Docstoc

Enterprise Sales Compendium

Document Sample
Enterprise Sales Compendium Powered By Docstoc
					Enterprise Sales
Compendium




Endpoint Products

Messaging, Web & Infrastructure
Products
Enterprise Sales Compendium




Page 2
Messaging, Web, Infrastructure & Endpoint Products


Enterprise Sales Compendium - Contents

1. Enterprise Sales Compendium Introduction                              16
    1.1. General Overview and Content Concept                             16
    1.2. Project Team                                                     17
    1.3. Product Roadmap and Licensing                                    19
      1.3.1. Product Roadmap Messaging, Web & Infrastructure              19
      1.3.2. Product Roadmap Endpoint Protection and Hosted Services      20

    1.4. Introduction                                                     21
      1.4.1. Product Line Components                                      21

    1.5. Changes in KOSS product line                                     23
      1.5.1. Endpoint                                                     23
      1.5.2. Servers                                                      23
      1.5.3. Mail Servers                                                 23
      1.5.4. Internet Gateways                                            23
      1.5.5. Manageability                                                23

    1.6. Kaspersky Open Space Security Positioning Statement              23
      1.6.1. Best Corporate Protection                                    23
      1.6.2. Efficient Manageability Solutions                            24
      1.6.3. Trusted global support                                       24

    1.7. Targeted Market and Audience                                     25
    1.8. Customers’ problems and value proposition                        25
      1.8.1. Customers’ Problems                                          25
      1.8.2. Kaspersky Lab Value Propositions                             26

    1.9. Licensing and Pricing                                            26
         1.9.2.1. License Calculation                                     27
      1.9.1. Standard subscriptions and volume discounting                27
      1.9.2. Types of Licenses                                            27

    1.10. Product Upgrade                                                 28
    1.11. Key Benefits                                                    29
      1.11.1. Benefits for business customers                             29
      1.11.2. Benefits for IT-specialists                                 29
      1.11.3. Benefits for Partners                                       30

2. The Security Landscape                                                31
    2.1. General                                                          31
      2.1.1. Malware                                                      31
      2.1.2. Entry Points                                                 32
         2.1.2.1. Mail Gateway                                            32
         2.1.2.2. Network                                                 32
         2.1.2.3. Endpoint                                                32
      2.1.3. Protecting Entry Points                                      33
         2.1.3.1. Internet Gateway                                        33
         2.1.3.2. Mail Server                                             33
         2.1.3.3. File Server                                             33
         2.1.3.4. Endpoint                                                34



                                                                       Page 3
Enterprise Sales Compendium

         2.1.4. Case Study: Conficker                                                     35
            2.1.4.1. How would an organisation stop it from infiltrating their network?   35

     2.2. Kaspersky Labs Security Landscape                                               36
         2.2.1. Kaspersky Lab Signatures                                                  36
         2.2.2. What is a malware signature?                                              36
            2.2.2.1. Whitelisting                                                         37
            2.2.2.2. Heuristic                                                            38
            2.2.2.3. Launching Malware by Country                                         39
         2.2.3. Reported Cybercrime                                                       39
         2.2.4. Unix-based malware                                                        40
         2.2.5. Mobile Malware                                                            40
         2.2.6. Information Security Threats in the Second Quarter of 2010
         (www.securelist.com)                                                             41
            2.2.6.1. Quarter in Review                                                    41
            2.2.6.2. Overview                                                             41
            2.2.6.3. Most commonly targeted countries                                     44

     2.3. Regulator Compliance                                                            45
         2.3.1. Data protection and disclosure laws                                       45
            2.3.1.1. The Sarbanes-Oxley Act (SOX)                                         45
            2.3.1.2. Health Insurance Portability and Accountability Act (HIPAA)          46
            2.3.1.3. Gramm-Leach-Bliley Act (GLBA)                                        47
            2.3.1.4. Federal Information Security Management Act (FISMA)                  48
            2.3.1.5. Data Protection Directive (European Union)                           50
            2.3.1.6. Basel II                                                             50
            2.3.1.7. Summary                                                              51

3. Kaspersky Endpoint Security                                                            55
     3.1. Endpoint Applications                                                           55
     3.2. Kaspersky Antivirus for Windows Workstations Release 2
     (KAV 6.0 for Windows WKS)                                                            59
         3.2.1. Features and Benefits                                                     59
            3.2.1.1. New features compared to previous version                            60
         3.2.2. Centralized management                                                    61
         3.2.3. Supported platforms and third-party software                              61
         3.2.4. Independent tests results                                                 62
         3.2.5. Certificates                                                              62
         3.2.6. FAQ                                                                       63
            3.2.6.1. KAV 6.0 for Windows WKS                                              63

     3.3. Kaspersky Endpoint Security for Mac
     (KES for Mac)                                                                        67
         3.3.1. Features and Benefits                                                     67
         3.3.2. Centralized management                                                    68
         3.3.3. Supported platforms and third-party software                              68
         3.3.4. Certificates                                                              69
         3.3.5. Competitor Overview                                                       69
         3.3.6. FAQ                                                                       70
            3.3.6.1. KES 8 for Mac                                                        70

     3.4. Kaspersky Endpoint Security for Linux
     (KES for Linux)                                                                      75
         3.4.1. Features and Benefits                                                     75
            3.4.1.1. New features compared to previous versions:                          76
         3.4.2. Centralized management                                                    76
         3.4.3. Supported platforms and third-party software                              77
         3.4.4. Certificates                                                              77
         3.4.5. Competitors’ overview                                                     77
         3.4.6. FAQ                                                                       79
            3.4.6.1. KES 8 for Linux                                                      79

Page 4
Messaging, Web, Infrastructure & Endpoint Products

    3.5. Kaspersky Endpoint Security for Smartphones
    (KES for Smartphones)                                                                    85
      3.5.1. Features and Benefits                                                           85
         3.5.1.1. New features compared to previous versions:                                86
      3.5.2. Features and Benefits                                                           86
      3.5.3. Deployment                                                                      87
      3.5.4. Centralized Management                                                          89
      3.5.5. Competition Overview                                                            90
         3.5.5.1. Symantec                                                                   90
         3.5.5.2. McAfee                                                                     90
         3.5.5.3. Trend Micro                                                                90
         3.5.5.4. F-Secure                                                                   90
         3.5.5.5. Mobile device management platforms with embedded security features         91
         3.5.5.6. Success Story: London Metropolitan Police                                  91
      3.5.6. Supported Smartphones and Management Platforms                                  91
      3.5.7. FAQ                                                                             92

4. Product : Kaspersky Anti-Virus for File Servers                                          95
    4.1. General Introduction                                                                95
    4.2. Positioning Statement                                                               96
    4.3. Kaspersky Anti-Virus for File Server Product Suite                                  97
      4.3.1. KAV 8.0 for Windows Server Enterprise Edition (KAV 8.0 WSEE)                    97
      4.3.2. KAV 8.0 for Linux File Server (KAV 8.0 LFS)                                     97
      4.3.3. KAV for Novell Netware                                                          97

    4.4. Target Audience                                                                     98
         4.4.3.1. Kaspersky Anti-Virus for Windows Server Enterprise Edition (KAV4WSEE)      98
         4.4.3.2. Kaspersky Anti-Virus for Linux File Server (KAV4LFS)                       98
         4.4.3.3. Kaspersky Anti-Virus for Novell Netware                                    98

    4.5. Target Markets                                                                      99
    4.6. Customer problems and our value proposition                                       100
      4.6.1. Customer problems and needs                                                    100
      4.6.2. Value statement                                                                101

    4.7. Competitive analysis                                                              101
      4.7.1. Key feature comparison: Kaspersky Anti-Virus 8.0
      for Windows Server Enterprise Edition versus Top-4 rivals                             102
      4.7.2. Key feature comparison: Kaspersky Anti-Virus 8.0
      for Linux File Server versus Top-4 rivals                                             102

    4.8. Key Product Features and Benefits                                                 103
      4.8.1. Key Features (by new applications)                                             103
         4.8.1.1. Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition           103
         4.8.1.2. Kaspersky Anti-Virus 8.0 for Linux File Server                            103
      4.8.2. Business benefits for customers                                                104
      4.8.3. Customer benefits for IT-specialists                                           104
      4.8.4. Benefits for partners                                                          104
      4.8.5. Market share forecast                                                          105

    4.9. Application: Kaspersky Anti-Virus
    for Windows Server Enterprise Edition (KAV4WSEE)                                       109
      4.9.1. Microsoft File Server Security                                                 109
      4.9.2. Definition                                                                     109
         4.9.2.1. Main Features                                                             109
         4.9.2.2. Advanced Features                                                         109
         4.9.2.3. New Features compared to KAV for WSEE 6.0                                 109



                                                                                          Page 5
Enterprise Sales Compendium

     4.10. General Application Description                                                              110
         4.10.1. Administration and notifications                                                       111
         4.10.2. Performance                                                                            112
         4.10.3. Supported platforms and third-party software                                           113
         4.10.4. Certifications of the current version of KAV4WSEE 6.0                                  114

     4.11. Application Environment                                                                      115
         4.11.1. Cluster and Cluster types                                                              115
            4.11.1.1. High-availability (HA) cluster                                                    115
            4.11.1.2. Load-Balancing cluster                                                            115
         4.11.2. Enterprise Storage Solutions                                                           116
            4.11.2.1. Storage System Types                                                              116
            4.11.2.2. Direct Attached Storage (DAS)                                                     116
            4.11.2.3. Network Attached Storage (NAS)                                                    116
            4.11.2.4. Storage Area Network (SAN)                                                        117
            4.11.2.5. EMC Corporation                                                                   117
            4.11.2.6. CAVA Features in Detail                                                           118
            4.11.2.7. Netapp Storage Solutions                                                          119
         4.11.3. Terminal Services                                                                      119
            4.11.3.1. Microsoft Terminal Services / Microsoft Remote Desktop Services                   119
            4.11.3.2. Citrix XenApp (formerly Citrix MetaFrame Server and Citrix Presentation Server)   120
         4.11.4. Hierarchical Storage Management                                                        122

     4.12. Solution Overview                                                                            123
         4.12.1. First Case: Microsoft Windows 2008 R2 Failover Clustering                              123
         4.12.2. Second Case: Microsoft Windows 2008 R2 with EMC Storage                                124

     4.13. Application: Kaspersky Anti-Virus for Linux File Server (KAV4LFS)                            127
         4.13.1. Linux File Server security                                                             127
         4.13.2. Definition                                                                             128
            4.13.2.1. Main Features                                                                     128
            4.13.2.2. Advanced Features                                                                 128
            4.13.2.3. New Features compared to KAV for Linux File Server 5.7                            128

     4.14. General Application Description                                                              128
         4.14.1. Administration and notifications                                                       129
         4.14.2. Performance                                                                            131
         4.14.3. Supported platforms and third-party software                                           132
         4.14.4. Certification of KAV4LFS 5.7                                                           132
         4.14.5. Kaspersky Antivirus for Samba Servers                                                  133
            4.14.5.1. Product Information                                                               133
            4.14.5.2. Features                                                                          133
            4.14.5.3. Administration and notification                                                   133
            4.14.5.4. Certifications                                                                    134

     4.15. Application Environment                                                                      134
         4.15.1. General Linux File Server                                                              134
         4.15.2. Samba Server                                                                           134
         4.15.3. Novell Open Enterprise Server 2                                                        135
         4.15.4. FreeBSD Server                                                                         135

     4.16. Solution Overview                                                                            136
         4.16.1. Deployment Scenario: Remote Deployment of KAV4LFS                                      136

     4.17. Application: Kaspersky Anti-Virus for Novell Netware (KAV4Novell)                            139
         4.17.1. Novell Netware File Server Security                                                    139
         4.17.2. Definition                                                                             139
            4.17.2.1. Main Features                                                                     139
            4.17.2.2. Advanced Features                                                                 139




Page 6
Messaging, Web, Infrastructure & Endpoint Products

    4.18. General Application Description                                       140
      4.18.1. Supported Platforms and Third-Party Software                       140
      4.18.2. Administration and Notification                                    141
      4.18.3. KAV4Novell Maintenance Pack 2                                      141
      4.18.4. Certifications                                                     142
      4.18.5. Novell Netware vs. Novell Open Enterprise Server                   143

5. Product : Kaspersky Security for Mail Servers                               147
    5.1. General Introduction                                                   147
         5.1.5.1. Anti-Spam Protection                                           148
         5.1.5.2. Antivirus Protection                                           148

