Installing Kaspersky Security Center. Installing Kaspersky Security Center Installing the Administration Server kaspersky security center 10

This material was prepared for specialists involved in the management of antivirus protection and security at the enterprise.

This page describes and analyzes the most interesting functionality of the latest versions of Kaspersky Endpoint Security 10 and the Central Management Console of Kaspersky Security Center 10.

The information was selected based on the experience of communication by NovaInTech specialists, with system administrators, heads of IT departments and security departments of organizations that are just switching to Kaspersky anti-virus protection, or are going through the process of switching from using the 6th version of the anti-virus on client computers and the Administration management console Kit 8. In the latter case, when anti-virus protection from Kaspersky Lab is already in use, it is also common that IT specialists do not know the most interesting points in the work of new versions of products that really help to make life easier for the same IT specialists, and at the same time increase level of safety and reliability.

After reading this article and watching the videos, you can briefly familiarize yourself with the most interesting functionality provided by the latest version of the Kaseprky Security Center and Kaspersky Endpoint Security management console and see how it works.

1. Installing the Administration Server of Kaspersky Security Center 10.

The required distributions can be found on the official Kaspersky Lab website:

ATTENTION! The distribution kit of the full version of Kaspersky Security Center already includes the distribution kit of the latest version of Kaspersky Endpoint Security.

First of all, I would like to tell you about where to start installing anti-virus protection from Kaspersky Lab: Not from the anti-viruses themselves on client computers, as it might seem at first glance, but from the installation of the administration server and the Kaspesky Security Center central management console (KSC ). With the help of this console, you can deploy anti-virus protection on all computers of your institution much faster. In this video you will see that after the installation and minimal configuration of the KSC administration server, it becomes possible to create an antivirus solution installer for client computers that even a completely unprepared user can install (I think every administrator has such "users") - the installation interface contains everything 2 buttons - "Install" and "Close".

The administration server itself can be installed on any computer that is always turned on or as accessible as possible, this computer must be visible to other computers on the network, and it is very important for it to have access to the Internet (for downloading databases and synchronizing with the KSN cloud).

Watch the video, even if you installed the central console before, but in previous versions - you may hear and see something new for yourself ...

LIKE THE VIDEO?
We also do delivery of Kaspersky products... And even more - we provide technical support. We care about our clients.

2. Setting up centralized management on computers with Kaspersky already installed.

It is often found that in small organizations, system administrators install and configure anti-virus protection on each computer manually. Thus, the time they spend on maintaining anti-virus protection increases and they do not have enough time for some more important tasks. There are cases when administrators, simply due to lack of time, simply do not know that corporate versions of anti-virus protection from Kaspersky Lab generally have centralized management, and do not know that they do not need to pay anything for this miracle of civilization.

In order to "connect" the already installed client antiviruses with the administration server, you need very little:

• Install the Administration Server (Section 1 of this article).
• Install the Administration Server Agent (NetAgent) on all computers - I will describe the installation options in the attached video below.
• After the installation of the Administration Server agent, computers, depending on your settings, will be either in the "Not distributed computers" section or in the "Managed computers" section. If computers will be in "Not allocated computers" - they will need to be transferred to "Managed computers" and set up a policy that will apply to them.

After these actions, your computers will be visible to you from the central console, users will no longer be able to manage the antiviruses installed on their machines and, as a result, there will be less infections and less headache for the administrator.

In the video below, I will try to describe the scenarios for installing NetAgents on client computers, depending on how your network is arranged.

The larger the network, the more the system administrator (or IT department) tries to automate the management of software products. Antivirus software is no exception in this regard.

Many antivirus vendors have remote administration tools in their arsenal; today we will talk about a similar solution from Kaspersky Lab.

In general, Kaspersky Security Center is a rather serious application, which cannot be described in one article for sure. Therefore, in this article, we will analyze only its deployment.

You can download Kaspersky Security Center. The product itself consists of a server that will need to be deployed, an administration console that can be installed on another computer for remote server administration, a web console as an alternative to the usual one, and an administration agent that is installed on client computers and is responsible for communication between the anti-virus software and the server.

