Editors’ Note: PCMag rates and evaluates all products, including Kaspersky’s, based on their merits and effectiveness, not on any political or other considerations. However, based on the increasing censure and criticism of Kaspersky by US government agencies, foreign agencies, and informed third parties, we can no longer recommendno longer recommend Kaspersky’s products. Because we have not found or been presented with any hard evidence of misdeeds on the part of Kaspersky, however, we are leaving our original review in place for those who wish to decide for themselves.
Since our last review, Kaspersky Endpoint Security Cloud (ESC) has significantly improved its UI and setup experience. It has consistently excelled at protecting systems, and now with the addition of the EDR Preview, it’s starting to become a more competitive endpoint protection solution—though only if you pay considerably more than for the entry-level tier. That said, there seems to be some inexplicable lag in the threat and configuration parts of the application, which keep it behind our Editors’ Choice winners in this space, Bitdefender GravityZone Ultra, F-Secure Elements, and Sophos Intercept X.
Kaspersky ESC Pricing and Plans
The base tier of Kaspersky ESC starts at $202.50 per year for 5 users, though an introductory price of $150 was available for new customers at the time of this writing. Businesses looking for basic EDR protection, however, will need the more expensive ESC Plus tier, which goes for $325 per 5 users yearly (similarly discounted as of this writing, to $240). The Plus tier was the one we reviewed.
Kaspersky’s per-user pricing is advantageous because a modern user is likely to have more than one device that needs protecting. Some competing vendors, including Editors’ Choice winners Bitdefender and F-Secure, license their software per device.
Catering more to midsized businesses, there is also an ESC Select tier that costs $400 for 10 nodes yearly (discounted to $335). This looks similar to Plus but with additional performance features on the endpoint side. The top tier is ESC Advanced. You’ll pay $770 annually for every 10 nodes at this tier (discounted to $575), but it includes everything in the other tiers plus patch management, additional vulnerability scanning, and automation features, among other things.
Comparing these numbers to our other contenders puts Kaspersky at the higher end of cost per device, though it’s still competitive. Our discounted Plus tier pricing breaks down to $48 per device per year, which is a little more than Sophos but significantly less than Bitdefender. Then again, both of those products have much deeper feature sets than ESC at those price points. To rival what our Editors’ Choice winners offer, you’ll need to go for ESC Advanced, which breaks down to $57.50 per device per year, with the discount. That’s more expensive than Sophos and roughly tied with Bitdefender, the latter of which still offers advantages that Kaspersky doesn’t yet have.
If you want to evaluate ESC yourself, you can download a free trial version from Kaspersky’s website.
Getting Started With Kaspersky Endpoint Security Cloud
Kaspersky ESC is primarily desktop-oriented, supporting both macOS and Windows. However, it does offer mobile device management (MDM) features for iOS and Android. Android has better antivirus protection than iOS, though this is a limitation of iOS, rather than an oversight on Kaspersky’s part.
After creating your account and signing in, it takes a while for the workspace to prepare. This was a slight annoyance, but the process only took around five minutes or so. Once you’re in the workspace, you’re presented with several pages of agreements to accept. After that, you’ll proceed to the main entire interface, which has been entirely updated and remodeled.
The Getting Started tab appears first. This offers some quick links to add users, configure notifications, connect devices, and some other setup features. Unfortunately, while we thought it would be nice to be able to default to the Monitoring tab instead, that’s not possible.
The Monitoring tab has been completely redesigned, and most items on it are eligible for drill-down.
Also new in this version is the ability to add devices without creating a user first manually. Previous versions required you to create users first, and while this is still recommended, adding devices without assigning them to users is a refreshing way to rapidly deploy the software to many machines. If you do decide to add users first, this is easily done from the Users screen. But the ability to bind users later is a great compromise that shows how hard Kaspersky has been focusing on user experience.
The Event Log tab is where you’ll find the majority of the actionable information. It quickly breaks down any logged event into Critical, Functional Failure, Warning, Info, and All. Since none of the attempted attacks succeeded in our testing, it was difficult to properly test this section, but we found it comparable to the overview dashboards in other products.