    5.2. Messaging Security Market Overview                                     149
    5.3. Positioning Statement                                                  150
    5.4. Kaspersky Anti-Virus for Mail Server Product Suite                     150
      5.4.1. Kaspersky Security for Mail Servers                                 150
      5.4.2. Kaspersky Security 8.0 for Exchange Servers                         150
      5.4.3. Kaspersky Anti-Virus 8.0 for Lotus Domino                           150
      5.4.4. KAV for Linux Mail Server 5.6                                       151
      5.4.5. Kaspersky Mail Gateway 5.6                                          151

    5.5. Target Markets                                                         151
         5.5.5.1. Microsoft Exchange Server                                      151
         5.5.5.2. IBM Lotus Domino                                               151
         5.5.5.3. Linux Mail Server                                              151

    5.6. Customer problems and value proposition                                154
      5.6.1. Customer problems and needs                                         154
      5.6.2. Value Statement                                                     154

    5.7. Competitive Analysis                                                   155
      5.7.1. Key feature comparison: KS 8.0 for Exchange versus Top-5 rivals     155
      5.7.2. Key feature comparison: KAV 8.0 for
      Lotus Notes Domino versus Top-3 rivals                                     156
      5.7.3. Key feature comparison: KAV for Linux Mail
      Solutions versus Top-2 rivals                                              156

    5.8. Key Product Features and Benefits                                      157
      5.8.1. Key features: KS 8.0 for Microsoft Exchange                         157
         5.8.1.1. Main features                                                  157
         5.8.1.2. Advanced features                                              157
      5.8.2. Key features: KAV 8.0 for Lotus Notes Domino                        157
         5.8.2.1. Main features                                                  158
         5.8.2.2. Advanced features                                              158
      5.8.3. Key features: Kaspersky Anti-Virus for Linux Mail Server            158
         5.8.3.1. Main features                                                  158
      5.8.4. Key features: Kaspersky Mail Gateway                                158
         5.8.4.1. Main features                                                  158
         5.8.4.2. Key features: Kaspersky Anti-Spam                              159

    5.9. Key Product Benefits                                                   159
      5.9.1. Business benefits for customers                                     159
      5.9.2. Customer benefits for IT- specialists                               159
      5.9.3. Benefits for partners                                               160

    5.10. Market Share Forecast                                                 160




                                                                               Page 7
Enterprise Sales Compendium

     5.11. Microsoft Exchange Market Overview                                           161
         5.11.1. Microsoft Exchange vs. Competitors                                     163
            5.11.1.1. Microsoft Exchange market shares by region and sector             164
            5.11.1.2. Microsoft Exchange market share by version                        170

     5.12. IBM Lotus Notes Domino Market Overview                                       171
         5.12.1. General Overview                                                       171
         5.12.2. Messaging                                                              171
         5.12.3. Administration                                                         171
            5.12.3.1. IBM Lotus Domino Designer                                         172
            5.12.3.2. IBM Lotus Domino Strength (based on Radicati Group Research)      172
            5.12.3.3. IBM Lotus Domino Weaknesses (based on Radicati Group Research)    172
            5.12.3.4. IBM Lotus Notes (Client)                                          172
         5.12.4. IBM Lotus Domino Market Shares                                         173

     5.13. Application: Kaspersky Security for Microsoft Exchange Servers               181
         5.13.1. Exchange Server security                                               181
         5.13.2. Definition                                                             181
            5.13.2.1. Main Features                                                     181
            5.13.2.2. Advanced Features                                                 181
            5.13.2.3. New Features compared to KSE 6.0                                  181
         5.13.3. Anti-Spam protection                                                   182
         5.13.4. Antivirus Protection                                                   184
         5.13.5. Administration and Notifications                                       185
         5.13.6. Performance                                                            187
         5.13.7. Server Architecture                                                    188
         5.13.8. Supported Platforms                                                    188

     5.14. Application Environment                                                      189
         5.14.1. Microsoft Exchange Overview                                            189
            5.14.1.1. Microsoft Exchange 2007                                           189
            5.14.1.2. Microsoft Exchange 2007 - Unified Messaging                       189
            5.14.1.3. Microsoft Exchange 2010                                           190
            5.14.1.4. Microsoft Exchange 2010 - Unified Messaging                       191
         5.14.2. Microsoft Exchange Roles in Detail                                     191
         5.14.3. Failover and High Availability                                         192
         5.14.4. Database Availability Group (DAG)                                      194

     5.15. Application Solutions                                                        196
         5.15.1. All-in-One Exchange Server Architecture                                196
         5.15.2. Distributed Exchange Server Architecture                               197
         5.15.3. Clustered Exchange Server Architecture                                 198
         5.15.4. Database Availability Group (DAG) based Exchange Server Architecture   199

     5.16. Application: Kaspersky Anti-Virus for Linux Mail Server                      203
         5.16.1. Linux Mail Server Security                                             203
         5.16.2. Definition                                                             204
            5.16.2.1. Main Features                                                     204
            5.16.2.2. Advanced Features                                                 204

     5.17. General Application Description                                              204
         5.17.1. Administration and Notification                                        205
         5.17.2. Certifications                                                         205

     5.18. Application Environment                                                      206
         5.18.1. Linux Mail Architecture                                                206
            5.18.1.1. Postfix                                                           207
            5.18.1.2. EXIM                                                              207
            5.18.1.3. SendMail                                                          208
            5.18.1.4. qMail                                                             208
            5.18.1.5. “A Mail Virus Scanner” AMaViS                                     209



Page 8
Messaging, Web, Infrastructure & Endpoint Products

      5.18.2. Competitor Overview                                          211
         5.18.2.1. ClamAV                                                  211
         5.18.2.2. ESET Mail Security                                      211
         5.18.2.3. F-Prot Antivirus for Linux x86                          212
         5.18.2.4. Avira MailGate Suite                                    212
         5.18.2.5. Trend Micro Messaging Security Suite                    213

    5.19. Application: Kaspersky Mail Gateway                             217
      5.19.1. Mail Gateway Security                                        217
      5.19.2. Definition                                                   217
         5.19.2.1. Main Features                                           217
         5.19.2.2. Advanced Features                                       217

    5.20. General Application Description                                 218
      5.20.1. Administration and Notification                              218
      5.20.2. Application Environment                                      219
         5.20.2.1. Mail Gateway Infrastructure Overview                    219

    5.21. Application: Kaspersky Anti-Spam                                223
      5.21.1. Anti-Spam Protection                                         223
      5.21.2. Definition                                                   224
         5.21.2.1. Main Features                                           224
         5.21.2.2. Advanced Features                                       224

    5.22. General Application Description                                 224
      5.22.1. Administration and Notification                              225
      5.22.2. Certifications                                               225
      5.22.3. Competive Overview                                           226
         5.22.3.1. Symantec Brightmail Message Filter                      226
         5.22.3.2. SpamAssassin                                            226

    5.23. Application: Kaspersky Anti-Virus for Lotus Notes Domino        231
      5.23.1. Lotus Notes Domino Security                                  231
      5.23.2. Definition                                                   231
         5.23.2.1. Main Features                                           231
         5.23.2.2. Advanced Features                                       231
         5.23.2.3. New Capabilities                                        231
      5.23.3. Anti-Virus Protection                                        232
      5.23.4. Administration and Notification                              233
      5.23.5. Performance                                                  235
      5.23.6. Supported Platforms                                          236

6. Product: Kaspersky Security for Internet Gateway                      239
    6.1. General Introduction                                             239
    6.2. Positioning Statement                                            240
    6.3. Kaspersky Security for Gateways Product Suite                    240
      6.3.1. KAV 8.0 for Microsoft ISA Server and TMG Standard Edition     240
      6.3.2. KAV 5.6 for Microsoft ISA Server Enterprise Edition           240
      6.3.3. Kaspersky Anti-Virus for Proxy Server                         240
      6.3.4. Kaspersky Anti-Virus for Check Point FireWall-1               240
      6.3.5. Date of the changes                                           241

    6.4. Target Market and Audience                                       241
    6.5. Target Market                                                    242




                                                                         Page 9
Enterprise Sales Compendium

     6.6. Customer Problems and Value Proposition                                              242
          6.6.1. Customer Problems and Needs                                                   242
          6.6.2. Value Statement                                                               243

     6.7. Competitive Analysis                                                                 243
             6.7.2.1. Market Overview                                                          243
             6.7.2.2. Competitive analysis*                                                    243
          6.7.1. Key feature comparison of KAV 8.0 for Microsoft ISA/TMG versus Top-4 rivals   244
          6.7.2. Key feature comparison for KAV for Proxy Server versus Top-2 rivals           244

     6.8. Key Product Features                                                                 245
          6.8.1. Key features of KAV 8.0 for Microsoft ISA Server and Forefront TMG            245
          6.8.2. Key features of KAV for Proxy Server                                          245

     6.9. Key Product Benefits                                                                 246
          6.9.1. Business benefits for customers                                               246
          6.9.2. Customer benefits for IT- specialists                                         246
          6.9.3. Benefits for partners                                                         246
          6.9.4. Market share forecast                                                         247

     6.10. Gateway Security Market Overview                                                    247
          6.10.1. General Introduction                                                         247
             6.10.1.1. Key features: Corporate Web Security                                    248
             6.10.1.2. Types of Web Malware in Detail                                          249
             6.10.1.3. Worldwide Virus Volumes                                                 250
          6.10.2. Corporate Web Security Market Share                                          251
          6.10.3. Corporate Web Security Market Forecast                                       252
             6.10.3.1. Corporate Web Security Market Penetration                               253
             6.10.3.2. Corporate Web Security Market by Region                                 253
             6.10.3.3. Corporate Web Security Market by Business Size                          254
          6.10.4. Competitor Overview                                                          255
             6.10.4.1. Blue Coat Systems                                                       255
             6.10.4.2. Cisco IronPort                                                          256
             6.10.4.3. Clearswift                                                              257
             6.10.4.4. McAfee                                                                  258
             6.10.4.5. Symantec                                                                259
             6.10.4.6. Trend Micro                                                             259
             6.10.4.7. Websence                                                                260

     6.11. Application: Kaspersky Anti-Virus for ISA/TMG Server (KAV4ISA/TMG)                  265
          6.10.5. ISA / TMG Server Security Environment                                        265
          6.10.6. Definition                                                                   265
             6.10.6.1. Main features:                                                          265
             6.10.6.2. Additional features:                                                    265
             6.10.6.3. New features:                                                           266
          6.10.7. Antivirus protection                                                         266
          6.10.8. Administration and notifications                                             267
          6.10.9. Performance                                                                  268
          6.10.10. Suppored Platforms                                                          269

     6.13. Application: Kaspersky Anti-Virus for Proxy Server (KAV4Proxy)                      273
          6.11.1. Proxy Server Security Environment                                            273
          6.11.2. Definition                                                                   273
             6.11.2.1. Main Features                                                           273
             6.11.2.2. Advanced Features                                                       273




Page 10
Messaging, Web, Infrastructure & Endpoint Products

    6.12. General Application Description                           274
      6.12.1. Administration and Notification                        274
      6.12.2. Supported Platforms                                    274
      6.12.3. Certifications                                         275
      6.12.4. Application Environment                                275
         6.12.4.1. What is a Proxy Server?                           275
         6.12.4.2. Caching Proxy Server                              275
         6.12.4.3. Web Proxy Server                                  276
         6.12.4.4. Content Filtering Web Proxy Server                276
         6.12.4.5. Anonymising Proxy Server                          276
         6.12.4.6. Transparent and non-transparent Proxy Server      276
         6.12.4.7. Reverse Proxy Server                              277
      6.12.5. Squid Proxy Server                                     277




                                                                  Page 11
Enterprise Sales Compendium




Page 12
General
Introduction




Endpoint Products

Messaging, Web & Infrastructure
Products
Enterprise Sales Compendium




Page 14
Messaging, Web, Infrastructure & Endpoint Products

Preamble

Dear colleagues,

                                       I’m pleased to invite all of you to our new modern training centre in
                                       Ingolstadt. During 2010 Kaspersky Lab has been working very hard to
                                       bring 10 new applications and services to the market, more than all
                                       of the previous 3 years put together. That means we have updated our
                                       product line by more than half and can go to the market with a wide
                                       portfolio of high quality products designed to protect our customers and their
                                       networks on all perimeters from different threats.

                                       Of course our key advantages are that we support many platforms and
                                       have the best anti-spam and antivirus technologies which have been up-
                                       dated and improved with the introduction of the latest core engine versions.
                                       All of these things aim to help us give our customers the best protection.
                                       Now with you and our partners personal involvement we can expect to be
                                       Number 1!

Once you have been through the course I hope you will add your personal passion to these products. Together
with your efforts and that of our; developers, technical writers, testers and other staff it will become an excellent
basis for our success globally.

