Endpoint Control: advanced corporate security

The infrastructure of any company needs reliable protection against both external and internal threats. External threats include malicious programs, phishing attacks, attempts to penetrate a company’s network, and other well-known

The infrastructure of any company needs reliable protection against both external and internal threats. External threats include malicious programs, phishing attacks, attempts to penetrate a company’s network, and other well-known dangers. On the other hand, internal problems are often underestimated by businesses, even though the consequences can be substantial — this year 31% of companies have faced data leakages where employees were to blame. This essentially means that ineffective security policies allowed employees access to an infected company computer or stored a confidential document in open-access space.

In order to prevent these types of errors, companies need more than just a carefully designed security policy, they also need effective tools to uphold that policy. The means available to counteract malicious programs and hacker attacks are simply not enough — they must work in concert with effective control tools to monitor how employees are utilizing company IT resources. Kaspersky Lab offers three technologies that can help — these were addressed in previous posts. But in this particular post, I would like to discuss why all three workstation control systems are needed to ensure maximum security performance for your business.

Device Control

Device Control is used to regulate permissions, restrictions, or block the use of various devices (printers, modems, USB flash drives, etc.) within the corporate infrastructure. The rules that are put into place can apply to groups of devices and to specific devices, and can be set to run continuously or over specific, defined periods of time. Device Control lets companies create flexible security policies. For example, it’s possible to prohibit connections to all removable media except for one specific hard drive, on all computers, except for the sysadmin’s workstation.

Web Control

Every quarter, Kaspersky Lab detects over 800,000 malicious websites around the world — and any of them could infect a company’s local network if just one employee opens up a malicious website in their browser. Web Control allows a company’s Tech Support team to easily block these resources, making them inaccessible even if an employee is outside of the network — for example, if he has left on a business trip and is using a company laptop. Kaspersky Lab’s technology can block both malicious websites and any other sites to uphold the company’s security policy. For example, admins can use Web Control to prevent employees from accessing popular social networks and other websites and online games that can distract employees from work.

Application Control

Last — but not least — there is Application Control. Company IT experts can use this technology to set rules for launching legitimate applications on workstations, and to block the use of any unwanted software, including malicious programs. Application Control provides for 16 software categories: corporate products, multimedia, games, browsers, and so on. Administrators can permit or block the use of programs from each category, individual applications, or create exceptions to the general rules. The program database included in Kaspersky Security Network’s cloud system is used as the foundation for Application Control. It currently contains data on over 500 million programs used around the world, and an average of one million new programs is added daily.

Three advantages of Endpoint Control

The first advantage of Endpoint Control is that it offers a set of technologies providing fundamental security control. With Endpoint Control you can be confident that your rules and restrictions for Internet, application, and device usage are being followed and enforced. The second major advantage to Kaspersky Lab’s technologies is the flexibility that they offer. If an employee needs a new application or needs to gain access to a site that was previously blocked, an access request will be sent directly from the Kaspersky Endpoint Security 9 for Windows client to the administrator, and the problem will be resolved within minutes. Finally, the third advantage is centralization. The management of all three technologies is performed using just one console in the Kaspersky Security Center. All rules and restrictions can be applied to individual employees or groups of employees — for example, departments and other divisions, or to all staff members without exception. Furthermore, rules will work for devices operating outside of the corporate network, such as company-issued laptops used by employees on business trips.

These features combine to make Endpoint Control one of the most effective tools available for keeping corporate data secure. In addition to powerful antivirus protection, these Kaspersky Lab technologies minimize the risk of any accidental data leakages, deliberate hacker attacks, or malware epidemics.