The server itself needs to be deployed only on operating systems of the Windows family. Moreover, the presence of a server edition is optional. Systems from XP and higher are supported, but only in Professional / Enterprise / Ultimate editions. A complete list of supported systems can be found on the website.

In addition, the server needs MS SQL or MySQL for its work (you can also remotely). If there is no ready-made database server at hand, the installer of Kaspersky Security Center will install MS SQL Express itself, which is quite enough for most organizations.

So, to deploy the server, download and run the installation file (I recommend downloading the full distribution). As a test bench, we have selected a computer with the Windows Server 2012 R2 operating system.

You will see a convenient menu in which we are currently interested in the "Install Kaspersky Security Center 10" item.

After starting the installation, you will be prompted to accept the license agreement and select the type of installation. For better control over the installation process, let's note the custom installation.

If there are mobile devices on the network, you can install a separate component to manage their protection.

Indicate the size of your network. This point, however, does not carry any important determining force.

Next, the installation program will ask which user to run the Administration Server service from. You can specify an existing user with admin rights, or you can let the installer create a new one.

The next step is to choose a database server. As already mentioned, there are two options - MS SQL or MySQL. If you do not have a ready-made server, Kaspersky Security Center will carefully deploy MS SQL Express.

At this step during the installation process, you may be in for a small surprise if the .NET Framework 3.5 SP 1 is not installed on your system.

In Windows Server, the .NET Framework 3.5 SP 1 is built-in as a component and only needs to be enabled. If you do not have a server operating system, then you need to go to the Microsoft website and download the installer.

Let's consider the option of including the component in Windows Server. To do this, open the Server Manager and select the "Add Roles and Features" item.

A wizard will start, in which we need to indicate that we are going to install roles or components.

Add Roles and Features Wizard in Windows Server

We select our server and skip the selection of roles. In the list of components we find Functions of the .NET Framework 3.5 and mark them with a tick.

Adding a Component to Windows Server

After that, we will return to the installation of Kaspersky Security Center directly.

We need to select the SQL authentication mode. It can be either a separate account or a current one.

The Kaspersky Security Center server needs a shared folder that client computers can access to receive updates and installation packages. You can create a new folder or specify an existing one.

We indicate the ports through which we will connect to the administration server.

We indicate the address of the server on the network. If the server has and will have a static IP address, you can limit it to it. But it's still more convenient to define the server by name.

The last step before installing is choosing the required plugins. Plugins allow you to manage various anti-virus products of Kaspersky Lab. This is useful if you have a whole zoo of versions. Plugins can also be installed later additionally.

Now all that remains is to observe the installation process. Sometimes plugins are required to accept a separate license agreement.

Installation of Kaspersky Security Center is now complete.

Now let's go over the initial server setup. The administration console installed with the server looks like this:

Administration Console of Kaspersky Security Center

The console can be installed separately. And you even need not to log into the server every time for routine actions.

Servers are listed in the left column. So far, there is only our newly created server there. If you are administering several servers, then just click Add Administration Server.

So, click on the server you just created and the Quick Start Wizard will start. You will be asked to activate the program with a code or key. However, this can be done later.

In addition, the wizard will ask for your consent to participate in the Kaspersky Security Network program. In fact, this is another spy on your computers, which sends data to Kaspersky Lab about which resources you visit and where you catch the infection. This is motivated by the creation of a certain knowledge base. In my opinion, for the end user, the meaning of participation in such a program is questionable.

You will also be asked to specify mailboxes for notifications from the Kaspersky Security Center server. You can skip this step.

After all these steps, the server will start downloading the latest updates from the network. In the future, it will be possible to configure as an update source not a Kaspersky Lab server on the Internet, but an upstream server, if there are several of them on your network.

After downloading the updates and polling the network, the wizard will display a success message and offer to launch the Protection Deployment Wizard on Workstations.

We will talk about deploying protection on workstations in.

A connection gateway is used if it is not possible to establish a direct connection with the Administration Server and the client computer. For example, the Administration Server is located in a corporate network, and the client computer is not included in it.