Best wishes,
Alexey Pronichev
Head of Product Management, Messaging, Web & Infrastructure


                                       Dear colleagues,

                                       Nowadays, companies are actively using heterogeneous infrastructures
                                       with a number of different operating systems and additional devices. To
                                       ensure such companies successfully reach their corporate goals, they
                                       must provide their infrastructures with strong and complex protection from
                                       all types of viruses and malware threats. The new corporate line will help
                                       Kaspersky Lab climb to the new level of the world-class security provid-
                                       ers. As IDC said, Endpoint is no longer the last line of defence, but rather
                                       the frontline. Historically, Endpoint Security solutions are Kaspersky’s most
                                       famous strength, and this is also the level of protection which has be-
                                       come most important – due to deperimeterisation of the network, mobile
                                       computing, sharing of USB storage devices, access to Web 2.0
                                       applications and so on.

Kaspersky Endpoint Security offers reliable protection to fixed, mobile and highly mobile endpoints
(workstations, laptops and smartphones) from all types of computer threats, prevents epidemics of malicious
programs and keeps corporate information secure and fully accessible. Greater performance and improved
manageability were also important targets to achieve when developing the product. Together with Kaspersky
Administration Kit it is possible now to manage Endpoint protection in a single way regardless the platforms used
in the corporate network.

In autumn 2010 Kaspersky Lab will launch new Endpoint Security for Mac and upgrade the Endpoint solution
for Linux, and we will also launch a new version of our Smartphone protection product, which adds Blackberry
support in addition to the existing Symbian and Windows Mobile. This will help us to increase our footprint in
corporate Endpoint infrastructure worldwide.

I’d like to thank the whole team for the strong efforts in developing, supporting and providing the value of
Kaspersky products. Your enthusiasm encourages and leads us to the greatest products!

Best regards
Dina Shelepina
Head of Product Management, Endpoint


                                                                                                            Page 15
Enterprise Sales Compendium


1. Enterprise Sales Compendium Introduction

1.1. General Overview and Content Concept
The Messaging, Web, and Infrastructure (MWI) and Endpoint Sales Compendium 2010 includes all necessary
information about the MWI and Endpoint products and applications. Therefore the Enterprise Sales Compendium
has a clear layout and content concept to allow the sales division to find the right information at the right time.
Additionally, the sales division can take our certain parts to be localized for their specific regions.

The next figure shows the content of each product suite chapter. As illustrated each chapter consists of three sub
chapters to collect all information in the corresponding ares of interests.

                                              Why Kaspersky Solutions?
                                              Market Research.
                                              Market Survey.
                                              International Certifications.
                                              Product Description.
                                              Target Audiance
                                              Target Market Segment



                                                         Sales




                    WebCasts
                                                                                             General Application Description
    Product/Application Videos
                                                                                             Application Environment
                                 Background




                  Whitepapers
                                                                                 Education
                                  Technical




                                                                                             Application Network Planning
               Best Practices
                                                                                             Application Solution
                  Test Reports
                                                                                             Technologies
        External Test Reports
                                                                                             Competitive Comparison / Overview
     Technology Explanations
                                                                                             Comparison Current/New Application
          Pre-Sales Materials




                                                      Marketing




                                              Feature List
                                              Leaflets
                                              Handouts
                                              Threat Report / Threat Potential
                                              Security Risk
                                              Battle Cards

                                                             Figure 1.


Each “Product Suite” consists of four major chapters; Sales, Education, Marketing and Technical Background.
Each chapter will include the mentioned documents and explanations. Additionally, the Marketing chapter will
include, as a proof of concept, the localized materials of the region central Europe.

To provide the materials to everybody in digital ways, the following materials are part of the
Enterprise Sales Compendium:

•      Enterprise Sales Compendium itself as PDF
•      All materials the MWI compendium is based on in an appropriate format
•      Slides of the Trainer-the-Trainer training
•      Additional materials

On top of that, the compendium includes a wide range of competitor comparison. Due to the fast changes in
products and functions, it could be that some of the comparisons are already outdated. Nevertheless, these
comparisons provide the first entry point in finding key selling points. If you want to recheck the findings, please
check the product whitepapers at the according web sites.




Page 16
Messaging, Web, Infrastructure & Endpoint Products


1.2. Project Team
The project team of the Messaging, Web and Infrastructure Compendium would like to send our regards to all the
diligent colleagues who supported us during the last months.


Member / Position / Function

Alexey Pronichev
Head of Product Management, Messaging, Web & Infrastructure

Role: Project Owner

Alexey Pronichev as project owner initiated the project to create a global MWI Sales
Training based on the MWI Sales Compendium

Alla Popova
Sales Education Professional, Endpoint, Corporate Division

Role: Project Manager, Editor Endpoint Security



Victor Dronov
Product Manager Mobile Solutions

Role: Product Manager, Editor Endpoint Security for Smartphone




Christel Bazkowa
Education Manager

Role: Project Leader

In her role as Education Manager Europe, Christel Bazkowa coordinated the overall task
of this project and ensured that all Sales Champions from Kaspersky are joining the
event.
Jan Krueger
Consultant / Training Manager

Role: Project Manager / Editor / Designer / Trainer

In his role Jan Krueger defined structure and content of the MWI Sales Compendium. He
designed, wrote and organized the document and ensured transformation into a offside
training held in Ingolstadt, Germany.
Ram Herkanaidu
Malware Analyst

Role: Editor / Trainer

In his role as Malware Analyst, Ram Herkanaidu provided profound information about
security risks and targeted attacks in MWI environments and wrote all malware related
information in the MWI Sales compendium.




                                                                                                      Page 17
Enterprise Sales Compendium

Daniel Wischnewski
Consultant / Training Professional

 Role: Trainer



Angel Jodra Soria
Consultant / Training Professional

Role: Trainer


Roland Imme
Consultant / Training Professional

Role: Trainer



Polina Lipich
Marketing manager, Messaging, Web & Infrastructure

In her role, Polina Lipich provided the master documents of the MWI Sales Compendium
and supported Jan Krueger in any kind of marketing related questions.




Marion Maas
Office Administration

In her role she has done all the travel arrangements for all the participants. This includes
the visa, hotel and travel arrangements as well as the organization of the evening enter-
tainment.




If you have further questions concerning the MWI Sales Compendium or to the documents included, please do
not hesitate to contact the appropriate person.




Page 18
Messaging, Web, Infrastructure & Endpoint Products


1.3. Product Roadmap and Licensing

1.3.1. Product Roadmap Messaging, Web & Infrastructure
The following figure shows the current Kaspersky Roadmap for the Messaging, Web and Infrastructure Products
for the next years. The maintenance packs for the MWI products are not mentioned in the Roadmap.

    Q2                 Q3                               Q4                    Q1               Q2                Q3                     Q4

                                                                                                Windows Server 2008 R2 compatible
                                    Kaspersky Antivirus 8.0                                     Datacenter & HSM support
                                    for Windows Server Enterprise Edition                       EMC support
         RC




                 Pilot Testing
               Start: June 15th
                                                                                                Samba support
                                    Kaspersky Antivirus 8.0                                     Kernel Integration
                                    for Linux File Server                                       Administration Kit & Web Console
         RC




                                                                                                Microsoft Exchange 2007 & 2010 Support
                                          Kaspersky Security 8.0                                New Antivirus & Antispam engines
                                          for Microsoft Exchange
          RC




                                                                                                MMC interface (future + Administration Kit)

                                                                                                Lotus Domino 8.0 & 8.5 support
                                                             Kaspersky Antivirus 8.0            New Antivirus engine
                                                             for Lotus Notes Domino             Antispam to be added in Maintenance Pack
                RC




                        Pilot Testing
                       Start: July 15th                                                         Threat Managment Gateway support
                                                             Kaspersky Antivirus 8.0            HTTP, FTP, POP3, SMTP, HTTPS
                                                             for Microsoft ISA/TMG              Standard Edition Support only
                RC




                                                                                                                               Kaspersky Mail Security
                                                                                                                               for Linux
                                                                                                    RC
                                      Release 19. Oct 2010




                                                                                                                                              Kaspersky Web
                                      Global commercial




                                                                                                                                              Security for Linux
                                                                                                                         RC


                                                                                                                               Kaspersky Security
                                                                                                                               for SharePoint
                                                                                                    RC




  Year 2010                                                                                    Year 2011
                                                                                   Figure 2.




                                                                                                                                                       Page 19
Enterprise Sales Compendium

1.3.2. Product Roadmap Endpoint Protection and Hosted Services
The next figure shows the current Kaspersky Roadmap for Endpoint Protection and Hosted Services.

      Q2               Q3                            Q4                       Q1                  Q2                    Q3                  Q4
Kaspersky Antivirus for Windows Workstation / Fileserver / Second Opinion Scanner 6.0 R2
Kaspersky Administration Kit 8.0

      Critical Fix 1                                 Critical Fix 2                             Critial Fix 3                        Kaspersky Endpoint
CF1




                                    CF2




                                                                                      CF3
                                                                                                                                     Security for Windows 8.0




                                                                                     RC
                                                                                                                                     Kaspersky Security Center
                                                                                                                                     (former Administration Kit)




                                                                                     RC
                                                           Kaspersky Endpoint                  Centralized Management by current
                                                                                               Kaspersky Administration Kit 8.0
                                                           Security 8 for Mac
                       RC




                                    Kaspersky Endpoint                                         Centralized Management by current
                       Beta




                                                                                               Kaspersky Administration Kit 8.0
                                    Security 8 for Smartphone
                              RC




                                                                                               Management by current Administration Kit
                                    Kaspersky Endpoint                                         Based on Linux for Fileserver 8.0
                                    Security 8 for Linux                                       Graphical User Interface (GUI)
                       RC




                                                                                                                Countries:
                                                                Kaspersky Hosted Security 2.0                   RU, DE, FR, UK, US, AU
                                    Release 19. Oct 2010




                                                                                               Based on Administration Kit 8.0 incl. Web Interface
                                                                      Kaspersky Endpoint
                                    Global commercial




                                                                                               Kaspersky Antivirus for Windows Workstation R2 as managed client
                                                                      Managed Security         Available as limited release for chosen partners
                               RC




   Year 2010                                                                                    Year 2011
                                                                                   Figure 3.




Page 20
Messaging, Web, Infrastructure & Endpoint Products


1.4. Introduction
This is the compendium about Kaspersky Open Space Security products and Endpoint applications. It is designed
for Kaspersky Labs’ sales employees to better understand and communicate the value of our products and ap-
plications to our partners and distributors, which in turn will help them to increase their sales performance.
This compendium provides information about which corporate products are in Kaspersky product line, what are
their positioning, benefits and licensing options. And it is also about endpoint products, their main features and
benefits for the customers, system requirement and competitors’ comparisons. This document is intended as a
source of information about Kaspersky Open Space Security products and Endpoint applications and should be
consulted as reference material for answering question from customers.

1.4.1. Product Line Components
Kaspersky Open Space Security is a suite of products that offers security coverage for all types of network end-
points, from mobile devices to servers. Incoming and outgoing data traffic – including email, web traffic and net-
work interactions – is scanned for malicious content and administration is simplified by using a set of powerful
administration tools.

The Kaspersky Open Space Security suite of products is capable of protecting several types of network nodes
simultaneously. The customer can choose one of the four Open Space product options depending on which cor-
porate network nodes require protection:

Kaspersky Work Space Security (KOSS1)
Exercising full control over incoming and outgoing data (including email, web traffic and network interactions)
on PCs, Kaspersky Work Space Security ensures full security for users, whether they are working on the office
network or traveling on business.

Kaspersky Business Space Security (KOSS2)
Kaspersky Business Space Security offers an umbrella of protection to workstations, smartphones and file serv-
ers from all types of computer threats, prevents epidemics of malicious programs, and keeps information secure
and fully accessible to users of network resources. The product was expressly designed to meet the increasing
demands of servers operating under heavy loads

Kaspersky Enterprise Space Security (KOSS3)
Kaspersky Enterprise Space Security ensures the free flow of information within a company and secure commu-
nication with the outside world. The solution comprises components for the protection of workstations, smart-
phones and servers from all types of contemporary computer threats, removing malware from emails and keep-
ing information secure and fully accessible to users of network resources.

Kaspersky Total Space Security (KOSS4)
 Kaspersky Total Space Security exercises control over all incoming and outgoing data – including email, web
traffic and all network interactions. The product includes components for the protection of workstations and
smartphones, providing users with secure and fast access to company information resources and the Internet,
as well as secure communications via email.

The product lines are divided in 4 types of Kaspersky Open Space Security (KOSS) suites. Each suite contains
several applications to protect certain elements in an organisation.




