With a layered defensive posture that covers a variety of threats, Kaspersky Endpoint Security for Business Advanced can protect an entire company from the worst the web has to offer. It can be customized by adjusting its sensitivity, setting up companywide policies and using its patch management system to not only update systems but load new software. Many items can be grayed out so that users can't change a company's default security configuration.
View all of our internet security and antivirus software reviews on our best picks page.
More to the point, this software solution has the virtue of being moderately priced while catching every piece of malware thrown at it and not inordinately slowing a computer down. It's a must-have for any security-minded company.
Kaspersky's Endpoint Security for Business Advanced (KESBA) is an effective way to wall off a company's digital assets from a hostile outside world. Based on a multilayered approach to security, KESBA combines traditional local scanning with heuristic behavioral monitoring to catch a variety of threats before they get out of control.
KESBA proactively searches for system-altering code and anything identified as suspicious is sent to the Kaspersky Security Network (KSN) for analysis by artificial intelligence agents. The cloud-based lab sends out updates hourly.
On top of trying new software out in a virtual sandbox that can't affect the rest of the system, the program keeps an up-to-date hardware inventory and can be used to recognize systems as they log on. It sets up the appropriate policies and access. Security-conscious IT administrators (and which ones aren't these days) can even set up two-factor authentication or require systems with Trusted Platform Modules (TPM) to connect.
The program's Host-based Intrusion Prevention System (HIPS) can stop unwanted programs in real time while leaving safe programs alone. Meanwhile, KESBA's firewall stops unauthorized entry and blocks the exfiltrating of data from systems.
KESBA lets you centrally create security and access policies, which can be applied to single employees, groups or across the board. The program can control employee browsing policies as well as which external devices, like flash drives, are allowed. The Web and Application Control features are akin to parental controls for employees by allowing IT folks to place certain apps (like games) or web sites (like porn or social media) off limits.
Its patch management system does the expected, continually scanning the operating system and major apps to ensure they have the latest updates. It can perform the updates as they appear automatically, on a schedule or during off hours, and includes remote troubleshooting. Unlike most patch management systems, KESBA can distribute new apps.
For a company's closest secrets, there's KESBA's choice of full-disk or file encryption using AES-256. On the downside, the program lacks a file shredder.
The server version of the software can block email attachments that contain malware, stopping a phishing attempt in its tracks. The software works with IBM Domino and Microsoft Exchange systems.
With KESBA, a lost or stolen phone or tablet doesn't have to lead to a breach, because any can be locked or wiped remotely. Unfortunately, this isn't available with Windows and Mac clients.
A word of caution: Based on fears that Kaspersky has a Russian military connection, the federal government has banned the use of Kaspersky products in government agencies. That doesn't mean you have to as well, because a Kaspersky representative responded that they have nothing to hide and are not a part of any government. The company is moving its KSN infrastructure out of Russia with a new data center in Switzerland and one coming to North America next year. Finally, the company offers up to a $100,000 bounty to anyone who can find a vulnerability in the company's software.
Endpoint Security for Business Advanced Product Specs
Kaspersky Endpoint Security for Business Advanced works with Windows (versions 7, 8, 8.1 and 10) and Mac (OSX 10.9 to 10.14) desktops and notebooks, as well as a variety of Linux systems. The software works with Windows Server 2008 through Server 2012 and virtual platforms like VMWare Workstation 12, Microsoft Hyper-V 2016 and Citrix XenServer 7.14 and 7.2.
You can cover the company's phones and tablets that run on Android or iOS software with the Security for Mobile app. Due to restrictions from Apple, the iOS version doesn't scan for viruses.
Kaspersky Endpoint Security for Business can be downloaded directly or sent from the security console. The 207MB Windows 10 package starts by unpacking its elements and just about installs itself. You'll need to agree to the software license and allow Kaspersky Security Network (KSN) to lift suspect code from your company's systems; it can be turned off at any time. If you like, Kaspersky can set up an in-house version called Kaspersky Private Security Network.
After entering its license keys manually, from a flash drive or LAN file, the software is ready to raise your company's security stance. It took 16 minutes and 30 seconds to load the program on our HP Elitebook Folio G1 notebook with the latest version of Windows 10. That's on the slow side and might prove to be tedious.
Security and Performance
Kaspersky Endpoint Security for Business is in the upper echelon of security programs that is on a par with Bitdefender GravityZone. In AV-TEST's November-December 2018 survey of Windows 10 systems, the program protected against 100% of popular and Zero-Day threats with no false positives to annoy and slow down users. This puts it on a par with Bitdefender's GravityZone.
On the downside, the protection was at the cost of a bit of a slowdown of the system but was better than run-of-the-mill business security software. For instance, using the Kaspersky defenses caused websites to load 15% slower, versus the average of 20%. It lowered the launch of popular apps by 9%, slightly better than the average of 11%.
Overall, it's a slow scanner, with it taking 19 minutes and 25 seconds to run a Full Scan of our Windows 10 HP EliteBook Folio notebook with a 1.2-GHz M7 processor, 8GB of RAM, 250GB of solid-state storage. The scan examined nearly 400,000 individual files. That's slightly slower than Bitdefender GravityZone Ultra, which looked at 50% more files.
By contrast, the package took 2 minutes and 40 seconds to look at 3,865 files with its Critical Areas scan; the Kaspersky Endpoint Security for Business lacks a quick scan option. By contrast, a Quick Scan with GravityZone took 28.4 seconds to examine 49,348 files.
The program's main screen is functional, can be moved around and is compact. Taking up half the display's real estate, it can't be resized, but IT administrators can make it disappear on client systems. The protection is still there, but there's nothing to see or adjust.
While KESBA runs the risk of overwhelming employees because everything is in your face, there's a large check mark front and center to effectively let users know that the system is safe and secure. To the left is a list of protection technologies that are active; each item leads to a description of it and recent activity, like black- and whitelisting of objects.
Below are Protection Components and Tasks. Tap or click and you get the details and the ability to set up Full Scans, Critical Areas Scans or run an Integrity check.
Finally, along the bottom of the main window are links for Reports, a repository for dangerous items the program found and a Settings link. In addition to a link to Kaspersky's support crew, KESBA has a place to see when the current license expires.
The Kaspersky Security Center management console is a gem that puts everything in one place regardless of whether it's monitoring a dozen or a thousand users. It can not only control policies and schedule reporting but can make changes to single systems or the entire fleet.
It can capture vital operational stats, like recent infections, that offer excellent feedback on network security. Its reports are configurable and can be emailed.
If a system gets so overwhelmed with malware that it is unusable, Kaspersky's Rescue Disk 18 can help. By booting the machine in a secure Linux environment, it can be cleaned.
Kaspersky Pricing and Support
At $57.49 per seat for up to 10 licenses, Endpoint Security for Business Advanced is a bargain compared to Bitdefender's Gravity Zone Ultra ($75.11), but slightly more than Avast Business Antivirus Pro Plus ($54). When you get 50 licenses, the cost drops to $38.69.
Kaspersky stands by its Endpoint Security for Business Advanced with technicians standing by 24 hours a day. In addition to being reachable by phone, email, online chat and directly through the app, Kaspersky offers a variety of downloads, setup help and virus-removal advice.
The company offers four levels of premium support that includes faster response times and, for some, a dedicated account manager. The company can perform penetration testing, audits and other premium services.