KasperskyEndpoint Security for Linux

Protection from cyberthreats

Kaspersky Endpoint Security for Linux is built on the world's most tested, most awarded security. It combines the best of human expertise with big data threat intelligence and machine learning. Multiple layers of security detect known and advanced threats, even in memory or boot sectors.

• Real-time protection from zero-day attacks

  Rapid response to zero-day malware is a critical part of Kaspersky's cybersecurity capabilities. Kaspersky Security Network (KSN) is our advanced cloud system that processes anonymized threat data from millions of nodes worldwide, using sophisticated data science technologies to deliver near real-time threat intelligence to every user.

  This agility means that even in zero-day attack situations, where threat information is not yet available to the endpoint, KSN works with Kaspersky Endpoint Security for Linux to stop threats. Big data processing of massive volumes of threat metadata from suspicious files makes it possible to make rapid, accurate decisions about their safety without having to completely analyze their content – with short response times, it's a significant additional layer of security for *nix endpoints.

• Behavior Detection

  Behavior Detection provides proactive defenses, identifying and extracting suspicious behavior patterns and effectively protecting your system against advanced threats.

• Auto-scan of removable drives

  Auto-scan for newly connected storage devices doesn't allow malicious programs that exploit operating system vulnerabilities to replicate themselves via removable drives.

• Network Threat Protection

  Our Network Threat Protection helps to prevent network threats – including port scanning, denial-of-service attacks and buffer-overruns. It constantly monitors network activities and, if it detects suspicious behavior, runs pre-defined responses.

• Web Threat Protection and anti-phishing

  Our Web Threat Protection delivers a near-100% threat detection rate incorporated in the web traffic and blocking blocks harmful scripts.

  Web Threat Protection monitors web traffic for attempts to visit phishing websites – and blocks access to them. To check links on webpages for phishing threats and malicious web addresses, Kaspersky Endpoint Security uses the application databases, heuristic analysis and data from Kaspersky Security Network.

• Harden Linux workloads with Application Startup Control

  Application control is one of the most effective and least resource-demanding technology that helps to drastically reduce the area of attack. Our application control allows you to implement denylist and allowlist modes to either manually block specific unwanted applications, or block all the applications that are not a part of the allowed subset. To simplify the management of application control, the administrator can assign categories to applications. It is also possible to fine-tune the operation by setting up user- or user-group based control rules.

• Reduce exposure to attacks with device control

  Device control reduces your attack surface and helps keep users safe and compliant with security policies.

• Control network risks from one place

  Configure and manage built-in Linux OS firewall settings: Kaspersky Endpoint Security for Linux enables the creation of firewall rules policy, network activity logs and security incident review from one place.

  Enforce network policies to all endpoints from Kaspersky Security Center, your single point of security management and control.

• Stop ransomware

  Kaspersky Security for Linux contains a unique anti-cryptor mechanism capable of blocking encryption of files on shared resources from a malicious process running on another machine on the same network. This system constantly watches over the protected shared folders, tracking the state of the stored files. As soon as encryption activity is detected, the system blocks the attack source machine from accessing the server, stopping the encryption process and preventing the loss of corporate data.

• Help meet regulatory requirements

  The safety of sensitive data is at the top of every business's security agenda. Kaspersky Security for Linux supports this with essential functionality to strengthen security and aid compliance with key principles such as PCI DSS and SWIFT usage requirements. The File Integrity Monitor can guarantee the integrity of system files, logs and critical applications by tracking unauthorized changes in important files and directories.

• Create an inventory of executables

  Whether for compliance purposes or just because a routine security audit is coming up, you can create an inventory of executables on your Linux workloads. The list of executables can also be used to set up the application control rules.

Security for DevOps

Kaspersky Endpoint Security for Linux enables run-time protection from threats, on-demand scanning of containers, images and repositories as well as flexible integration into CI/CD pipelines.

• Container-based deployment and threat scanning API

  Simplified container-based deployment allows you to quickly set up a threat-scanning service for your development environment. REST API and pipeline scripting examples make automation straightforward and helps ensure safe development practices.