                                                                                                         Page 21
Enterprise Sales Compendium


          KOSS 1                             KOSS 2                         KOSS 3                     KOSS 4

              Kaspersky Administration Kit 8.0

 Kaspersky Antivirus for          Kaspersky Antivirus for
 Windows Workstation MP4 (R2)     Windows Server MP4 (R2)                                                        2009
 Kaspersky Endpoint               Kaspersky Antivirus 8.0         Kaspersky Security 8.0     Kaspersky Antivirus 8.0
 Security 8 for Mac               for Windows Server EE           for Microsoft Exchange     for Microsoft ISA/TMS

 Kaspersky Endpoint               Kaspersky Antivirus 8.0          Kaspersky Antivirus 8.0
 Security 8 for Linux             for Linux Fileserver             for Lotus Notes Domino

 Kaspersky Endpoint
 Security 8 for Smartphones                                                                                      2010
                                                   Kaspersky Security Center

                                                                  Kaspersky Security 8.0     Kaspersky Web
 Kaspersky Endpoint Security 8 for Windows
                                                                  for Microsoft Sharepoint   Security 8.0 for Linux

                                                                  Kaspersky Mail
                                                                  Security 8.0 for Linux                         2011
                                                            Figure 4.


Additionally to the upcoming releases of new Messaging, Web and Infrastructure products and the new Endpoint
applications, Kaspersky Hosted Security 2.0 will be launched.




Page 22
Messaging, Web, Infrastructure & Endpoint Products


1.5. Changes in KOSS product line
1.5.1. Endpoint
•   Kaspersky Endpoint Security 8 for Mac (New!)
•   Kaspersky Anti-Virus 5.7 for Linux Workstations was changed into
    Kaspersky Endpoint Security 8 for Linux (New!)
•   Kaspersky Mobile Security 7.0 Enterprise Edition was changed into
    Kaspersky Endpoint Security 8 for Smartphones (New!)

1.5.2. Servers
•   Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition was changed into
    Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition (New!)
•   Kaspersky Anti-Virus for Linux File Server was changed into
    Kaspersky Anti-Virus 8.0 for Linux File Servers (New!)
•   Kaspersky Anti-Virus for Samba Server was changed into
    Kaspersky Anti-Virus 8.0 for Linux File Servers (New!)

1.5.3. Mail Servers
•   Kaspersky Anti-Virus for Lotus Notes/Domino was changed into
    Kaspersky Anti-Virus 8.0 for Lotus Domino (New!)
•   Kaspersky Security for Microsoft Exchange Server 2007 was changed into
    Kaspersky Security 8.0 for Microsoft Exchange Servers (for MS Exchange 2007, 2010) (New!)

1.5.4. Internet Gateways
•   Kaspersky Anti-Virus for ISA Server Standard edition was changed into Kaspersky Anti-Virus 8.0 for Microsoft
    ISA Server and Forefront TMG Standard Edition (New!)

1.5.5. Manageability
Kaspersky Administration Kit 8.0 Critical Fix 1 was updated to Critical Fix 2. It allows managing all Endpoint infra-
structure form one administration point.

1.6. Kaspersky Open Space Security
Positioning Statement
For all size of business customers Kaspersky Lab offers optimized security suites corresponding customers
needs to maximize business productivity and to lower the total cost of protection providing to customers:
• Best corporate protection for multi-platform IT infrastructure from world-class experts;
• Efficient manageability solutions with wide inter-operability capability;
• Trusted, fast and responsive global support.

1.6.1. Best Corporate Protection
Kaspersky Lab is already a well-established world leader in Anti-Malware technology, thanks to its world-class
team of more than 700 scientists and engineers. The Kaspersky Lab anti-malware engine not only provides
premium protection, it also increases scanning speed, lowers the impact on system resources, and reduces the
degradation of other business-critical applications during scans and updates.

Kaspersky Lab’s wide-scale capability is underpinned throughout by its core technology advantage: Anti-Malware
counter-measures. Kaspersky Lab is famous for its consistently high rating for Malware detection in independ-
ent tests, e.g. VB100 and AV Comparatives where the Kaspersky Anti-Virus 6.0 for Windows Workstations MP4
outperformed all major competitors in the wide-scale Business market.




                                                                                                            Page 23
Enterprise Sales Compendium

1.6.2. Efficient Manageability Solutions
The Kaspersky Administration Kit 8.0 is a leading toolset for efficient management of distributed protection
and reporting. It enables focused administration of heterogeneous networks that number tens of thousands of
nodes, extending to remote access and laptop/smartphone users. It is inter-operable with other generalized net-
work management software, and the Kaspersky Lab product set has VM-Ware Ready certification for virtualized
architectures.

In summation Kaspersky Administration it 8.0 provides:

•   Plan and deploy unified protection company-wide.
•   Explore network to find computers(3 different methods)
•   Customize pre-built installation packages and policies
•   Plan and remotely deploy computer threats protection
•   Plan and deploy hierarchical administration servers

Manage computer threats protection company-wide:

•   Assign computers to hierarchical group (or import from directory)
•   Manage protection policies per user group and per computer
•   Manage all Endpoint infrastructure from one point (for all Endpoint platforms)
•   Manage protection policies per company
•   Schedule protection tasks
•   Plan actions auto-enabled in case of virus attack.
•   Co-operate with 3rd-party NAC systems

Keep protection up-to-date :

•   Distribute application s and bases updates
•   Server as a intermediate update agent
•   Manage licenses

Monitor and report:

•   Collect computer threats protection events
•   Customizable set of reports on computer threat protection

1.6.3. Trusted global support
Kaspersky Lab’s established Customer Services already support Customers of all sizes across the world, with
industry-leading expertise in flexible and cost-effective plans. In addition to local maintenance agreements,
Kaspersky Lab already offers global maintenance service agreements – “Business” class and “Enterprise” class.
These agreements provide structured escalation of incidents - from local first-line support, through HQ Corporate
Support in Moscow, right up to R&D level if required - with assured Customer response times.




Page 24
Messaging, Web, Infrastructure & Endpoint Products


1.7. Targeted Market and Audience

Target audience                       Recommended KOSS products            Decision makers

Small business (<100)                 KOSS1                                Owner/CEO
Typically with no or limited          KOSS2                                Main decision maker decides on IT
in-house IT security expertise.                                            budgeting and purchasing.
Carefully looking for the lowest
purchasing price.                                                          System administrator
                                                                           Can be decision maker or choose
                                                                           products and have a big influence on
                                                                           decision-making process.
Medium business (100+)                KOSS1 + Additional Server            CEO – business decision maker,
Typically have some in-house IT       Security Solution                    decides on budgeting.
security expertise or formal out-     KOSS2
sourcing arrangements covering        KOSS3                                CFO/Head of Finance
this.                                 KOSS4                                Is involved in budgeting process and
                                                                           can influence in decision-making
                                                                           process

                                                                           CIO/Head of IT department
                                                                           Technical decision maker, own IT
                                                                           budget, manage purchasing process.
Enterprise business (1000+)           KOSS2 + Additional Mail and          Purchasing committee buys accord-
Typically are highly interested in    Gateway Security Solution            ing purchasing procedure.
regulatory compliance, measur-        KOSS3
ing productivity and manage-          KOSS4                                CEO, CFO
ment reporting. Wish to increase                                           Security Officer
organisational effectiveness and                                           Legal department
minimize the cost of security                                              Finance department
system ownership. Generally un-                                            Budgeting/Planning control
dertake a tender process for the                                           can be included as members of Pur-
procurement of equipment                                                   chasing committee and influence on
                                                                           final decision.

                                                                           CIO/CISO – own IT budget, make
                                                                           propose for Purchasing committee.


1.8. Customers’ problems and value proposition
1.8.1. Customers’ Problems
The corporate sector doesn’t just consist of IT-specialists any more. Security personnel and senior management
are also our customers these days, mostly because they are the decision makers. Different types of customers
will have different needs:
• For IT Specialists: Fast to deploy, easy to manage, intuitive interface (admin-friendly), low system require-
     ments and strong technical support.
• For Security Officers: Malware detection rate, fast to react to threats, faster resolution of virus outbreaks and
     good reporting.
• For Senior Management: State-of-the-art protection level, return on investment (ROI), risk reduction and in-
     dustry expertise.




                                                                                                          Page 25
Enterprise Sales Compendium

If we combine all of these issues together – we can group them into 5 types:
Performance - concerns system resource usage, footprint usage and response time.
Security - concerns reaction to new threats, data leakage and antivirus databases.
Deployment - concerns purchasing process, installation and support.
Diversity - concerns different operating systems and feature variety.
Mobility - concerns laptops, smartphones and other ‘out of office’ protection.

1.8.2. Kaspersky Lab Value Propositions
SMB - We provide the maximum managed IT infrastructure malware protection with the minimum in-house ex-
pertise needed, and minimum use of system resources - all with focus on best value

Enterprise - We deliver wide-scale, heterogeneous infrastructure malware protection plans with maximum se-
curity, effective manageability and inter-operability, at the same time minimizing degradation of other business-
critical applications during scans and updates; backed up by 24/7 global support – all with focus on improved
business productivity and lowest possible total cost of protection.



1.9. Licensing and Pricing
Kaspersky Open Space Security products can be activated via an activation code (for endpoint solutions only) or
a key file. The choice between code and key file is made when ordering the product.

The following key files are issued for:
• Kaspersky Work Space Security – one key file for all applications
• Kaspersky Business Space Security – one key file for all application
• Kaspersky Enterprise Space Security – two key files: one key file for workstations, smartphones and file
    server protection, one key file for the protection of mail systems
• Kaspersky Total Space Security – four key files: one key file for workstations, smartphones and file server
    protection, one key file for the protection of mail systems, one key file for the protection of Internet gateways
    and one key for anti-spam protection

All Kaspersky Open Space Security products are distributed under the “per node” license scheme.

Licensing “per node” – the number of workstations or file servers for which protection is sought and which should
be counted when determining the licensing costs.

Kaspersky Business Space Security, Kaspersky Enterprise Space Security and Kaspersky Total Space Security

- the aggregate number of workstations and file servers that will be protected should be counted in order to de-
termine the number of licenses.

Notes.
Kaspersky Administration Kit 8.0, the product administration system, is supplied free of charge regardless of the
product selected.

For each of the above-mentioned products, a minimum of 10 licenses must be ordered at a time.




Page 26
Messaging, Web, Infrastructure & Endpoint Products

1.9.2.1. License Calculation

For those products which belong to the Kaspersky Open Space Security category, the number of licenses to be
issued for the protection of each network node is calculated based on the percentage of the total number of
protected endpoints:

•   Workstations, smartphones and file servers under protection – 100%
•   Mail system protection – 150%
•   Internet gateway protection – 110%
•   Kaspersky Anti-Spam – 150%

For example, if the customer purchases 10 licenses for Kaspersky Total Space Security,
they will receive:

•   10 licenses for the protection of workstations and file servers
•   15 licenses for the protection of the mail system
•   11 licenses for the protection of the Internet gateway
•   15 licenses for Kaspersky Anti-Spam


1.9.1. Standard subscriptions and volume discounting
There are three standard subscription types: for 1, 2 and 3 year[s].
A key file for a license period of a different duration can be created if necessary.

The price relation is shown in the table below. This method for calculating the price is used for all Kaspersky Lab
products.


                                         Renewal, % of the 1                                Public/Educational
 Term         Base                                                 Public/Educational
                                         year licence price                                 renewal
 1 year       100% of 1 year licence for 1 year: 70%               50% of 1 year licence    for 1 year: 50%
              price                  for 2 years: 130%             price according to the   for 2 years: 80%
                                     for 3 years: 190%             price list
 2 years      160% of 1 year licence for 1 year: 70%               80% of 1 year licence    for 1 year: 50%
              price                  for 2 years: 130%             price according to the   for 2 years: 80%
                                     for 3 years: 190%             price list
 3 years      220% of 1 year licence for 1 year: 70%               110% of 1 year licence for 1 year: 50%
              price                  for 2 years: 130%             price according to the for 2 years: 80%
                                     for 3 years: 190%             price list


1.9.2. Types of Licenses
There are several types of license for each of Kaspersky Open Space Security product.
The difference is in the duration of the subscription periods, the product’s behaviour on expiry of the licence, as
well as the products for which a given key type can be used.

•   Commercial – a regular commercial key for sale with: Base, Renewal and Public options
•   Beta – a free key issued to Beta testers for a short period
•   Trial – a free key issued for a short period for evaluation purposes
•   NFR – a free key, that is not for resale, and intended to be provided to partners to enable them to use
    Kaspersky Lab products for the protection of their information resources




                                                                                                          Page 27
Enterprise Sales Compendium

These characteristics are described in more detail in the table below.


