Review: Kaspersky Adds Cloud, Smartphones to Its Updated Offering
The first major overhaul in four years of Kaspersky's business antivirus software, Kaspersky Business Space Security, is out.
Kaspersky is one of Europe's leading antivirus (AV) companies. It is ranked third in the consumer Internet security space (by revenue) just behind Symantec and McAfee, according to Gartner. In recent years, it has also targeted the business security market -- especially the SMB sector, successfully wining SMB market share from the more enterprise-focused Symantec and McAfee.
Kaspersky Business Space Security is its most popular security product for SMBs, offering endpoint protection for smartphones, Windows, Linux and Mac workstations, as well as Windows, Linux and Novell Netware servers. The suite also includes management software for centralized endpoint deployment, monitoring and operation.
In October 2011, the suite had its first major update in four years with the release of the Endpoint Security for Windows 8.0 module. This added one particularly significant new feature: reputation-based protection using Kaspersky's cloud-based Security Network. (This is already included Kaspersky's consumer security products.) The update also replaced Kaspersky's Administration Kit management software with a new Management Center module.
At the heart of the Business Space Security lies Kaspersky's virus signature protection. Peter Beardmore, Kaspersky's senior director of Product Marketing, said the company uses "category-based" signatures that recognize patterns in suspect code, not just particular code strings. This enables the antivirus engine to spot whole types or categories of malware, so that it can detect a virus even if the code has been modified slightly to evade standard antivirus signatures.
The product also offers behavioral protection, or heuristics, but Beardmore says that Kaspersky's works in a different way to most competitors. That's because the software can analyze an application's behavior to spot suspicious activities When it finds such behaviors it can continue to let the application run while preventing the suspicious behavior from happening.
"This provides a much more satisfactory experience for users rather than just interrupting the application and shutting it down," said Beardmore. Typical of many other AV suites, before a new application runs Kaspersky's software can also execute the application in an isolated "sandbox" to determine its capabilities. If the security software decides that the application is potentially malicious it can shut it down, warn the user, or apply heuristics to the application when it runs.
Cloud based intel
Cloud-based information gathering networks are becoming a vital weapon in the fight against malware, so and integration of the Kaspersky Security Network into Business Space Security brings it on a par with rival products from Symantec, Trend Micro and others.
Kaspersky calls its reputation protection Kaspersky Urgent Detection System, and it works by flagging up known malware and sources of malware so that they can be blocked before anything malicious gets executed.
"Previously we would identify new malware in honeypots, create signatures and put them on our update servers. It would take two hours before they would be protecting our endpoints," said Beardmore. "With the Urgent Detection System we put signatures in our cloud-based database and the time-to-protection has now been reduced to about 40 seconds."
Since new viruses or malware sources do most of their damage in the first two hours after launch, this can make a significant difference to security, Beardmore added.
App Control is another new feature, giving control over the behavior of applications running on a system. Every application gets a security rating -- trusted, untrusted, or one of two intermediate ratings -- based on information gleaned from the application itself and from information stored on Kaspersky' Security Network.
"The software then applies a policy to each security rating, so more aggressive behavior monitoring is applied to untrusted application than to trusted ones," said Beardmore. "This can significantly improve the performance of trusted applications."
Another feature, App Startup Control, prevents unwanted or malicious applications from starting up at all. The feature uses an application blacklist created locally -- perhaps containing peer to peer file sharing applications -- as well as applications blacklisted on the Security Network. Kaspersky claims to have around 3 billion blacklisted files as well as 300 million white listed ones.
The software also monitors applications running on a system for known vulnerabilities, and any vulnerable applications are flagged up in the Kaspersky Control Center Software.
One of the problems of malware is the damage that it can do to a system's operating system, and Kaspersky's System Watcher feature, which has already been incorporated into the company's consumer products, aims to provide a way to fix this. Essentially, it logs the behavior of applications running on a system and tries to recognize malicious behavior. If it spots any then it has the capability to roll back changes such as alterations to the registry that the malware may have made.
The Business Space Security suite also includes Kaspersky Endpoint Security for Smartphones, which provides encryption, antivirus protection and remote locking, device wiping and GPS tracking for Blackberry, Android, Windows Mobile And Symbian S60 smartphones. The software can be deployed by administrators over the air or when individual smartphones are connected to endpoint PCs, and is managed from Kaspersky Management Center.
Kaspersky bundles in several other capabilities to provide administrators with control over endpoint users' activities. These include:
USB device control - USB devices can be banned selectively. For example, all USB devices except secure flash drives issued by administrators (recognized by their individual serial numbers) can be banned
Web control - web usage can be controlled by time of day, and individual URLS or URL categories (such as webmail or adult sites) can be blacklisted.
Kaspersky Business Space Security for 10 nodes (workstations or file servers) for one year is $390. For two years it's $585.
Discounts are available for large implementations, e.g. 50 nodes equals $27.50 per user per year.
Paul Rubens has been covering IT security for over 20 years. In that time he has written for leading UK and international publications including The Economist, The Times, Financial Times, the BBC, Computing and ServerWatch.