How to install

To locally install Network Agent in connection gateway mode:

1. Run the setup file on the device that will be the connection gateway.

By default, the installation file is located:
\\<Адрес сервера администрирования>\ KLSHARE \ Packages \ NetAgent_10.4.343.

1. Read the terms of the License Agreement and check the box I accept the terms of the License Agreement.

1. Select the installation folder.

1. Ask Server address and uncheck the box Allow Network Agent to open UDP port.

1. Skip step Proxy server configuration.
2. Please select Use as a gateway for connections in the DMZ.

1. Please select Get from Administration Server.

1. Set tags if you use them. For more information on using tags, see the article How and why to use tags in Kaspersky Security Center 10.

1. Skip step Extra options.
2. Check the box Run the program during installation.

1. Click on Install.

How to setup

1. Open Kaspersky Security Center 10.
2. Open the context menu of the node Managed devices and press Create → Group.

1. Enter a name for the new group and click OK.

1. Open up Properties knot Administration Server.
2. Go to section Update Agents and uncheck the box Assign Update Agents Automatically.Click Add.

1. In the field dropdown menu, click Add a connection gateway located in the DMZ at.

1. Enter the connection gateway address and click OK.

1. Select the set of devices associated with this connection gateway. Click on OK.

During the next scan of the network, the Administration Server will find the connection gateway added by the IP address and place it in Unassigned devices.

1. Add connection gateway to group External devices created in step 3.
2. Open up Properties knot Administration Server and go to section Update Agents... Click on Add.
3. In the drop-down menu of the field A device that will act as an update agent click Add a device from the group. Add connection gateway from the group Externaldevices and press OK. Repeat step 8.
4. Select the added connection gateway and open it Properties.

1. Go to section Gateway... Check the box Connection gateway and Initiate the creation of a connection to the gateway from the Administration Server side... Ask Gateway address for remote devices, for example, abc-lab.kaspersky.com. Click on OK.

You can create a Network Agent policy for the connection gateway. When creating in step Net uncheck the box Use UDP port.

Objective.

This lab focuses on installing the Security Center Antivirus Management Server.

Preliminary information.

Before proceeding with the installation, you need to decide on the general scenario for deploying anti-virus protection. There are two main scenarios suggested by the Security Center developers:

• - deployment of anti-virus protection inside three organizations;
• - deployment of anti-virus protection for the client organization's network (used by organizations acting as ssrvisnroviders). The same scheme can be used within an organization that has several remote subdivisions, whose computer networks are administered independently of the network of the head office.

In these labs, the first scenario will be implemented. If you plan to use the second one, then you will additionally need to install and configure the Web-Console component. And here it is necessary to say about the architecture of the Security Center. It includes the following components:

• 1. Administration Server, which performs the functions of centralized storage of information about the LAN programs installed in the organization's network and their management.
• 2. Administration agent interacts between the Administration Server and the LC programs installed on the computer. There are versions of the Agent for different operating systems - Windows, Novell and Unix.
• 3. Administration Console provides a user interface for managing the Server. Administration Console is made as a component of an extension to Microsoft Management

Console (MMS). It allows you to connect to the Administration Server both locally and remotely, via a local network or via the Internet.

4. Kaspersky Security Center Web-Console is designed to monitor the status of anti-virus protection in the network of a client organization managed by Kaspersky Security Center. The use of this component will not be explored in this lab.

• 1. Installing and configuring Administration Server and Console.
• 2. Creation of administration groups and distribution of client computers among them.
• 3. Remote installation on client computers of the Network Agent and anti-virus programs of the LC.
• 4. Updating signature databases of LC programs on client computers.
• 5. Configuring notifications about anti-virus protection events.
• 6. Launching the on-demand scan task and checking the operation of event notifications on client computers.
• 7. Analysis of reports.
• 8. Configuring automatic installation of anti-virus programs on new computers in the network.

This lab will review the implementation of the first stage. In fig. Figure 5.35 shows a diagram of a laboratory bench that simulates a protected network (it was also described earlier in Table 5.4). The goal of this lab is to install the Security Center Server and Administration Console on the AVServ.

Rice. 5.35.