                 Subscription        Additional       Product operation       Additional
Key types
                 period              limitations      after licence expiry    notifications on licence status
Commercial       6 months            None             Updating is             14 days prior to licence expiry or
                 1 year                               deactivated             on use of 90% of the resource
                 2 years                                                      provided by the licence every
                 3 years                                                      time the product starts

Beta             Any period          None             Functionality is        None
                                                      deactivated
Trial            1 month             This type of   Functionality is          Notification that the version is a
                 3 months            key can be     deactivated               trial version every time the prod-
                                     installed on a                           uct starts
                                     computer only
                                     once
NFR              1 day               None             Updating is             14 days prior to licence expiry or
                 3 months                             deactivated             on use of 90% of the resource
                 6 months                                                     provided by the licence every
                 1 year                                                       time the product starts
                 2 years



1.10. Product Upgrade
During the license period, a user can upgrade from any of the Kaspersky Open Space Security products to a prod-
uct that includes a larger number of components. For example, a user of Kaspersky Business Space Security can
upgrade to Kaspersky Enterprise Space Security or Kaspersky Total Space Security.

Upon expiry of the license period, the user can upgrade from any Kaspersky Open Space Security product to a
product that includes a larger number of components with a standard discount of 30%-40% off the new product’s
price, depending upon the region.

During the license period the upgrading of applications is free of charge. Customer can install the latest version
and activate it with the existing activation code or key file.




Page 28
Messaging, Web, Infrastructure & Endpoint Products


1.11. Key Benefits
1.11.1. Benefits for business customers
•   Business process continuity. The product meets customers needs by reliable and stable protection combined
    with low input on system resources, allows corporate not being interrupted from their core business.
•   Reliable security. The product provides high-quality protection for business-critical information assets from
    all types of contemporary computer threats.
•   Energy-Effective. The product protects data whilst minimizing endpoint, servers and gateway loading and no
    additional hardware is required.
•   Effective use of IT personnel. Flexible administration and straightforward configuration and reporting sys-
    tems reduce the amount of time IT personnel have to spend working with the product.
•   Trusted and fast customer services. Kaspersky Lab’s in-house technical support team is there to provide
    round-the-clock assistance. Bespoke support programs for large companies guarantee fixed response times
    and quick solutions to any problems that arise.

1.11.2. Benefits for IT-specialists
•   Support for heterogeneous platforms and software. Protection for endpoints, servers and gateways running
    Windows, Mac, Linux, Free BSD, Novell NetWare, IBM Lotus Notes operating systems and popular Mail and
    Gateway software – Microsoft Exchange Server, Microsoft ISA Server and Proxy Servers.
•   High performance. A new antivirus engine, load balancing of hardware resources, optimized antivirus scan-
    ning technology and the exclusion of trusted processes from scanning, all increase the product’s perfor-
    mance and lower the amount of computing resources required to perform antivirus scans.
•   Centralized management. The Kaspersky Administration Kit provides centralized administration for hetero-
    geneous corporate infrastructure, enabling installation, configuration and updating of all Kaspersky Lab so-
    lutions on the network.
•   Customer-focused technical support. Kaspersky Lab provides standard high quality technical support ser-
    vices on a 24x7 basis, and additionally offers a Business Support Program and an Enterprise Support Pro-
    gram, which include four service categories: product improvement and innovation, proactive and self-help
    services, knowledge transfer and problem resolution.
•   Reliability. In the event of a malfunction or forced shutdown the application’s automatic restart ensures sta-
    ble system protection while the diagnostics system determines the cause of the malfunction.
•   Support for virtualized network infrastructure. The product supports Windows Server 2008 R2 with proven
    Hyper-V/App-V support; the product has VMware Ready certification – proven reliability for virtual environ-
    ments.
•   Compatibility with third-party solutions. Supports the following software – Microsoft Mobile Device Manager
    and Sybase Afaria, IBM Tivoli, Symantec Enterprise Vault, HP Data Protector.




                                                                                                         Page 29
Enterprise Sales Compendium

1.11.3. Benefits for Partners
•   Healthy margins. Kaspersky Lab gives partners an excellent opportunity to generate high earnings from the
    sale of its products, offering a flexible discount system and favourable partnership conditions.
•   Reliable vendor. Kaspersky Lab is a reputable company demonstrating impressive yearly growth.
•   Strong brand. The Kaspersky Lab brand is recognized worldwide as a provider of high-end IT security solu-
    tions. Its strong reputation for excellence in the home user market has been the catalyst for the success of
    its new products in the corporate sector.
•   Advanced technology. Kaspersky Lab develops solutions based on its own innovative technologies and its
    products consistently demonstrate some of the best results in the field of IT security.
•   Marketing support for sales. Kaspersky Lab offers marketing support to partners and runs regular training
    sessions to inform partners about its products.
•   Assistance with tendering. Kaspersky Lab offers support to partners throughout the entire tendering process
    to ensure that our partners’ bids are successful.
•   Customer-focused technical support. Kaspersky Lab provides standard high quality technical support ser-
    vices, and additionally offers a Business Support Program and an Enterprise Support Program, which include
    four service categories: product improvement and innovation, proactive and self-help services, knowledge
    transfer and problem resolution. High-quality technical support provided by the vendor helps partners to
    strengthen the brand’s reputation from a customer perspective.
•   Multi-solution vendor. Kaspersky Lab has wide range of corporate products and can offer anti-malware pro-
    tection solutions for all types of corporate network nodes.




Page 30
Messaging, Web, Infrastructure & Endpoint Products


2. The Security Landscape

2.1. General
Today’s malware (malicious software) is almost exclusively profit-driven and part of the growing cybercrime
business. These threats have become ever more pervasive and sophisticated. They are designed to
evade detection, steal sensitive data and hijack computer resources by organising them into Botnets.
This is a network of remotely-controlled victim machines sometimes referred to as a ‘zombie army’.
Once owned the cybercriminals can use them for their malicious purposes like spam distribution or de-
nial of service attacks. Malware comes in many guises and use many different techniques to gain ac-
cess. Therefore a secure corporate network environment is one that takes a holistic approach and employs
multi layered Security. At each of these layers there should be an appropriate security solution. Each organisation
will have their ‘level of paranoia.’ It will depend on their size and also what business they are in. A security com-
pany like, Kaspersky will operate at the highest level because their reputation depends on it. Maybe a PR agency
will not need to be so intent on security.

2.1.1. Malware

 Types of Malware

 Viruses                             A program that copies itself to other files
 Worms                               Are like viruses but they do not need a host, they are self standing. They
                                     replicate via email, through networks, IM (instant messaging) and P2P
                                     (peer to peer)
 Trojans                             Trojans dominate the malware landscape. They are programs that appear
                                     to be benign but do something bad. Unlike viruses and worms, Trojans do
                                     not replicate. Each type is tailored for a specific purpose
 Backdoor Trojans                    Provide the author or ‘master’ of the Trojan with remote ‘administration’ of
                                     victim machines
 PSW Trojans                         Steal passwords & other information from victim machines
 Trojan Clickers                     Re-direct victim machines to a different web site
 Trojan Droppers &                   Install malicious code on a victim machine
 Trojan Downloaders
 Trojan Proxies                      Function as a proxy server and provide anonymous access to the Internet.
                                     They are commonly used by spammers for large-scale distribution of spam
                                     e-mail
 Trojan Spies                        Track user activity, save the information to the user’s hard disk and then
                                     forward it to the author or ‘master’ of the Trojan




                                                                                                            Page 31
Enterprise Sales Compendium

2.1.2. Entry Points
An entry point is any access route for data to get into the corporate network. These are outlined below with the
typical methods malware can get into the system:

•   Internet Gateway: Via web browser of ftp client
•   Drive-By Downloads is the most common infection route. Just browsing a website can lead to malware be-
    ing downloaded automatically
•   Like all software browsers like Internet Explorer and Firefox contain vulnerabilities. These vulnerabilities are
    then exploited by cybercriminals to spread malware
•   Browser Add-ins like Adobe Flash Player and Acrobat Reader are also susceptible and have easy to exploit
    vulnerabilities and are now, in fact, the most ‘popular’ attack method used by cybercriminals
•   Social network sites and services like Facebook and Twitter are very popular as is instant messaging and
    they are also a perfect way to spread malware

2.1.2.1. Mail Gateway

The Mail Gateway entry point is used via email clients like Microsoft Outlook.

•   Spam messages accounts for around 85% of all email traffic. Most are spread via botnets (see above)
•   Spammers use email designed to look like legitimate notifications from social networking sites and email
    service providers to advertise Viagra and spread malware
•   Phishing attacks. Phishing is a form of social engineering trick to steal passwords, credit card and other in-
    formation. The email you receive seems legitimate but then gets you to click on a link that takes you to a fake
    website where you asked to enter your information

2.1.2.2. Network

The network itself is used as entry points while file servers act as distribution system. The network is accessed by
Local Area Network (LAN), Wireless Lan (WiFi), and Wide Area Networks (WAN).

If there is a security breach and malware has entered the network it will seek to spread. Viruses need user inter-
action e.g. Someone has to click on the infected file. Network Worms, as their name suggests, will look for open
ports to worm their way around the network. They can spread incredibly fast.

Blended Threats
A general description for malicious programs or bundles of malicious programs that combine the functionality of
different types of malware and attack methods. So, for example functionality could include:
• Virus infector
• Network worm
• Keylogger - steals passwords and other sensitive data via locking the keys pressed on the keyboard
• P2P - turns machines in the network into a Botnet controlled by the cybercriminals

2.1.2.3. Endpoint

The endpoint means the local machine used by an individual to perform certain task. The endpoint is subdivided
in different devices, personal computer, smart phone and others. Additionally, different devices can be connected
to an endpoint device, CD or DVD, USB hard drive or USB Stick and smart cards.

Computer users are usually the weakest link in the Security chain. Education is very important as is a security
policy that everyone can understand and sign up to. However in the real world this is not always the case and
cybercriminals take advantage of this. Malware with autorun functionality. So if you attach a USB memory stick
or external hard drive to a machine it will automatically run.




Page 32
Messaging, Web, Infrastructure & Endpoint Products

2.1.3. Protecting Entry Points

2.1.3.1. Internet Gateway

The internet gateway can be protected by Kaspersky Gateway product suite which includes the applications
Kaspersky Antivirus for Microsoft ISA/TMG server and Kaspersky Antivirus for Proxy Server.


Application: Kaspersky Anti-Virus for ISA / TMG Server

ISA              Internet Security and Acceleration Server
TMG              Threat Management Gateway

Kaspersky Antivirus engine checks the following

HTTP             Internet traffic
FTP              File transfers
SMTP             email send using this protocol (method)
POP3             email received via email clients using this protocol like Microsoft Outlook


2.1.3.2. Mail Server


Application: Kaspersky Security for Exchange Server

Kaspersky Antivirus for                Provides antivirus and anti-spam functionality
Exchange Servers 5.5
Kaspersky Antivirus for                Provides only antivirus functionality
Exchange Servers 6.0
Kaspersky Antivirus for                Provides antivirus and anti-spam functionality
Exchange Servers 8.0

Application: Kaspersky Antivirus for IBM Lotus Domino

Kaspersky Antivirus for                Provides only antivirus functionality
Lotus Domino 5.5
Kaspersky Antivirus for                Provides only antivirus functionality
Lotus Domino 8.0



2.1.3.3. File Server


Application: Kaspersky Antivirus for Windows Server Enterprise Edition

File Antivirus                         On Access Scanner (real time scanning in the background)
                                       On Demand Scanner
Script checker                         Checks VBScripts and JavaScripts commonly used on websites

Application: Kaspersky Antivirus for Linux File Server

File Antivirus                         On Access Scanner (real time scanning in the background)
                                       On Demand Scanner




                                                                                                    Page 33
Enterprise Sales Compendium

2.1.3.4. Endpoint


Application: Kaspersky Antivirus for Workstation

File Antivirus                    On Access Scanner (real time scanning in the background)
                                  On Demand Scanner
Mail Antivirus                    IMAP: Used instead of POP3 to access email from multiple machines
                                  NNTP: Used to transfer news
                                  SMTP: email send using this protocol
                                  POP3: email received via email clients using this protocol like Microsoft
                                  Outlook
                                  IM: Instant messaging like ICQ or MSN
Web Antivirus                     HTTP: Internet traffic
Proactive Defence                 Analyses behaviour of programs
Anti-Hacker                       Client Firewall
Anti-Spy                          Anti-Banner and Anti-Dialer
Anti-Spam                         email Spam filter
Access Control                    Device control to block certain interfaces used by portable devices (USB)

Application: Kaspersky Mobile Security Enterprise Edition

Anti-Virus                        On Access Scanner (real time scanning in the background)
                                  On Demand Scanner
Anti-Theft                        SMS Block: Blocks access to the device, special code is need to unlock
                                  SMS Clean: Removes all data from the device including address book and
                                  memory card
                                  SIM Watch: If SIM card had been changed, SMS with new telephone num-
                                  ber is send to central place defined by Administrator
Anti-Spam                         email, SMS and MMS Spam filter




Page 34
Messaging, Web, Infrastructure & Endpoint Products

2.1.4. Case Study: Conficker
Conficker in 2009 was the most widespread malware we knew about. Estimates range from 6 to 12 million in-
fected PC’s. The botnet it created is not being used by Cybercriminals now but there are probably still millions of
infected machines.


