This is a full-featured endpoint and DLP product. It is part of Kaspersky's collection of products built around the anti-malware excellence that the company has demonstrated for years. However, this product goes beyond anti-malware.
There are several components to this product and the entire suite is quite comprehensive. It goes well beyond typical endpoint and DLP, providing such functionality as network access control (NAC), network discovery, and mobile device management (MDM), in addition to the normal DLP and endpoint security one would expect.
We deployed with no difficulty on our virtual test bed. We began with the administration server. There is a straightforward wizard that takes you through the deployment process. A basic protection policy for endpoints is created as part of this deployment, unless such policies already exist. The administration server provides storage for those administration components that one expects, such as server to control as well as providing remote installation and update capabilities for the endpoints and report generation. Administration servers can be set up in a master-slave configuration to promote scalability in large or widely dispersed enterprises.
The virtual administration server - created by the administration server - handles the anti-malware duties for the enterprise. It is a slave of the master administration server. Another component of the system is the mobile device server. It, too, is a child of the administration server and it allows MDM of mobile devices supporting Exchange ActiveSync and iOS that support Apple Push Notifications.
Network agents are installed on the endpoints and run as a service. We deployed one agent for testing and found it to be quite simple to do. Finally, there is the administrator's workstations on which the administration console resides. The administration console is used to define such things as application settings at the endpoints - and these setting are combined into policies. This allows different policy groups to run applications in different ways. The update agent is a computer that takes over the job of keeping the endpoint agents current. This is more efficient than forcing each one to update itself, especially with anti-malware changes/updates.
This is a serious system, best for larger enterprises. There is a fair bit of administration required - though none of it seems particularly onerous - but for a small organization with limited IT resources it could become an issue. That said, once the system is in and running smoothly, the amount of administration should decrease markedly. Many of the routine tasks are easy to automate.
We generally were pleased with the documentation. It is clear and well-annotated with call-out boxes for important information that might get overlooked in the text. However, the Admin Guide was almost completely lacking in screen shots, something that would be very useful for first-time deployment tasks.
The website provides all of the features one expects from a company with the tenure of Kaspersky. The support portals are separated between home, small business and enterprise - with all of the products available for download. It really is a very good self-service website.
Support is equally sophisticated. There is no-cost standard support for the duration of the license and there are additional-cost support options as well. Generally, we found this to be a serious contender in the large enterprise product category. While it is true that there are some complexities to deployment, we found nothing that was particularly off-putting given that users have an IT support infrastructure sufficient to make the most of it. Even left to its own devices after a good deployment, though, you should be reasonably satisfied with its results.