Table 5.5

Differences in versions of the distribution kit of Kaspersky Security Center 9.0

Component	Full
	version	version
Administration Server distribution kit
Kaspersky Endpoint Security for Windows distribution kit
Network Agent distribution kit
Microsoft SQL 2005 Server Express Edition
Microsoft .NET Framework 2.0 SP1
Microsoft Data Access Component 2.8
Microsoft Windows Installer 3.1
Kaspersky Security Center System Health Validator

The Security Center distribution kit can be downloaded from the link http://www.kaspersky.com/downloads-security-center. In this case, you can choose the version of the downloaded distribution - Lite or full. Table 5.5 lists the differences in distributions versions for version 9.0, which was used in the preparation of the descriptions of the laboratory works. To run the laboratory, you will need the full version, since along with the installation of the administration server, the MS SQL Server 2005 Express DBMS will be installed, which is used to store data on the state of anti-virus protection.

Work description.

After completing the preparatory steps, launch the Security Center installation program on the AVServ server. After the welcome window, you will be asked for the path to save the files required during the installation process, another welcome window and a window with a license agreement will appear, which must be accepted to continue the installation process.

When choosing the type of installation, mark the "Custom" item, which will allow you to familiarize yourself in detail with the list of installed components and applied settings.

If you select the "Standard" option, the wizard will install the Administration Server together with the server version of Network Agent, the Administration Console, the application management plug-ins available in the distribution kit, and Microsoft SQL Server 2005 Express Edition (if it has not been installed earlier).

The next step is to select the server components to be installed (Fig. 5.36). We need to install the Administration Server, and leave a check mark on this item.

Cisco NAC technology, which allows us to check the security of a mobile device or computer connecting to the network, will not be used by us.

Also, as part of the laboratory workshop, it is not planned to deploy anti-virus protection on mobile devices (such as smartphones), so we are not installing these components now.

The selected network size affects the setting of values ​​for a number of parameters that determine the operation of anti-virus protection (they are listed in Table 5.6). These settings can be changed, if necessary, after server installation.

You will also need to specify the account under which the administration server will run, or agree to create a new record (Fig. 5.37).

In previous versions of Windows (for example, when installing on Windows Server 2003), the System Account option may appear in this window. In any case, this entry must have administrator rights, which will be required both for creating a database and for the subsequent operation of the server.

Table 5.6

Parameters set depending on the size of the network

Parameter / number of computers		100-1000	1000-5000	More
Display in the console tree of the node of slave and virtual Administration Servers and all parameters associated with slave and virtual Servers	missing	missing	is present	is present
Displaying sections Safety in the properties windows of the Server and administration groups	missing	missing	is present	is present
Creating a Network Agent policy using the Quick Start Wizard	missing	missing	is present	is present
Random distribution of the start time of the update task on client computers	missing	within 5 minutes	in the interval of 10 minutes	in the interval of 10 minutes

Rice. 5.37.

The next step is to select the database server to use (Fig. 5.38). To store data, Security Center 9.0 can use Microsoft SQL Server (versions 2005, 2008, 2008 R2, including Express 2005, 2008) or MySQL Enterprise. In fig. 5.38, a the window for selecting the type of DBMS is shown. If you selected a MySQL server, you will need to specify the name and port number for the connection.

If you use an existing instance of MS SQL Server, you will need to specify its name and the name of the database (by default, it is called KAV). In our laboratory work, we will use the recommended configuration, which implies the installation of MS SQL Server 2005 Express along with the installation of the Security Center (Fig.5.38, b).

Rice. 5.38.

After selecting SQL Server as the DBMS used, you must specify the authentication mode that will be used when working with it. Here we leave the default setting - Microsoft Windows authentication mode (Fig. 5.39).

To store installation packages and distribute updates, the administration server will use a shared folder. You can specify an existing folder or create a new one. The default share name is KL8NAKE.

Rice. 5.39.

You can also specify the port numbers used to connect to the Security Center Server. By default, TCP port 14000 is used, and for SSL-secured connections, TCP port 13000. If you cannot connect to the administration server after installation, you should check if these ports are blocked by the Windows firewall. In addition to those mentioned above, UDP port 13000 is used to transmit information about shutdown of computers to the server.