When threats were detected, there was a handy Endpoint Detection Response (EDR) Preview. While it doesn’t have the full EDR capabilities that are available in the ESC Advanced tier and up, it does present a graphical view of the threat chain from start to finish. This is useful when attempting to trace where an attack originates, and it can help you place limits on activities that would result in re-infection. Our only complaint was that threats seem to show up for review inconsistently; sometimes they do, and sometimes they don’t. There was also a considerable lag for any threat to show in the cloud console, despite it being handled rapidly on the endpoint.
Profiles and Reporting
Security profiles are one place where the simplicity of Kaspersky’s new UI is graceful in its application. Most settings are a simple toggle. Where additional detail is required, such as with Device Control and Web Control, an Additional Options button is quickly accessible to the right of the item. Furthermore, each operating system has its own major heading, so there is no confusion about which features apply to which platform. In most instances, the default policy will work just fine for new users, but you’re also given a large degree of freedom to customize and tweak policies for your specific environment.
The Users tab is where both users and groups are managed. As with other endpoint protection products, you can assign security profiles to individual users or groups. This works well and doesn’t require a lot of interpretation.
The quarantine manager is similarly easy to use. Managing the quarantine is a simple matter of selecting the quarantined files and deleting or restoring them. You can also get some generic details about each threat, such as where it was detected, what type of threat it was, and what status the file was in. Some files may simply be flagged as suspicious and you’ll need to clear them manually, while others may be more obvious threats, in which case Kaspersky will clean them on the spot.
One thing that has improved significantly since earlier versions is the reporting module. It now offers real reports that can be exported to PDF or CSV format. Also new is the ability to schedule up to 10 report deliveries. While this seems like a needlessly arbitrary number, 10 would be generous for most small organizations. However, Kaspersky’s reporting features are still fairly basic. The product includes some good reports on network attacks, current threats, vulnerabilities, and so on, but ESET and Bitdefender, for example, provide much more depth and detail than this.
Threat Performance
Our standard endpoint testing suite always begins with an anti-phishing test. Kaspersky doesn’t require a browser plugin for this, but we did need to ensure that Web Thread Protection was enabled in the security profile. For the test, we pulled ten known phishing pages from PhishTank, a collection of suspected and verified phishing websites. Kaspersky detected and blocked all ten.
We next launched a browser-based attack against the system using Metasploit’s AutoPwn 2 feature with a known vulnerable version of Chrome with the Java 1.7 runtime installed. None of the attacks succeeded, which is good, considering that any of them could have resulted in a remote shell exploit.
Kaspersky performed similarly well when we tried launching a version of Windows Calculator with a standard Meterpreter binary attached. The executable wasn’t allowed to launch and Kaspersky removed it from the desktop. A set of Veil 3.0-encoded Meterpreter executables, including PowerShell, Auto-IT, Python, and Ruby, all suffered a similar fate.
Finally, we cut our VM off from the network, extracted a set of known malware executables called TheZoo, and tried running them. Kaspersky’s signature-based detection quarantined each of them before it could run, as it did with several versions of the CryptoLocker ransomware.
Third-party testing underscores our own results. AV-Test awarded Kaspersky Endpoint Security Cloud Plus a 6 in its August of 2021 tests, which marks it as Outstanding. It blocked 100% of 0-day malware attacks in real-world testing using 303 samples, and it blocked 99.9% of widespread malware discovered in the four weeks prior to testing. That test used 18,402 samples.
Much-Improved And Easy to Manage
Kaspersky Endpoint Security Cloud has a top-notch detection engine that covers most major platforms. It blocked every one of our attempts to compromise it, and it held up well in independent lab tests. And yet, while it has made some improvements in its cloud console, it still has room to grow before it can match the feature sets of some of the more comprehensive solutions. We’d also like to see it improve its inconsistent performance. Nevertheless, along with Avast Business Antivirus Pro Plus, it holds a solid place in the easy-to-manage crowd while still offering some more advanced features.