Key facts

Exploits a Microsoft Operating System Vulnerability - MS08-067:
Interestingly most home users were unaffected because they use automatic updates. Large organisations
tend to not patch as frequent in case issues arise from applying them
Stops Web Access to IT Security Websites:
Disables ability to get windows updates and antivirus updates
Connects to randomly generated Website for updates:
Looks for its own updates. Each day it generates a list of 500 websites and then try to connect to them to see
if there were any updates
Looks for weak passwords on networks:
It employs a dictionary attack. It has an extensive list of passwords and uses this to gain access to other
machines on the network
Spreads via removable drives:
Infected USB memory sticks. Proved an effective way for the malware to bypass network security
P2P communication for updates:
As well as looking for updates on websites, infected machines are herded into a botnet using peer to peer
architecture
Use of strong new encryption:
Communications were encrypted using the very latest methods
Spam and Rogue AV Distribution:
Part of the botnet created was used for distributing spam and also fake antivirus software



2.1.4.1. How would an organisation stop it from infiltrating their network?

Understanding how Conficker spreads will allow us to determine which entry points will need protection. The table
below shows what if anything can be done:


Entry Point                         Action

Internet Gateway                    Conficker itself cannot be stopped at this level but any malware files that it
                                    pulls down can be stopped
Mail Gateway                        Conficker was not being spread by email so it would not come via this
                                    method. Of course it is possible that a phishing email could redirect a user
                                    to a vulnerable website that has been compromised with conficker
Network                             All servers, ideally, should be patched with the latest windows security
                                    updates and also to have strong passwords and have up to date antivirus
Endpoint                            Same as network. In addition locking USB ports to stop infection from USB
                                    and other removable devices, like mobile phones and cameras




                                                                                                          Page 35
Enterprise Sales Compendium


2.2. Kaspersky Labs Security Landscape

2.2.1. Kaspersky Lab Signatures
Kaspersky Labs has introduced its signature database in 1997 and this database had been developed and
filled up with malware signatures until now, so that we have nowadays 4.2 million signatures inside. Basically,
the number of signatures will continue to grow in the next years. Fortunately, a single signature can detect more
than one piece of malware, one signature can be used to detect the whole malware family, which may contain
thousands of individual malware samples.

As illustrated in the figure below, the number of signatures exploded in 2005, as the “arms race” between mal-
ware writers and the AV industry began.

From 2005 to 2009 Kaspersky Labs analysed 30 million unique files to find malware any kind, to find Trojans 24
million unique files had been analysed additionally. Currently Kaspersky Labs process 1.5 million up to 3 million
spam samples per day.


                                       Number of Signatures
 5.000.000

 4.000.000

 3.000.000

 2.000.000

 1.000.000

          0
           1998   1999    2000    2001    2002    2003      2004   2005   2006    2007    2008     2009    2010

                                                     Signatures

                                                     Figure 5.



2.2.2. What is a malware signature?
Antivirus applications using malware signatures to detect malware on different types of computers, smart phones
and other devices, but how does it works.

The first computer virus was created in the 80th and compared to the virus nowadays, very simple. 30 years later
millions of viruses and other malware contaminated the internet and since everybody is connected to it, is in risk
to get infected. To protect those uses, Kaspersky’s Antivirus engine uses signatures as well. Viruses cannot be
detected by name ore extension. They hide themselves behind other files or folders, or camouflage themselves
as a harmless file or folder. Antivirus applications must implement another technology to find those viruses and
other malware besides all the tricks the malware developers uses.

The method to compare malware with existing signatures (descriptions), Whitelisting and Heuristic are the first
step towards a malware protection.

A signature in the simplest case is a hash value of a known virus. The Antivirus scanner compares the hash of the
database with the real hash value of the file on the hard drive. If the hash value matches the Antivirus scanner
raise an alarm.




Page 36
Messaging, Web, Infrastructure & Endpoint Products

          Signature based malware detection
                                                              Signature
                                                              Database

                                                                     319bea


                                                                     e34d19


                                                                      408acf


                                                                     87e12b
                                Match of signatures
                                                                      a75c28


                                                                     bb82e1



        Content of hard drive

            Word.exe         Excel.exe        test.exe               virus.exe   Letter.docx   Invite.xlsx

             bb82e1           a75c28           87e12b                 408acf       e34d19       319bea


                                                         Figure 6.


2.2.2.1. Whitelisting

Besides the signature based detection, the method called whitelisting is used to avoid alarms on harmless files.
Therefore the signature database includes a whitelist with know values of files. The whitelist check is performed
before the Antivirus scanner checks the hash value against the signature database. This safes time because the
file is not scanned if it is whitelisted.

                         Whitelists
                                                               Whitelist
                                                               Database

                                                                     319bea


                                                                     e34d19


                                                                     bb82e1


                                                                     87e12b
                                Match of whitelist
                                  declaration
                                                                      a75c28


                                                                      678edf



        Content of hard drive

             Adb.doc         Excel.exe        test.exe               Word.exe    Letter.docx   Invite.xlsx

             678edf           a75c28           87e12b                bb82e1        e34d19       319bea


                                                         Figure 7.




                                                                                                             Page 37
Enterprise Sales Compendium

2.2.2.2. Heuristic

Besides the signature based detection of malware, another method had been developed to detect not known
malware on computers or other devices. Heuristic analysis is a method to detect previously unknown computer
viruses, as well as new variants of viruses already in the wild. Heuristic analysis is an expert based analysis that
determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing
methods. MultiCriteria analysis (MCA) is one of the means of weighing. This method differs with statistical analy-
sis, which bases itself on the available data/statistics.

Most antivirus programs that utilize heuristic analysis perform this function by executing the programming com-
mands of a questionable program or script within a specialized virtual machine, thereby allowing the antivirus
program to internally simulate what would happen if the suspicious file were to be executed while keeping the
suspicious code isolated from the real-world machine. It then analyses the commands as they are performed,
monitoring for common viral activities such as replication, file overwrites, and attempts to hide the existence of
the suspicious file. If one or more virus-like actions are detected, the suspicious file is flagged as a potential virus,
and the user alerted.

Another common method of heuristic analysis is for the antivirus program to decompile the suspicious program,
then analyse the source code contained within. The source code of the suspicious file is compared to the source
code of known viruses and virus-like activities. If a certain percentage of the source code matches with the code
of known viruses or virus-like activities, the file is flagged, and the user alerted.

                                                                 Heuristic
                           Heuristic
                                                                 Database

                                                                   JNE SHORT
                                                                   MOV EAC,
                                                                   OFFSET
                                                                   MOV EDX, 24



                                                                   MOV ECX, 0C
                                                                   ADD EAX, 28
                                                                   PUSH EBP

                             Match of heuristic
                               declaration                         JNE SHORT
                                                                   MOV EAC,
                                                                   OFFSET
                                                                   MOV EDX, 24


          Content of hard drive

              Adb.doc          Excel.exe        test.exe               Word.exe   Letter.docx       Invite.xlsx

              No Code       JNE SHORT         JNE SHORT                            No Code          No Code
                                                                   MOV ECX, 0C
                            MOV EAC,          MOV EAC,
                                                                   ADD EAX, 28
                            OFFSET            OFFSET
                                                                   PUSH EBP
                            MOV EDX, 24       MOV EDX, 24


                                                           Figure 8.




Page 38
Messaging, Web, Infrastructure & Endpoint Products

2.2.2.3. Launching Malware by Country

At last, the source of certain malware is very important to react fast on upcoming threats, and allows companies
to protect themselves from malware efficiently.


                        Launching web infections by country (June 2010)
                                                                                               China

                                  21%                            21%                           Russia
                                                                                               India
              3%
                                                                                               USA
              3%
                                                                           15%                 Vietnam
                                                                                               Germany
                3%                                                                             Saudi Arabia
                             7%
                3%                                               13%                           Malaysia
                                           8%
                   3%
                                                                                               Mexico
                                                                                               Ukraine
                                                                                               Other


                                                     Figure 9.


2.2.3. Reported Cybercrime
The Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime
Center (NW3C), released the 2009 Annual Report about fraudulent activity on the Internet today. Online crime
complaints increased substantially once again last year, according to the report. The IC3 received a total of
336,655 complaints, a 22.3 percent increase from 2008. The total loss linked to online fraud was $559.7
million; this is up from $265 million in 2008. Although the complaints consisted of a variety of fraud types,
advanced fee scams that fraudulently used the FBI’s name ranked number one (16.6 percent). Non-delivery of
merchandise and/or payment was the second most reported offense (11.9 percent). The 2009 Annual Report
details information related to the volume and scope of complaints, complainant and perpetrator characteristics,
geographical data, most frequently reported scams and results of IC3 referrals.

“Law enforcement relies on the corporate sector and citizens to report when they encounter on-line suspicious
activity so these schemes can be investigated and criminals can be arrested,” stated Peter Trahon, Section Chief
of the FBI’s Cyber Division. “Computer users are encouraged to have up-to-date security protection on their de-
vices and evaluate email solicitations they receive with a healthy scepticism—if something seems too good to be
true, it likely is.”

NW3C Director Donald Brackman said the report’s findings underscore the threat posed by cyber criminals. “The
figures contained in this report indicate that criminals are continuing to take full advantage of the anonymity af-
forded them by the Internet. They are also developing increasingly sophisticated means of defrauding unsuspect-
ing consumers. Internet crime is evolving in ways we couldn’t have imagined just five years ago.” But Brackman
sounded an optimistic tone about the future. “With the public’s continued support, law enforcement will be better
able to track down these perpetrators and bring them to justice.”


Year                                    Complaints Received                  Dollar Loss (million)

2009                                    336.655                              $559.7
2008                                    275.284                              $265.0
2007                                    206.884                              $239.1
2006                                    207.492                              $198.4
2005                                    231.493                              $183.1




                                                                                                              Page 39
Enterprise Sales Compendium

Nevertheless, there are very few figures available on financial losses. Most companies which fall victim to
cybercrime do not report it because they fear damage to their reputation or penalties for not complying with the
legislative requirements. Some of the legislative requirements are explained in the chapter 3.2 Regulator Compli-
ance.

2.2.4. Unix-based malware
The number of malicious programs targeting Unix-based systems is very small, especially in comparison to mal-
ware targeting Microsoft Windows systems, but it is still poses a certain threat to companies. Linux is becoming
more and more popular, especially with the advent of netbook’s, the more users there are, the more potential
gains there are for malware writers and cybercriminals. The biggest security threat for users of non-Windows
systems is to believe that their operating system is invulnerable.



                                   Unix‐based Malware (July 2010)
                               Solaris
                             FreeBSD
                              Sun OS
                             Mac OSX
                                 Unix
                                Linux

                                         0              500           1000       1500       2000        2500
                                               Linux          Unix    Mac OSX    Sun OS   FreeBSD    Solaris
                  Number of malicious
                                               2229           214           75    117       50         3
                      programs

                                                               Figure 10.


2.2.5. Mobile Malware
Besides the Unix-based malware another growing market segment is getting more and more interesting for mal-
ware writers and cybercriminals, the mobile device market.

Until today Kaspersky Lab has found 138 malware families for mobile devices. Until today 849 modifications had
been found and the most common mobile threat is the SMS-Trojan.

The next figure shows the targeted platforms for mobile malware.



                           Mobile malware by platforms (July 2010)
                   Other
                  WinCE
                  Python
                    J2ME
                 Symbian

                           0%            10%            20%            30%        40%        50%            60%
                                Symbian                J2ME            Python       WinCE           Other
                  Platform        34%                   52%              7%          6%              1%

                                                               Figure 11.




Page 40
Messaging, Web, Infrastructure & Endpoint Products

2.2.6. Information Security Threats in the Second Quarter of 2010
(www.securelist.com)

2.2.6.1. Quarter in Review

•   Over 540 million infection attempts were detected.
•   The majority of attacks targeted China (17.09%), Russia (11.36%), India (9.30%), the USA (5.96%) and
    Vietnam (5.44%)
•   27% of all malicious programs detected on the Internet were malicious scripts injected into a range of sites
    by cybercriminals.
•   A total of 157,626,761 attacks were counteracted. These attacks stemmed from a range of Internet
    resources located in various countries.
•   The percentage of exploits in the total number of malicious programs increased by 0.7%, with 8,540,223
    exploits being detected.
•   Exploits targeting vulnerabilities in Adobe programs continued to dominate, although the share decreased
    by 17% compared to Q1.
•   33,765,504 unpatched vulnerabilities were identified on users’ computers.
•   203,997,565 malicious programs were blocked and neutralized on users’ computers.

