Cybercriminals are exploiting unpatched vulnerabilities within operating systems and popular applications – including Adobe Reader, Internet Explorer, Microsoft Office, Java and many more – as part of their targeted attacks against all sizes of business.
Kaspersky Systems Management enhances your security by patching vulnerabilities – and helping to limit your operating environment, by controlling the devices & software on your network and controlling the distribution of operating systems & applications. Designed to boost administrative efficiency, it also gives you improved visibility of your IT network and automates a vast range of other security and administration tasks. It helps you to manage and secure your corporate IT environment, while reducing IT administration complexity – by delivering multiple capabilities, within a single integrated systems and security management console.
Automatic generation of hardware and software inventories helps to make sure you know exactly what’s running on your network. Whenever new applications or devices are introduced onto your corporate network, Kaspersky Systems Management will automatically discover them – so you can see and manage every element of your IT environment.
Automates vulnerability assessment & patch management
Hackers and malware are increasingly exploiting vulnerabilities – within operating systems and applications – in order to attack corporate IT systems. Our Vulnerability Assessment technology completely automates the detection and prioritization of known vulnerabilities on your network. We then give you centralized control over the distribution of patches. By automating and centralizing these key activities, we help to minimize the time taken to eliminate vulnerabilities and we add extra layers of protection for both your business and the sensitive corporate data it holds.
Reduces IT management complexity
Designed for Windows-based networks, Kaspersky Systems Management automates a wide range of IT administration functions – to help save you time and resources. By giving you a single management console for all functions, it lets you centrally manage security for every endpoint on your corporate network – without you having to switch between multiple products and consoles.
Vulnerability assessment & patch management
Cybercriminals and malware can use unpatched vulnerabilities – within software applications and operating systems – as a gateway into corporate networks. Identifying vulnerabilities – and patching them as soon as possible – is a vital element in any business’s defense against targeted attacks.
Automatic vulnerability detection and prioritization
Kaspersky Systems Management scans your entire corporate network – in order to identify vulnerabilities that result from unpatched applications or operating systems. The detected vulnerabilities can be automatically prioritized – so you know which require immediate attention and which can be patched later.
Automatic patch management
Having identified and prioritized the known vulnerabilities, Kaspersky Systems Management then automatically distributes the necessary patches and updates (for both Microsoft and non-Microsoft software) – to help maintain the stability and security of your systems*. When compared with many other patch management solutions, we distribute new patches more rapidly. This means the vulnerability is eliminated within a shorter period.
Whenever you distribute a patch, you can monitor the patch installation status – by getting a report on whether the patch was successfully applied.
*In a Patch Management Solutions Test – by AV-TEST GmbH – Kaspersky Lab outperformed its competitors in terms of patching quality and features.
When you need to distribute a patch to a remote office, one local workstation can act as the update agent for the entire remote office – to reduce traffic levels on your network. Remote access also helps you to resolve issues, without having to visit distant offices.
IT asset management – hardware & software
If a business doesn’t have total visibility of all hardware and software that’s running on its network, the task of managing and securing systems can be virtually impossible. That’s why Kaspersky Systems Management takes the guesswork out of IT asset management – and IT security.
Automatic hardware inventory
All devices on your network are automatically discovered and recorded in a hardware inventory that includes detailed information about each device. Even guest devices can be automatically discovered – and provided with Internet access, without compromising the security of your corporate systems and data.
Automatic software inventory
A software inventory details all software on your network – so you can control software usage or block unauthorized applications. With information on purchased licenses and expiry dates, the software inventory helps to enable centralized license provisioning and the tracking of license lifecycles.
Automated provisioning – and audited, remote access & troubleshooting – help to minimize the time and resources necessary to set up new workstations or roll out new applications.
Application provisioning and deployment
Kaspersky Systems Management helps to optimize the distribution of application software – and the software deployment process is totally transparent to your users. You can choose between deploying software at your command or scheduling it for after office hours. For some installers, you can specify additional parameters in order to customize the software package that is installed.
By enabling secure, remote connections to any desktop or client computer, Kaspersky Systems Management helps you to resolve issues quickly and efficiently. An authorization mechanism prevents unauthorized remote access – and, for traceability and auditing, all activities performed during a remote access session are recorded in a log.
Optimize traffic on your network
When deploying new or updated software at a remote office, one local workstation can act as the update agent for the entire remote office – to enable remote deployment with less traffic on your network.
Operating system (OS) deployment
To help you to optimize OS deployment – and save you time – Kaspersky Systems Management automates and centralizes the creation, storage and cloning of secured system images.
Control and convenience
Images are held in a special inventory – ready to be accessed during deployment. Client workstation image deployment can be made with either PXE servers (Preboot eXecution Environment) – that have been previously used on the network – or using Kaspersky Systems Management’s own features. By sending Wake-on-LAN signals to computers, you can automatically distribute the images after office hours. UEFI support is also included.
New functions also give you more options for editing an OS image after you’ve created it. You can:
• Run a script or install additional software after the OS has been installed
• Create a boot flash drive with Windows PE
• Import an OS image from distribution packages – Windows Imaging Format (WIM)
Kaspersky Systems Management can scale to cover large IT networks. Centralized management – including Role-Based Access Control for large IT administration teams – plus support for popular SIEM systems help to take the complexity out of managing complex IT environments.
Kaspersky Systems Management includes Kaspersky Security Center – a single unified management console that gives you visibility and control of all of the Kaspersky Lab endpoint security technologies that you’re running. Kaspersky Security Center lets you manage security for your mobile devices, laptops, desktops, servers, virtual machines and more – with the convenience of a ‘single pane of glass’ console.
Role-based division of responsibilities
Role-Based Access Control* helps you to divide security management responsibilities between multiple administrators. For example, you may want one administrator to manage workstation security, while another administrator manages mobile security and a third administrator takes care of all systems management functions. The Kaspersky Security Center console can easily be customized so that each administrator only has access to the tools and information that are relevant to their responsibilities.
Integration with SIEM systems*
Because security information and event management (SIEM) systems can play a vital role in helping enterprise-level businesses to gain real-time monitoring, we’ve included integration with two of the most popular SIEM products – HP ArcSight and IBM QRadar.
*Role-Based Access Control (RBAC) and integration with SIEM systems are only included in Kaspersky Endpoint Security for Business – ADVANCED, Kaspersky Total Security for Business and Kaspersky Systems Management