Next, you will need to specify a method for identifying the administration server. This can be IP address, DNS names, or NetBIOS names. In the virtual network used for the laboratory workshop, a Windows domain is organized and a DNS server is present, so we will use domain names (Figure 5.40).

Rice. 5.40.

The next window allows you to select the plugins to be installed to manage the anti-virus programs of the PC. Looking ahead, we can say that the product will be deployed Kaspersky Endpoint Security 8 for Windows, the plug-in for which we will need (Fig. 5.41).

Rice. 5.41.

After that, the selected programs and components will be installed on the server. After the installation is complete, the Administration Console will be launched, or, if you unchecked the checkbox in the last window of the installation wizard, launch it from the Start -> Programs -> Kaspersky Security Center menu.

Exercise 1.

Follow the description to install the Administration Server on the AVServ virtual machine.

Initial server configuration is performed when the console starts. At the first step, you can specify activation codes or license key files for LC antivirus products. If you have a "corporate" key for several computers, with the default settings, the key will be automatically distributed by the server to client computers.

Rice. 5.42.

You can also agree or refuse to use Kaspersky Security Network (KSN), a remote service for providing access to the Kaspersky Lab knowledge base on the reputation of files, Internet resources and software.

The next step is to configure the settings for notifying the anti-virus protection administrator by e-mail. You must specify the mailing address, smtp-ssrvsr and, if necessary, parameters for authorization on the server (Fig. 5.42). If the lab does not have a suitable mail server, you can skip this step and make the settings later.

If the Internet is accessed through a proxy server, you will need to specify its parameters. After passing this stage, the automatic creation of standard policies, group tasks and administration tasks will be performed. They will be discussed in more detail in the next laboratory work.

Rice. 5.43.

The next step is to automatically start downloading updates. If the download has started successfully, you can, without waiting for the end of the message, click the "Next" button and after finishing the initial configuration wizard, go to the main window of the Administration Console (Fig. 5.43). It should show that there is one managed computer on the network (along with the Administration Server, the Administration Agent was installed on the AVScrv computer), on which there is no anti-virus protection. This is regarded as a critical event.

Task 2.

Complete the initial server setup.

Separately, the administration console can be installed from the Console folder on the distribution disk by running the Setup program. If you are using a distribution kit downloaded from the Internet, then you need to open the folder specified at the beginning of the installation to save the distribution files. By default, this is the C: KSC9 ussianConsole folder.

Rice. 5.44.

Task 3.

Install the Security Center Administration Console on the Stationl .labs.local virtual machine. Check the connectivity to the AVServ.labs.local server. To do this, in the console window, you must specify its address or name (Fig. 5.44), and also agree to receive a server certificate (Fig. 5.45).

Rice. 5.45.

Rice. 5.46.

If the connection fails, check if the ports used to connect to the Security Center server are blocked on the AVScrv server (see above). The setting can be checked through the Control Panel: System and Security -> Windows Firewall -> Allow the program to run through Windows Firewall. The corresponding permissive settings must be present, see fig. 5.46 (the names of the rules remain the same as in the previous version of the product - Kaspersky Administration Kit).

Kaspersky Security Center simplifies the management of security and IT systems. A flexible, scalable console, also available as a web version, meets the security needs of a growing business that are changing with it. It provides comprehensive IT and security management and facilitates the division of responsibilities among administrators.

Kaspersky Security Center offers the following benefits:

• Powerful management console with an additional flexible web interface, accessible anywhere from any stationary or mobile device
• Ability to view security settings and manage protection across the entire corporate environment, including cloud, physical and virtual machines, and mobile devices
• Easily deploy and manage security with out-of-the-box unified policies

It doesn't matter how many workstations you have (fifty or fifty thousand) and what kind of infrastructure (centralized, distributed or mixed) - Kaspersky Security Center allows you to effortlessly install, configure and administer comprehensive protection tools. Simplify scaling and leverage new tools and capabilities to meet the unique needs of your business.

FEATURES AND ADVANTAGES

• Complete overview of protection status

  The growing variety of platforms, devices and software makes life difficult for information security leaders. Complexity negatively impacts security. The more resources you control, the more difficult it is to track and protect them.