• Run-time protection for containerization platforms

  Secure containerization environments ensure safer development, packaging and publishing of applications. Kaspersky Endpoint Security for Linux packs extensive security for containerization platforms and engines, such as Docker, CRI-O, Podman, and runC, enabling On-Access Scan (OAS) for File Threats, providing real-time Behavioral Protection to prevent exploitation, privilege escalation and container escape attempts. Namespaces are supported for threat-carrying entity isolation and granular control of actions that are taken on the abusing entity on detection.

• On-Demand Scanning (ODS) tasks with flexible scope control

  On-Demand Scanning of containers, images and both local and remote repositories allows you to maintain sanitized repos for devs’ needs. Namespace monitoring, flexible mask-based scan scope control and the ability to scan different layers of containers help enforce secure development best practices.

• Rich integration options enable “security as code” approach

  Kaspersky Endpoint Security for Linux provides interfaces to enable a “security as code” approach. Paired with ODS, Kaspersky Endpoint Security for Linux enables transformation of DevOps into DevSecOps, helping combine lean software practices and Just-In-Time application building, packaging and delivery in a controlled and secure way without slowing down the processes.

  CI/CD platform integrations (e.g. Jenkins) simplify pipeline building and automation.

Low footprint for high-performance protection

Kaspersky Endpoint Security for Linux is specifically designed to have minimal impact on other programs and overall system performance. The graphical user interface is optimized for Linux and together with improved command line management capabilities, this simplifies task execution and daily reporting.

• Load balance performance at kernel level

  Load balancing of resources and optimized scanning technology – with the option to exclude trusted processes – enhances overall performance while reducing system requirements for protection. (System resources are reallocated when PC or server load is low or heavily loaded). Kaspersky Endpoint Security for Linux provides exceptional scanning performance with fanotify (kernel internal object) compatibility for on-access scanning.

  Security scanning can be performed in background mode while server software is being updated, helping to reduce server downtime.

• Eliminate unnecessary resource consumption

  Kaspersky Endpoint Security for Linux optimizes resource usage with on-demand and scheduled scanning of local hard disks, media drives, shared file systems and distributed file systems.

  A wide range of settings ensures high protection levels without sacrificing performance, for example:

  • Schedule file scanning for unprivileged users
  • Adjust the level of anti-malware protection
  • Specify exceptions to enable selective scanning

  Kaspersky Endpoint Security for Linux monitors and controls network shares and scans automatically when files are changed, ensuring that resources are optimized.

Centralized management – for ease of use even in mixed IT environments

Spend less time and fewer resources managing IT assets and security: Kaspersky Security Center's 'single pane of glass' console provides powerful security controls and management for all Linux endpoints.

Generate reports, configure group or individual tasks and universal policies, manage scan settings, etc., from the same console that manages Kaspersky security for other platforms, including Windows, Mac OS and Android.

• Simplify deployment and kernel update process

  Application installation takes just a few minutes on x86 and x64 platforms and requires only one package. No additional compatibility packages are required to run on x64 workstations or servers.

  It's not necessary to reinstall or setup following kernel updates on workstations or servers – reliable protection against malware is up and running without the need for administrator involvement.

• Customize tasks and configuration settings

  Customize Linux protection across your business in a structured, efficient way using Kaspersky Security Center for group tasks policies, and policy profiles. Different types of tasks and task priority control help to fine-tune your security.

  Three management options are available:

  • The Kaspersky Security Center MMC console
  • The Kaspersky Security Center's Web Console
  • New The Kaspersky Security Center Cloud Console

How to buy

Kaspersky Endpoint Security for Linux is included in the following products:

• Kaspersky Total Security for Business
• Kaspersky Endpoint Security for Business Advanced
• Kaspersky Endpoint Security for Business Select
• Kaspersky Hybrid Cloud Security
• Kaspersky Hybrid Cloud Security Enterprise