2.2.6.2. Overview

The majority of the biggest malware incidents that took place in the second quarter of 2010 were linked in some
way to botnets. New bots were created and existing bots further developed, such as TDSS, an article on which has
been published by our virus analysts, and Zbot (ZeuS), which we discuss below.

ZeuS
The evolution of the ZeuS (Zbot) Trojan, which is used to build botnets, is worth describing. A new modification
of the malicious program was detected in late April. It included file virus functionality, which meant it could infect
executable files. The malware writers decided to use relatively unsophisticated code and a similarly simple infec-
tion routine. Instead of the Trojan itself, a 512-byte-long fragment of code was added to .exe files, after which the
infected file’s entry point was changed so that the appended code would be executed prior to the original code.

The injected code is designed to download the new versions of the Trojan to the infected computer if the main
ZeuS component has been removed. The malware writers used computers in the US to test the new version of
the Trojan. ZeuS primarily targets online banking accounts and as online banking is more evolved in the US than
anywhere else, computers located in the US users are tasty morsels for cybercriminals. The ZeuS version that the
injected piece of code loaded was detected by Kaspersky Lab products as Trojan-Spy.Win32.Zbot.gen and had
been created specifically to steal accounts from customers of Bank of America, a major US bank.

Another notable innovation is that ZeuS is distributed using pdf files. An independent researcher has discovered
that executable files embedded in pdf documents can be executed without having to exploit any vulnerabilities.
The file is executed using the Launch function described in the pdf format specification. Just a few days after
this information was published on March 29, people started to get emails with a specially crafted pdf document,
which used the file launching method described above to infect computers with the ZeuS Trojan. In order for the
computer to become part of a botnet, all the user needed to do was open the attachment.

TwitterNET Builder
In our previous quarterly reports we wrote about cybercriminals’ first attempts to control botnets via social net-
works. Those were only proof-of-concept efforts and we expected further developments. We did not have to wait
long. A bot building utility called TwitterNET Builder appeared on the Web in May. The program builds a botnet
using a Twitter account as a command and control center.

Since no programming skills are required to use the builder, it’s an ideal toy for script kiddies, who are able build
a bot with only a couple of mouse clicks. Kaspersky Lab classifies this ‘toy’ as Backdoor.Win32.Twitbot. The re-
sulting bot has the following features: it can be used to downloads and run files, conduct DDoS attacks and open
websites specified by the bot’s owners. To receive commands, the bot searches for the relevant Twitter account,
which is used by the bot master to publish commands in text form.

Fortunately, this bot never became widespread, because security researchers were tracking such tricks. A botnet
with such primitive control system (the commands were sent unencrypted via a social network) is easy to detect
and disconnect from the command and control center by closing the cybercriminal’s account. To the credit of the

                                                                                                             Page 41
Enterprise Sales Compendium

network’s security service, there were no such command centers on Twitter by the end of June.

Attacks via social networks
Social networks have become a popular means of exchanging information. Cybercriminals take advantage of this
by increasingly using them for fraudulent attacks, to send spam and distribute malware. Below we focus on the
most notable incidents that took place on social networks in the second quarter.

Malware distribution
Recently, we’ve seen links to social networks being actively distributed in spam messages. Eventually, social
networks may, to a great extent, replace email in spreading malware.

One example is Brazil, where, until recently, banking Trojans were primarily spread by email. Brazilian cybercriminals
must have realized that social networks are much more suitable for this purpose: since the start of Q2, social
networks have seen significant amounts of spam targeting Brazilian bank customers.

Statistics confirm that social network spam is effective: in just one attack on Twitter, over 2,000 people followed
the link sent by spammers within the space of an hour.

A notable iPhone-related story took place on Twitter. On May 19, the social network’s administration officially
announced a new application, Twitter for iPhone. Cybercriminals decided to ride the wave of interest caused by
the announcement. Less than an hour after the news was published, Twitter was flooded with messages that
included the words “twitter iPhone application” and links leading to malware: Worm.Win32.VBNA.b.

This particular piece of malware is notable for several reasons. One is that this worm has relatively good self-
protection: it uses anti-emulation tricks to disable some Windows system programs and spreads via USB devices.
Another is that its principal function is to steal information required to conduct financial operations. The piece
of news that was used to spread the worm wasn’t chosen at random: most smartphone owners have bank ac-
counts and cards which are a prime target for cybercriminals. Therefore, it’s not surprising that about a third of all
VBNA.b attacks (27-33%) targeted US computers, which are of greatest interest for cybercriminals.

Likejacking
Click fraud has always been a lucrative proposition for cybercriminals and it has became even more profitable
with the advent of social networks, since the major social networks have as many users as the world’s largest
countries.

A new type of attack appeared on Facebook in May in response to the introduction of the new Like feature. As
can be easily guessed, the feature is associated with a list of the things that the owner of an account liked on the
Internet. Thousands of users fell victim to an attack that was dubbed “likejacking” (by analogy with clickjacking.)

An enticing link was placed on Facebook, e.g., “WORLD CUP 2010 in HD” or “101 Hottest Women in the World”.
The link led to a specially created page, where a Javascript script placed an invisible Like button at the cursor’s
location. The button kept following the cursor, and it was pressed regardless of where the user clicked. As a result,
a copy of the link was added to the user’s Wall and information that the user liked the link appeared on his or her
friends’ feeds. The attack had a snowball effect: the link was followed by friends, then friends of friends and so
forth.

Naturally, the aim of this was to make money. Once the link was added to the Wall, the user was redirected to a
page which contained an imitation player which supposedly showed World Cup games or pictures of girls. The
page also hosted a small piece of JavaScript code. The script provided the cybercriminals who had set up the
fraudulent scheme with a small sum every time a user was redirected to the page. Since thousands of people fell
victim to the scheme, the cybercriminals must have made a tidy profit.

Luckily, so far we have not seen any cases of links to malware being distributed in this way.

Vulnerability disclosure
Two unexpected events involving vulnerabilities and Google took place in Q2. In both cases, a Google employee
disclosed full information about vulnerabilities. Since at the time of disclosure there were no patches for the vul-
nerabilities, this predictably led to mass exploitation by black hats.




Page 42
Messaging, Web, Infrastructure & Endpoint Products

A zero-day vulnerability in Java Web Start (CVE-2010-0886) was disclosed on April 9. Oracle worked hard to de-
velop a patch, which was released on April 16. However, cybercriminals beat them to it: a couple of days after the
vulnerability disclosure, an exploit was widely available and even added to an exploit pack. Exploits are clearly
mass-produced by cybercriminals these days: the domain that was subsequently used to conduct attacks was
registered one day before information on that particular vulnerability was published.

In the second instance, the same Google employee disclosed a vulnerability in the Windows Help and Support
Center (CVE-2010-1885). The situation repeated itself and working exploits became available on the Internet
very soon after the information had been disclosed.

A researcher disclosing information about vulnerabilities is probably impelled to do so by an acute sense of
justice. He believes that by making that information public, he is doing a good deed. But is this really the case?

On the one hand, when a vulnerability is disclosed, software vendors try to release a patch as quickly as possible.
On the other hand, all cybercriminals receive a brand new weapon that is nearly 100% effective. In addition, while
fixing today’s software that is made up of millions of lines of code takes much longer than a day, cybercriminals
can take advantage of the vulnerability virtually at once. Isn’t this too high a price to pay for fixing bugs?

Our research demonstrates that such attempts to do good lead in quite the opposite direction. According to our
data, exploits that target the CVE-2010-0886 vulnerability became widespread very soon. In their heyday, they
boasted a 17% share of all vulnerabilities! The situation with the exploit that targets the HSC vulnerability (CVE-
2010-1885) is similar. It is rapidly gaining ground and has risen as high as thirteenth in the quarterly exploit rank-
ing, in spite of the fact that it only appeared in the last month of the quarter. It can only be hoped that this will be
a good lesson to all researchers.

Non-Windows platforms
On May 31, Google announced that it was abandoning Windows and migrating to Linux and Mac OS. Security is-
sues were among the reasons for this decision cited by Google representatives. However, Linux and Mac OS are,
in fact no better protected than Windows.

The second quarter saw malware for alternative platforms gaining new ground. A new backdoor for Mac OS X,
Backdoor.OSX.Reshe.a, appeared on April 20. Once on the victim machine, the malware protects itself by dis-
guising as iPhoto, a popular application, and configures itself to start at system startup. The backdoor offers an
attacker full control of the infected computer, with the ability to send spam, search for and steal files, download
and execute programs, take screenshots and much, much more. It is written in RealBasic and can run on Apple
computers based on both PowerPC and Intel processors. So far, mass use of this malware has not been detected,
but it nevertheless remains a weapon in the hands of cybercriminals.

On June 3, several days after Google’s announcement that it was migrating to alternative operating systems,
Kaspersky Lab detected a new Trojan Spy for Mac OS X. The malware was disguised as an advertising system and
was distributed in a bundle with legitimate software. In addition to stealing information from the computer, the
malware has backdoor functionality, enabling attackers to send commands to the computer.

Many Mac OS users have a false sense of security. They are convinced that there are simply no threats that target
their operating system. At the same time, Apple Computers admits that malware for Macs does exist. In the latest
update for OS X 10.6.4, Apple quietly added a new signature to its antivirus scanner to protect computers against
Backdoor.OSX.Reshe.a, which we described above. However, these quiet updates provided by the vendor only
support users’ false sense of security instead of dispelling it.

It should be noted that there are no operating systems that are completely safe. Today, Mac OS X is no more
secure than, say, Windows 7 because, Mac OS X also requires anti-malware protection. Given the incidents de-
scribed above, it is quite conceivable that targeted attacks on Macs are not far away.




                                                                                                               Page 43
Enterprise Sales Compendium

2.2.6.3. Most commonly targeted countries

In the past three months, over 540 million attacks were blocked in 228 countries. Last quarter, even Norfolk
Island with a population of 2,141 appeared on Kaspersky Lab’s antivirus radar. During the quarter, the average
number of infection attempts increased globally by 4.5% per month.

As the table below shows, the likelihood of a computer becoming infected depends on its location.


                       Distribution of Attacks by Country 2010
 20,00%
 18,00%                                                                                    China
 16,00%                                                                                    Russian Federation
 14,00%
                                                                                           India
 12,00%
 10,00%                                                                                    United States
  8,00%                                                                                    Vietnam
  6,00%
                                                                                           Germany
  4,00%
  2,00%                                                                                    Malaysia
  0,00%                                                                                    Saudi Arabia
                        1st Quarter                           2nd Quarter




Page 44
Messaging, Web, Infrastructure & Endpoint Products


2.3. Regulator Compliance
It gets old talking about the need to conform to regulations, but it can’t be ignored because it is a reality. Many
regulations and IT best practices proscribe appropriate security requirements that organizations, especially with-
in regulated verticals, must comply with.

Regulatory compliance describes the goal that corporations, public agencies or organizations working with spe-
cific data aspire to, in their efforts to ensure that personnel are aware of, and take steps to comply with relevant
laws and regulations.

There are two types of compliance: national/governmental laws concerning data protection and disclosure, and
industry standards.

2.3.1. Data protection and disclosure laws
There are lot of national/governmental laws (SOX, HIPAA, GLBA, The U.S. Federal Privacy Act, The U.K. Data Pro-
tection Act, BSI, etc.), but many of them are prescriptive and abstract - no demand for specific IT security require-
ments and focus on DLP and DRM. Nevertheless, few of them have concrete recommendations for IT security
requirements.

2.3.1.1. The Sarbanes-Oxley Act (SOX)

The Sarbanes–Oxley Act of 2002 (Pub.L. 107-204, 116 Stat. 745, enacted July 30, 2002), also known as the
‘Public Company Accounting Reform and Investor Protection Act’ (in the Senate) and ‘Corporate and Auditing
Accountability and Responsibility Act’ (in the House) and commonly called Sarbanes–Oxley, Sarbox or SOX, is a
United States federal law enacted on July 30, 2002, which set new or enhanced standards for all U.S. public com-
pany boards, management and public accounting firms. It is named after sponsors U.S. Senator Paul Sarbanes
(D-MD) and U.S. Representative Michael G. Oxley (R-OH).

The bill was enacted as a reaction to a number of major corporate and accounting scandals including those af-
fecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost inves-
tors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the
nation’s securities markets.

