Introduction to Kaspersky Endpoint Security for Businesss

See it – Control it – Protect it
– An into of Kaspersky Endpoint Security for Business

Nathan Wang, VP of Tech Divisions Kaspersky APAC
nathan.wang@kaspersky.com

KESB Launch | Hong Kong | March 7-8, 2013
PAGE 1 | 51

Topics of discussion
1 Business demands and IT challenges

2 Kaspersky Endpoint Security for Business
Encryption: a difficult play or an easy game?
System Manager: what’s new?
MDM: a convenient alternative?
Others: KSV 2.0, KS-Exchange and KLMS 8

3 Kaspersky Lab datasheet

PAGE 2 | 51

Business drivers and their impact on IT
66% of business owners
AGILITY Move fast, be nimble and flexible identify business agility as a
priority

Cut costs 54% of organizations say that
EFFICIENCY their business processes
Consolidate and streamline could be improved

Maximise the value of existing resources 81% of business owners cite
PRODUCTIVITY operational efficiencies as
Do more with less their top strategic priority

IMPACT on IT
IT complexity: more data, more systems, more technology
Pressure on resources and budgets
PAGE 3 | 51

And then, there’s the rise of malware…

New threats every day 200K

Malicious programs specifically targeting mobile devices >35K

Malware files in Kaspersky Lab collection Jan 2013 >100m

1999 2001 2003 2005 2007 2009 2011 2013

PAGE 4 | 51

The impact on IT security

Response:
Malware Anti-malware plus management
tool / dashboard

The #1 target: Response:
Systems / patch
applications!
management

YOUR DATA
Your data is on Response:
the move! Data encryption

Response:
Mobile / BYOD Mobile device
management (MDM)

PAGE 5 | 51

What if?

Malware

The #1 target:

1
applications! PLATFORM
MANAGEMENT CONSOLE
COST YOUR DATA
Your data is on
the move!

Mobile / BYOD

PAGE 6 | 51




PAGE 7 | 51

A high level glance of KES/KSC10

SEE CONTROL PROTECT
Physical, virtual, mobile Configure and deploy Evolve beyond anti-
Identify vulnerabilities Set and enforce IT virus
Inventory HW and SW policies Meet security demands
Take action with clear Manage employee- Protect data and
reporting owned devices devices anywhere
Prioritize patches Rely on Kaspersky
License Management expertise
NAC

PAGE 8 | 51

Kaspersky Kaspersky
Endpoint Security Security Center
•Anti-malware •Security policy mgmnt
•Control Tools •Mobile Device Mgmnt
•Encryption •Systems Management
•Mail and Web •Image Mgmnt •Vulnerability Scan
•NAC •Patch Mgmnt
•Collaboration Server •SW/HW Mgmnt •License Mgmnt

•Smartphones •Server
•Tablets •Workstation
•Laptop

PAGE 9 | 51

Total
Collaboration Mail Gateway
Advanced License Network Software

Kaspersky Security Center
Management Admission (NAC) Installation
Systems Management (SMS)
Image Patch Vulnerability
Management Management Scan

Data Protection (Encryption)
Select Mobile Endpoint Mobile Device Management
Security (MDM)

File Server Security
Application
Control Device Control Web Control

Core Anti Malware + Firewall

Management Endpoint Infrastructure
Cloud protection is enabled for business users via the
PAGE 10 | 51 Kaspersky Security Network (KSN)




PAGE 11 | 51

Encryption – quite difficult mechanism
---- Who is listening and what to do?
Alice eVe Bob

1 0 0 0 2

0+1 0+1 0+2

1 0+2 0+2 0+1 2

0+1+2
0+1+2 0+1+2

PAGE 12 | 51

---- Color trick & numerical arithmetic with one-way function
Alice eVe Bob

PAGE 13 | 51

 Encryption offering
 Full Disk Encryption (FDE)
 File Level Encryption (FLE)
 Removable Media data Encryption (RME)

