over the installation process, let's note the custom installation.

    If there are mobile devices on the network, you can install a separate component to manage their protection.

    Indicate the size of your network. This point, however, does not carry any important determining force.

    Next, the installation program will ask which user to run the Administration Server service from. You can specify an existing user with admin rights, or you can let the installer create a new one.

    The next step is to choose a database server. As already mentioned, there are two options - MS SQL or MySQL. If you do not have a ready-made server, Kaspersky Security Center will carefully deploy MS SQL Express.

    At this step during the installation process, you may be in for a small surprise if the .NET Framework 3.5 SP 1 is not installed on your system.

    In Windows Server, the .NET Framework 3.5 SP 1 is built-in as a component and only needs to be enabled. If you do not have a server operating system, then you need to go to the Microsoft website and download the installer.

    Let's consider the option of including the component in Windows Server. To do this, open the Server Manager and select the "Add Roles and Features" item.

    A wizard will start, in which we need to indicate that we are going to install roles or components.


    Add Roles and Features Wizard in Windows Server

    We select our server and skip the selection of roles. In the list of components we find Functions of the .NET Framework 3.5 and mark them with a tick.


    Adding a Component to Windows Server

    After that, we will return to the installation of Kaspersky Security Center directly.

    We need to select the SQL authentication mode. It can be either a separate account or a current one.

    The Kaspersky Security Center server requires a shared folder that client computers could access to get updates and installation packages. You can create a new folder or specify an existing one.

    We indicate the ports through which we will connect to the administration server.

    We indicate the address of the server on the network. If the server has and will have a static IP address, you can limit it to it. But it's still more convenient to define the server by name.

    The last step before installing is choosing the required plugins. Plugins allow you to manage various anti-virus products of Kaspersky Lab. This is useful if you have a whole zoo of versions. Plugins can also be installed later additionally.

    Now all that remains is to observe the installation process. Sometimes plugins are required to accept a separate license agreement.

    Installation of Kaspersky Security Center is now complete.

    Now let's go over the initial server setup. The administration console installed with the server looks like this:


    Administration Console of Kaspersky Security Center

    The console can be installed separately. And you even need not to log into the server every time for routine actions.

    Servers are listed in the left column. So far, there is only our newly created server there. If you are administering several servers, then just click Add Administration Server.

    So, click on the server you just created and the Quick Start Wizard will start. You will be asked to activate the program with a code or key. However, this can be done later.

    In addition, the wizard will ask for your consent to participate in the Kaspersky Security Network program. In fact, this is another spy on your computers, which sends data to Kaspersky Lab about which resources you visit and where you catch the infection. This is motivated by the creation of a certain knowledge base. In my opinion, for the end user, the meaning of participation in such a program is questionable.

    You will also be asked to indicate mailboxes for notifications from the Kaspersky Security Center server. You can skip this step.

    After all these steps, the server will start downloading latest versions updates from the network. In the future, it will be possible to configure as an update source not a Kaspersky Lab server on the Internet, but an upstream server, if there are several of them on your network.

    After downloading the updates and polling the network, the wizard will display a success message and offer to launch the Protection Deployment Wizard on Workstations.

    We will talk about deploying protection on workstations in.

    Regardless of whether you manage ten or several thousand workstations as part of a centralized, distributed or mixed IT infrastructure, installation, configuration and administration of all Kaspersky Lab security solutions is carried out through a single management console.

    Centralized management. Scalability. Flexibility

    Kaspersky Security Center allows you to efficiently manage mobile devices (MDM) based on various platforms, monitor vulnerabilities and manage the installation of patches, as well as control devices and applications allowed for use on your corporate network.

    Kaspersky Security Center supports multilevel protection and management technologies that are activated through a single convenient console. Kaspersky Security Center makes it easy to scale the protection system and add new tools and functions to it - both in small, rapidly growing companies and in large corporations with a complex distributed IT infrastructure. Each next level of the Kaspersky Security for Business solution opens additional features protection and management within a single platform - according to your current needs.

    Kaspersky Security for Business levels: consistent expansion of functionality

    Malware protection

    Control of applications, devices, web control

    Mobile device security

    		 Data encryption System administration

    Securing mail servers, Internet gateways, and collaboration servers
    STARTING
    STANDARD
    ADVANCED
    TOTAL SECURITY

    Comprehensive protection. Full control

    Centralized management allows you to increase the transparency of the corporate IT infrastructure, optimize costs and maximize the effectiveness of security management. The tightly integrated functions and tools within Kaspersky Security Center (KSC) ensure efficient management of all technologies implemented in a single platform security of "Kaspersky Lab".

    • Deploy, configure and manage workplace protection from a single center allow you to provide reliable and up-to-date protection of each workplace and device in the corporate network.
    • Security and management tools for mobile devices allow you to centrally manage the security of mobile devices based on different platforms through the same single console that is used to manage the protection of workplaces. This greatly simplifies the monitoring and control of the security of the corporate IT infrastructure without the need for additional effort or technology.
    • Vulnerability monitoring and patch management allows you to quickly detect, prioritize, and centrally patch vulnerabilities. Administrators have complete information about the discovered vulnerabilities. Patches and updates can be installed automatically at short notice, which increases the security level of the entire IT infrastructure.
    • Centralized web control, app and device control helps you regulate and restrict the use of unwanted or unsafe devices, programs and web resources.
    • Centralized management of encryption technologies provides an additional layer of security to help counter the growing threat of data loss from device theft or malware attacks.
    • Advanced management capabilities include automated, centralized security administration, including hardware and software inventory, OS and application imaging, and remote software installation and remote troubleshooting.
    • Support for workstations, mobile devices and virtual machines makes it possible to manage the protection of the entire IT infrastructure through a single console, providing effective monitoring and complete control of the corporate network.
    Main functions and advantages of Kaspersky Security Center

    OPTIMAL DEFAULT SETTINGS
    They are especially relevant for small companies that do not always have enough IT resources to perform additional administrative tasks. Use the settings recommended by our experts, or choose the ones that are right for you.

    SUPPORT FOR MULTI-PLATFORM ENVIRONMENTS
    Security management of physical (Windows®, Linux®, Mac), mobile (Android ™, iOS, Windows Phone) and virtual devices within the corporate IT infrastructure is carried out through a single console.

    SCALABLE PROTECTION FOR COMPANIES OF ANY SIZE
    Support for up to one million Active Directory® objects, as well as the differentiation of administrator rights based on roles and configuration profiles provide flexible operation of the solution in complex environments.

    WIDE POSSIBILITIES OF INTEGRATION
    Integration with major SIEM systems for reporting and security. Integration with external NAC systems including Cisco® NAC, Microsoft® NAP, and SNMP server.

    SUPPORT FOR REMOTE OFFICES
    Traffic optimization and flexible patch distribution. Local work station can act as an update agent for the entire remote office, enabling remote deployment of updates and reducing traffic between offices.

    DETAILED REPORTS
    A wide range of pre-installed report templates, with the ability to customize and generate individual reports. Additional dynamic filtering and sorting of reports by any parameters.

    WEB CONSOLE
    Allows to ensure effective remote control safety of workplaces and mobile devices.

    SUPPORT FOR VIRTUALIZATION
    Virtual machine recognition and load balancing during busy periods, as well as prevention of degrading antivirus "storms" - all through a single management console.


    HOW TO BUY

    Kaspersky Security Center is included in all levels of the line, as well as in a number of solutions for protecting individual network nodes.

    For consultation and receiving a commercial offer, send a request to the address: [email protected]