  Gathering information about software and hardware and installing vulnerability patches in a timely manner is time-consuming and labor-intensive. Kaspersky Security Center simplifies these tasks. Physical, virtual and cloud desktops, mobile devices and embedded systems are managed from a single console, increasing efficiency and lowering the total cost of ownership.

  • Resource control and cost reduction

    Kaspersky Security Center provides a detailed view of the hardware and software on your network. You can save on licensing costs with centralized monitoring and granting of use rights. Automatic discovery of devices and other hardware, as well as software summary reports, help you optimize resource utilization. Kaspersky Security Center makes it easy to track and control licensing of applications and the equipment you have.

  • Search and elimination of vulnerabilities

    The vulnerability scan and patch management technology in Kaspersky Security Center detects vulnerabilities in applications and operating systems that cybercriminals can use to penetrate your corporate network. Installing patches in a timely manner can eliminate these vulnerabilities before malware can harm you.

    Automatic Vulnerability Scan uses the most up-to-date information about exploit activity coming from the cloud in real time. This allows you to quickly install new critical security fixes without slowing down your systems and users. With support for more than 150 applications, Kaspersky Security Center provides effective vulnerability monitoring for a wide range of applications commonly used in business. The detected vulnerabilities are prioritized, and the most critical ones are eliminated first.

  • Automatic minimization of risks

    Security fixes are automatically downloaded, distributed, and installed on physical, virtual, and cloud-hosted machines. Optimizing the algorithms for installing Microsoft updates can reduce the amount of network traffic and used disk space. You can track the status of patching with detailed reports on the fix of vulnerabilities in third-party applications.

  Optimizing your daily tasks

  Kaspersky Security Center offers extensive IT system administration capabilities that optimize routine tasks in heterogeneous networks.

  The extensible console architecture includes plugins to manage security products for different platforms. When releasing a new product or updating an existing one, the required extension can be installed in Kaspersky Security Center without using patches or reinstalling the console. Client-side management tools make it easy to distribute and deploy software to the workplace. Centralized administration is complemented by role-based access and built-in dashboards so that administrators can only access resources relevant to their job responsibilities.

  • Easy scaling

    You don't need to change the initial settings to scale the console. One server instance of Kaspersky Security Center allows you to administer up to 100,000 physical, virtual and cloud workstations. A single distribution point can serve up to 10,000 hosts. For multiple servers, a hierarchy is maintained in which all slave servers inherit the roles and rights of the master server, and the master server has complete information about each host under the control of each slave server.

  • Data Loss Prevention

    Centrally managed encryption tools further protect data in the event of an attack or device loss. Kaspersky Security Center allows administrators to centrally enable and disable FileVault 2.0 on macOS, encryption of mobile devices, encryption technology from Kaspersky Lab, and Microsoft BitLocker on Microsoft Windows. The console also monitors the status of encrypted devices, reports blocking access to encrypted files, and stores backups of encryption keys locally to recover forgotten credentials.

  • Optimizing remote support

    Reduce response times and improve efficiency by optimizing remote support and troubleshooting capabilities. In Kaspersky Security Center, connection to client / remote computers is performed via RDP, which allows for quick diagnostics and troubleshooting of any software.

  • Easy deployment in remote offices

    Kaspersky Security Center supports remote and automatic configuration of new workstations at company branches. You can also deploy new applications and schedule them to automatically install outside of business hours. This allows for centralized creation, storage and deployment of system images, which greatly facilitates migration, for example, to Microsoft Windows 10.

  • Management of mobile devices based on various platforms

    Kaspersky Security Center allows you to manage both corporate and personal mobile devices equally effectively. Even when working outside the office, employees don't have to worry about the security of their mobile devices.

  • Mobile device security

    Manage the protection of mobile devices using Kaspersky Security Center and form a detailed view of their security thanks to indicators of protection levels. Keep corporate and personal data separate on user and guest devices, and implement passwords and encryption of corporate data to prevent leakage if the device is stolen or lost.