 Asymmetric encryption — protection for data in transit
 Secure connection between EP and KSC (SSL)
 User and computer keys’ management exchange
 Protection for recovery data

 Symmetric encryption — protection for data at rest
 Full disk encryption
 File level encryption
 Removable media data encryption

 AES encryption module
 256-bit
 56-bit

PAGE 14 | 51

---- Keys used in encryption

 An individual master
key for each computer

 An individual key for
User’s key
each user
Master key
MS DPAPI

 The computer key is
encrypted using
the public key of
the Security Center

 The user’s key is Master key
encrypted using Master key
the personal key Computer key
store User key store

PAGE 15 | 51

---- Document exchange inside a corp network

1 3 Master key #2

Master key #1

Encrypted file
(Master key ID) User key store
4
Computer #1 2 Computer #2

PAGE 16 | 51

---- Boot order when FDE is used
 Authentication Agent starts before the operating system
 Key for decrypting the system boot sector
 Special drivers are responsible for decrypting disk files
during and after the operating system start
Password

Pre-boot Environment
MBR Operating system boot record File system
(Authentication Agent)

Open data Encrypted data

PAGE 17 | 51

Encryption – an easy operation
---- Single Sign-On for end users

Passwords
match

Passwords do
not match

Authentication Agent Windows
Username/Password Username/Password

Authentication Agent
changes the password
Next start

PAGE 18 | 51

---- SSO, a routine policy configuration for IT guys

PAGE 19 | 51

---- Enable encryption and policy configuration

PAGE 20 | 51

---- “Tough” requirements for FLE and data recovery
 The only requirement for FLE is the accessibility of KSC
• The File Level Encryption is integrated to Windows’ authentication;
• The key exchange is materialized automatically;
• The Kaspersky encryption implementation is seamless to end
users and applications, a great example of ease of use;
 The data recovery requirement is simple
• The computer to which the damaged disk connected can not have
FDE enabled;
• Just connect the damaged disk and run the recovery utility;

No FDE enabled Old hard disk

PAGE 21 | 51

---- Data sent to external parties

PAGE 22 | 51

---- Removable Media data Encryption in clicks

PAGE 23 | 51

---- Removable Media data Encryption in clicks

PAGE 24 | 51




PAGE 25 | 51

System Management: What’s new?
---- SM function via KSC and Network Agent

 Software monitoring/inventory
 Hardware monitoring/inventory
 License Management
 Vulnerability detection
 Update management
 Installation of 3rd party’s applications
 Network Access Control (NAC)
 Deployment of operating system images

PAGE 26 | 51

---- Licensed management (remember software inventory?)

PAGE 27 | 51

---- Licensed management (NOT licensing enforcement)

Examples of use cases:
 Error, the number of licenses is exceeded;
 Warning, license will expire soon (in 14 days);
 Info, 95% of the available licenses are used up
PAGE 28 | 51

---- New update management

KL Expertise

KL Vulnerability DB

1. Missing
Windows
updates
Windows
Update 2. Vulnerabilities
Vulnerability from KL
Scan Task database

PAGE 29 | 51

---- Patching vulnerabilities

PAGE 30 | 51

---- Testing tasks patch and update installation

PAGE 31 | 51

---- SM features in KSC9 and in the new KSC10
 The previous implementation in KSC 9 are available:
• Find vulnerabilities and Microsoft application updates (via the local
WU service);
• Installation of selected Microsoft updates (via the local WU service);
• Installation of updates manually created and assigned by
the administrator;
 The new licensed capabilities added to KSC 10:
• Automatic installation of updates and patches according to
the specified rules;
• Using of the KSC Server as a WSUS server;
• Installation of updates and patches for the applications; included in
the Kaspersky Lab database;
• Other new features;
PAGE 32 | 51

---- Network Access/Admission Control (NAC)
 NAC basics
• Usually people think NAC is an appliance using SNMP;
• NAC can be used to securely control authenticated/unauthenticated;
user traffic according policies (based on port, protocol, subnet);
 Capabilities of KL software based NAC
• Block Internet access for computers having «bad» protection status;
• Redirect unmanaged computers to the authorization portal;
• Block any network activity for new devices;
• Allow new computers accessing a special isolated subnet;
 KL NAC architecture
• Enforcers, Policy server, Access policy and Network devices;
• Simple deployment and requires no changes on DHCP, DC;

PAGE 33 | 51

---- Network Access/Admission Control (NAC)

PAGE 34 | 51

---- Remote deployment of operating system images
 Capturing an Operating System image
• Install and use Windows Automated Installation Kit;
• Enable representation of the OS image capture and distribution
functionality;
• Capture a computer image, say a Windows 8 operating system,
with application pre-installed;

 Deploying the image
• Remote install the Windows 8 image to managed computers;
• Remote install the Windows 8 image to ―bare metal‖ computers;

PAGE 35 | 51

1 Business demands and IT chandleries



PAGE 36 | 51

---- What we have been doing manually

PAGE 37 | 51

---- KL MDM architecture

PAGE 38 | 51

---- KL MDM architecture

iOS

Apple Push
Notification
Service

Android
Windows Mobile
Windows Phone
Palm (WebOS)
Nokia (Symbian, Maemo)
PAGE 39 | 51

---- KL Mobile Devices Server installation
 Adding Exchange ActiveSync Mobile Devices Server
• Install Agent and MDM server on an Exchange Server;*
• Testing the connection with a KSC Server;
• Exchange ActiveSync configuration;
 Profile creation and policy configuration
• On the KSC, configures profiles and polices for selected mailbox of the
Exchange
• Sync the profile and policy with the Exchange
 Mobile devices receive profiles and polices**
• Direct Push is used for pushing notifications (MS Exchange ActiveSync)
• Users receive it during the synchronization with the Exchange server

PAGE 40 | 51

---- Synchronizing Mobile Devices with KSC

Mobile
Devices
PAGE 41 | 51

Kaspersky Mobile Endpoint Security
---- Centrally managed by the KSC

CONFIGURE/DEPLOY SECURITY ANTI-THEFT
Via SMS, email or Anti-malware GPS find
tether Anti-phishing Remote block
Anti-spam

POLICY COMPLIANCE APPLICATIONS DATA ACCESS
Set password Containerization Data Encryption
Jailbreak / Root Data access Remote wipe
notice restriction
Force settings

PAGE 42 | 51

---- Still want to go back to the old manual operation?

PAGE 43 | 51

KES/KSC10 in a nutshell

Platform
Console
Cost
See it Control it
PAGE 44 | 51 Protect it




PAGE 45 | 51

KSV 2, KS-Exchange 8, KLMS 8, SPE 10…
---- Kaspersky comprehensive security offering
 Kaspersky Security for Virtualization
• Effectively integrated with vShield, an agentless solution to deliver
cloud/local anti-malware, network protection under KSC management;
• Materialize the mission for VMware to enhance security via an effective
agentless approach;
 Mail, collaboration and gateway security
• Email, SharePoint and gateway security are always the essential;
• Multi-layered spam filtering plus the best anti-malware for security
elevation and resource optimization;
 Service Provider Edition
• A web application designed for ISPs to provide anti-malware security
control/monitoring service for corporate network;
• Coupled with KSV, it delivers cloud based security products and services;

PAGE 46 | 51




PAGE 47 | 51

Kaspersky Lab datasheet

PAGE 48 | 51


PAGE 49 | 51


PAGE 50 | 51

Thank You!

Nathan Wang, VP of Tech Divisions Kaspersky APAC
nathan.wang@kaspersky.com

PAGE 51 | 51

Introduction to Kaspersky Endpoint Security for Businesss

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (14)

Similar to Introduction to Kaspersky Endpoint Security for Businesss

Similar to Introduction to Kaspersky Endpoint Security for Businesss (20)

More from Andrew Wong

More from Andrew Wong (20)

Recently uploaded

Recently uploaded (20)

Introduction to Kaspersky Endpoint Security for Businesss