  • Support for employees to work on personal devices

    In many organizations, employees use personal devices for work tasks (BYOD). A convenient system of assistants in Kaspersky Security Center allows you to deploy protection of such devices using Over the Air (OTA) technology, as well as third-party consoles (Samsung KNOX).

  • SaaS Security Management Console

    Manage protection remotely using our cloud-based Kaspersky Security Center console. This is a management server in the Azure cloud. There is no need to waste time and resources on its deployment and support - Kaspersky Lab will take care of them. If you are using Kaspersky Endpoint Security for Business Standard, you can now manage the security of Windows, Mac and Linux workstations directly from the cloud console.
    Key features:

    • Centralized seat discovery and deployment
    • Distribution point support
    • The ability to migrate within the server hierarchy - for example, moving the main server to the cloud while maintaining the slave server in the on-premises infrastructure
    • Migration wizard
    • Supports up to 10,000 nodes - the console is suitable for companies of all sizes, including corporations

    In this case, you can continue to use the existing management tools (MMC console and web console).

    • Enhanced Web Console for Local Management

      You can now administer advanced features such as vulnerability and patch management, encryption and remote desktop management using the web console in Kaspersky Enterprise Security for Windows, Kaspersky Enterprise Security for Mac, and Kaspersky Security for Windows Server.

      The console also supports new solutions - Kaspersky Sandbox and Kaspersky Endpoint Detection and Response Optimum, as well as the latest version of Kaspersky Embedded Systems Security.

    • System Integrity Support

      Kaspersky Security Center allows you to monitor any changes in critical infrastructure components, such as web servers and ATMs, and promptly respond to security breaches. Receive event data from the System Integrity Control component. So you can monitor not only the file system of the device (by monitoring the integrity of files), but also the registry hives, the status of the firewall and connected equipment.

    • Easy security management of all devices

      Deploying, configuring, and enforcing security policies across all devices on all platforms from a single console, providing added visibility, complete control, and efficient management.

    • Protection against attacks in public networks

      The use of unreliable public Wi-Fi networks leaves devices and corporate networks vulnerable. By creating a list of trusted networks for mobile workers, you can deny them access to everyone else without compromising the convenience and productivity of their work.

    • Easy firewall management

      Configuring and managing a firewall for Linux and Windows. Kaspersky Security Center allows you to apply network policy to all endpoints from a single console.

    • Minimizing risks and increasing employee productivity

      You can control which devices and applications can access your network and how they can operate on it, as well as completely control employee access to devices, applications and websites. This allows you to provide reliable protection against malware and other threats.

    • Instant connection protection for cloud environments

      Tight integration between the management console and the Amazon Web Services cloud platform provides complete transparency and control over all instances of Kaspersky Security for Linux and Kaspersky Security for Windows Server deployed in the cloud.

      Install Kaspersky Security Center in the Amazon EC2 cloud to manage the protection of your environment, or subscribe to one of the AMIs available on the AWS Marketplace to get an image with Kaspersky Security Center already installed and ready to use. You can use other public cloud services in the usual way.

    • Optimizing updates and saving traffic

      The new mechanism for updating signatures can reduce the traffic volume between the Kaspersky Security Center server and agents by 20 times.

      Further optimization is possible by using a remote workstation as a distribution point. Each distribution point can now also act as a proxy for Kaspersky Security Network in remote environments.

      Reducing the load on communication channels increases their bandwidth and availability for other tasks.

    • Extensive audit capabilities

      Improved endpoint app auditing enables administrators to track changes and roll back previous policies. An administrator can compare two policies for the same application and get a report on their matching and differing settings. This is especially useful if different administrators have created multiple policies for the same application, or if one top-level policy has been inherited by all local offices and then adapted for each of them.

    BUY

    Kaspersky Security Center is included in:

Full system requirements can be found in. Note: below are the minimum RAM and processor requirements for Administration Server, Administration Console and Network Agent. Review the accompanying user documentation for the complete system requirements before deploying each product.

Administration Server

• Hardware Requirements

  • RAM: 4 GB
  • Free disk space: 10 GB. When using Vulnerability Management and patching, you must have at least 100 GB of free disk space.

• Software Requirements

  • Microsoft Windows 7/8 / 8.1 / 10
  • Microsoft Windows Server 2008/2008 R2 / 2012/2016 /
  • Microsoft Windows Storage Server 2008 R2 / 2012/2012 R2 / 2016

• Database server (can be installed on a different device):

  • Microsoft SQL Server 2008 Express 32-bit.
  • Microsoft SQL Server 2008 R2 Express 64-bit.
  • Microsoft SQL Server 2012 Express 64-bit.
  • Microsoft SQL Server 2014 Express 64-bit.
  • Microsoft SQL Server 2016 Express 64-bit.
  • Microsoft SQL Server 2017 Express 64-bit.
  • Microsoft SQL Server 2008 (all editions) 32-bit / 64-bit.
  • Microsoft SQL Server 2008 R2 (all editions) 64-bit.
  • Microsoft SQL Server 2008 R2 Service Pack 2 (all editions) 64-bit.
  • Microsoft SQL Server 2012 (all editions) 64-bit.
  • Microsoft SQL Server 2014 (all editions) 64-bit.
  • Microsoft SQL Server 2016 (all editions) 64-bit.
  • Microsoft SQL Server 2017 on Windows 64-bit.
  • Microsoft SQL Server 2017 on Linux 64-bit.
  • MySQL Standard Edition 5.6 32-bit / 64-bit.
  • MySQL Enterprise Edition 5.6 32-bit / 64-bit.
  • MySQL Standard Edition 5.7 32-bit / 64-bit.
  • MySQL Enterprise Edition 5.7 32-bit / 64-bit.
  • All supported Microsoft SQL Server versions on Amazon Relational Database Service (RDS) and Microsoft Azure.

Kaspersky Security Center 11 Web Console Server

• Hardware Requirements

  • CPU: CPU: 4 cores, 2.5 GHz
  • RAM size: 8 GB
  • Hard disk: 40 GB

• Software Requirements

  Database server:

  • Microsoft SQL Express 2008, 2008 R2, 2012, 2014
  • Microsoft SQL Server 2008, 2008 R2, 2012, 2014, 2016

• • Microsoft Windows x64: 7 SP1, 8, 8.1, and 10
  • Microsoft Windows Server x64: 2008, 2008 R2, 2012, 2012 R2, and 2016

Kaspersky Security Center Web Console client

• Hardware and software requirements

  Using the Kaspersky Security Center web console on the client side requires only a web browser (Google Chrome 60 or higher). The hardware and software requirements are identical for the web browser requirements.

Administration agent

Minimum requirements for computers on which Network Agent is installed:

• Hardware Requirements

  • CPU with an operating frequency of 1 GHz or higher. For 64-bit operating systems, the minimum operating CPU frequency is 1.4 GHz.
  • RAM: 512 MB.
  • Free disk space: 1 GB.

  A device with installed Network Agent, which will additionally perform the role of Update Agent, must meet the following requirements:

  • Processor: 3.6 or higher.
  • RAM: 8 GB.
  • Free disk space: from 120 GB.

• Supported operating systems

  • Microsoft Windows Embedded POSReady 2009 / POSReady 7 / Standard 7/8 / 8.1
  • Microsoft Windows XP SP3 / 7/8 / 8.1 / 10
  • Windows Essential Business Server 2008
  • Windows Small Business Server 2008/2011
  • Microsoft Windows Home Server 2011 64-bit
  • Microsoft Windows MultiPoint Server 2011
  • Microsoft Windows Server 2008/2008 R2 / 2012/2012 R2 / 2016/2019
  • Microsoft Windows Storage Server 2008 R2 / 2012/2012 R2
  • Debian GNU / Linux 7.x / 8.x / 9.x
  • Ubuntu Server / Desktop 14.04 / 16.04 / 18.04
  • CentOS 6.x / 7.0 64-bit
  • Red Hat Enterprise Linux Server 6.x / 7.x
  • SUSE Linux Enterprise Server / Desktop 12
  • OS X 10.10–10.14

• Supported virtualization platforms

The application is available as part of Kaspersky Endpoint Security for Business and can be used on a subscription basis with flexible monthly licensing. Check with your local partner for system requirements. You can view the subscription options available in your country.