It does not apply to privately held companies. The act contains 11 titles, or sections, ranging from additional
corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission
(SEC) to implement rulings on requirements to comply with the new law. Harvey Pitt, the 26th chairman of the
Securities and Exchange Commission (SEC), led the SEC in the adoption of dozens of rules to implement the
Sarbanes–Oxley Act. It created a new, quasi-public agency, the Public Company Accounting Oversight Board,
or PCAOB, charged with overseeing, regulating, inspecting and disciplining accounting firms in their roles as
auditors of public companies. The act also covers issues such as auditor independence, corporate governance,
internal control assessment, and enhanced financial disclosure.

Public companies that are subject to the U.S. Sarbanes-Oxley Act are encouraged to adopt COBIT (Control Objec-
tives for Information and related Technology ) and/or the Committee of Sponsoring Organizations of the Treadway
Commission (COSO) “Internal Control - Integrated Framework.” In choosing which of the control frameworks to
implement in order to comply with Sarbanes-Oxley, the U.S. Securities and Exchange Commission suggests that
companies follow the COSO framework.

The current version of COBIT focuses in the Delivery and Support domain aspects of the information technology. It
covers areas such as the execution of the applications within the IT system and its results, as well as, the support
processes that enable the effective and efficient execution of these IT systems. These support processes include
security issues and training. In section DS5, ensure systems security, COBIT defines clearly the recommenda-
tions for securing your IT environment.

Especially, DS5.19, Malicious Software Prevention, Detection, and Correction, says:
“Regarding malicious software, such as computer viruses or Trojan horses, management should establish a
framework of adequate preventative, detective, and corrective control measures, and occurrence response and
reporting. Business and IT management should ensure that procedures are established across the organization
to protect information systems and technology from computer viruses. Procedures should incorporate virus pro-
tection, detection, occurrence response, and reporting. “


                                                                                                            Page 45
Enterprise Sales Compendium

2.3.1.2. Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (P.L.104-191) [HIPAA] was enacted by the
U.S. Congress in 1996. It was originally sponsored by Sen. Edward Kennedy (D-Mass.) and Sen. Nancy Kasse-
baum (R-Kan.). According to the Centres for Medicare and Medicaid Services (CMS) website, Title I of HIPAA
protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of
HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national stand-
ards for electronic health care transactions and national identifiers for providers, health insurance plans, and
employers.

The Administration Simplification provisions also address the security and privacy of health data. The standards
are meant to improve the efficiency and effectiveness of the nation’s health care system by encouraging the
widespread use of electronic data interchange in the U.S. health care system.

HIPAA defines in part 164, Subpart C, Security Standards for the Protection of Electronic Protected Health Infor-
mation, §164.308(5) the administrative safeguards.


HIPAA Part 164, Subpart C, §164.308(5)

(5)(i) Standard                                          Security awareness and training. Implement a
                                                         security awareness and training program for all
                                                         members of its workforce (including management).
(A) Security reminders                                   Periodic security updates
(B) Protection from malicious software                   Procedures for guarding against, detecting, and re-
                                                         porting malicious software
(C) Log-in monitoring                                    Procedures for monitoring log-in attempts and report-
                                                         ing discrepancies
(D) Password management                                  Procedures for creating, changing, and safeguarding
                                                         passwords



Civil penalties

$100 / Violation up to $25K for each rule



Criminal penalties

$50K / 1 year prison for a simple violation
$100K / 5 years prison for obtaining protected health information “under false pretences”
$250K / 10 years prison for knowingly using or disclosing protected health information for commercial ad-
vantage, personal gain, or malicious harm.




Page 46
Messaging, Web, Infrastructure & Endpoint Products

2.3.1.3. Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999,
(Pub.L. 106-102, 113 Stat. 1338, enacted November 12, 1999) is an act of the 106th United States
Congress (1999-2001) signed into law by President Bill Clinton which repealed part of the Glass-Steagall Act of
1933, opening up the market among banking companies, securities companies and insurance companies. The
Glass-Steagall Act prohibited any one institution from acting as any combination of an investment bank, a com-
mercial bank, and an insurance company. The Gramm-Leach-Bliley Act allowed commercial banks, investment
banks, securities firms, and insurance companies to consolidate.

The Safeguards Rule requires financial institutions to develop a written information security plan that describes
how the company is prepared for, and plans to continue to protect clients’ nonpublic personal information. (The
Safeguards Rule applies to information of any consumers past or present of the financial institution’s products
or services.) This plan must include:

Denoting at least one employee to manage the safeguards,
Constructing a thorough [risk management] on each department handling the nonpublic information,
Develop, monitor, and test a program to secure the information, and
Change the safeguards as needed with the changes in how information is collected, stored, and used.

This rule is intended to do what most businesses should already be doing: protecting their clients. The Safe-
guards Rule forces financial institutions to take a closer look at how they manage private data and to do a risk
analysis on their current processes. No process is perfect, so this has meant that every financial institution has
had to make some effort to comply with the GLBA.


§ 6801 - Protection of nonpublic information

(a) Privacy obligation policy                            It is the policy of the Congress that each financial in-
                                                         stitution has an affirmative and continuing obligation
                                                         to respect the privacy of its customers and to protect
                                                         the security and confidentiality of those customers’
                                                         nonpublic personal information.
(b) Financial institutions safeguards                    In furtherance of the policy in subsection (a) of this
                                                         section, each agency or authority described in sec-
                                                         tion 6805 (a) of this title shall establish appropriate
                                                         standards for the financial institutions subject to their
                                                         jurisdiction relating to administrative, technical, and
                                                         physical safeguards
                                                         (1) to insure the security and confidentiality of cus-
                                                         tomer records and information;

                                                         (2) to protect against any anticipated threats or haz-
                                                         ards to the security or integrity of such records; and

                                                         (3) to protect against unauthorized access to or use
                                                         of such records or information which could result in
                                                         substantial harm or inconvenience to any customer.




                                                                                                          Page 47
Enterprise Sales Compendium

2.3.1.4. Federal Information Security Management Act (FISMA)

The Federal Information Security Management Act of 2002 („FISMA“, 44 U.S.C. § 3541, et seq.) is a United States
federal law enacted in 2002 as Title III of the E-Government Act of 2002 (Pub.L. 107-347, 116 Stat. 2899). The
act recognized the importance of information security to the economic and national security interests of the
United States. The act requires each federal agency to develop, document, and implement an agency-wide pro-
gram to provide information security for the information and information systems that support the operations
and assets of the agency, including those provided or managed by another agency, contractor, or other source.

FISMA has brought attention within the federal government to cybersecurity and explicitly emphasized a „risk-
based policy for cost-effective security.“ FISMA requires agency program officials, chief information officers, and
inspectors general (IGs) to conduct annual reviews of the agency’s information security program and report the
results to Office of Management and Budget (OMB). OMB uses this data to assist in its oversight responsibilities
and to prepare this annual report to Congress on agency compliance with the act. In FY 2008, federal agencies
spent $6.2 billion securing the government’s total information technology investment of approximately $68 bil-
lion or about 9.2 percent of the total information technology portfolio.

FISMA assigns specific responsibilities to federal agencies, the National Institute of Standards and Technology
(NIST) and the Office of Management and Budget (OMB) in order to strengthen information system security. In
particular, FISMA requires the head of each agency to implement policies and procedures to cost-effectively re-
duce information technology security risks to an acceptable level.

According to FISMA, the term information security means protecting information and information systems from
unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confi-
dentiality and availability.

Federal information systems must meet the minimum security requirements. These requirements are defined in
the second mandatory security standard required by the FISMA legislation, namely FIPS 200 „Minimum Security
Requirements for Federal Information and Information Systems“. Organizations must meet the minimum secu-
rity requirements by selecting the appropriate security controls and assurance requirements as described in NIST
Special Publication 800-53, „Recommended Security Controls for Federal Information Systems“. The process of
selecting the appropriate security controls and assurance requirements for organisational information systems
to achieve adequate security is a multifaceted, risk-based activity involving management and operational per-
sonnel within the organization. Agencies have flexibility in applying the baseline security controls in accordance
with the tailoring guidance provided in Special Publication 800-53. This allows agencies to adjust the security
controls to more closely fit their mission requirements and operational environments. The controls selected or
planned must be documented in the System Security Plan.




Page 48
Messaging, Web, Infrastructure & Endpoint Products

The section SI-3 in SP-800-53 defines the Malicious Code Protection.


Control: The organization

a. Employs malicious code protection mechanisms at          Transported by electronic mail, electronic mail at-
information system entry and exit points and at work-       tachments, web accesses, removable media, or other
stations, servers, or mobile computing devices on the       common means; or Inserted through the exploitation
network to detect and eradicate malicious code:             of information system vulnerabilities;
b. Updates malicious code protection mechanisms
(including signature definitions) whenever new re-
leases are available in accordance with organisation-
al configuration management policy and procedures
c. Configures malicious code protection                     •   Perform periodic scans of the information system
mechanisms to                                                   [Assignment: organization-defined frequency]
                                                                and real-time scans of files from external sources
                                                                as the files are downloaded, opened, or executed
                                                                in accordance with organisational security policy;
                                                                and
                                                            •   [Selection (one or more): block malicious code;
                                                                quarantine malicious code; send alert to adminis-
                                                                trator; [Assignment: organization-defined action]]
                                                                in response to malicious code detection; and
d. Addresses the receipt of false positives during ma-
licious code detection and eradication and
the resulting potential impact on the availability of the
information system.

Supplemental Guidance: Information system entry and exit points include, for example, firewalls, electronic mail
servers, web servers, proxy servers, and remote-access servers. Malicious code includes, for example, viruses,
worms, Trojan horses, and spyware. Malicious code can also be encoded in various formats (e.g., UUENCODE,
Unicode) or contained within a compressed file. Removable media includes, for example, USB devices, diskettes,
or compact disks. A variety of technologies and methods exist to limit or eliminate the effects of malicious code
attacks. Pervasive configuration management and strong software integrity controls may be effective in prevent-
ing execution of unauthorized code. In addition to commercial off-the-shelf software, malicious code may also
be present in custom-built software. This could include, for example, logic bombs, back doors, and other types
of cyber attacks that could affect organizational missions and business functions. Traditional malicious code
protection mechanisms are not built to detect such code. In these situations, organizations must rely instead on
other risk mitigation measures to include, for example, secure coding practices, trusted procurement processes,
configuration management and control, and monitoring practices to help ensure that software does not perform
functions other than those intended.

Control Enhancements:
(1) The organization centrally manages malicious code protection mechanisms.
(2) The information system automatically updates malicious code protection mechanisms (including signature
definitions).
(3) The information system prevents non-privileged users from circumventing malicious code protection capabili-
ties.
(4) The information system updates malicious code protection mechanisms only when directed by a privileged
user.
(5) The organization does not allow users to introduce removable media into the information system.
(6) The organization tests malicious code protection mechanisms [Assignment: organization-defined fre-
quency] by introducing a known benign, non-spreading test case into the information system and
subsequently verifying that both detection of the test case and associated incident reporting occur, as required.




                                                                                                          Page 49
Enterprise Sales Compendium

2.3.1.5. Data Protection Directive (European Union)

The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the
processing of personal data and on the free movement of such data) is a European Union directive which regu-
lates the processing of personal data within the European Union. It is an important component of EU privacy and
human rights law. The directive was implemented in 1995 by the European Commission.

The right to privacy is a highly developed area of law in Europe. All the member states of the European Union (EU)
are also signatories of the European Convention on Human Rights (ECHR). Article 8 of the ECHR provides a right
to respect for one’s “private and family life, his home and his correspondence,” subject to certain restrictions.
The European Court of Human Rights has given this article a very broad interpretation in its jurisprudence. In
1981 the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data was
negotiated within the Council of Europe. This convention obliges the signatories to enact legislation concerning
the automatic processing of personal data, which many duly did.

In 1980, in an effort to create a comprehensive data protection system throughout Europe, the Organization
for Economic Cooperation and Development (OECD) issued its “Recommendations of the Council Concerning
Guidelines Governing the Protection of Privacy and Trans-Border Flows of Personal Data.” The seven principles
governing the OECD’s recommendations for protection of personal data were:

•   Notice - data subjects should be given notice when their data is being collected;
•   Purpose - data should only be used for the purpose stated and not for any other purposes;
•   Consent - data should not be disclosed without the data subject’s consent;
•   Security - collected data should be kept secure from any potential abuses;
•   Disclosure - data subjects should be informed as to who is collecting their data;
•   Access - data subjects should be allowed to access their data and make corrections to any inaccurate data;
    and
•   Accountability - data subjects should have a method available to them to hold data collectors accountable
    for following the above principles.

The OECD Guidelines, however, were nonbinding, and data privacy laws still varied widely across Europe. The
US, meanwhile, while endorsing the OECD’s recommendations, did nothing to implement them within the United
States. However, all seven principles were incorporated into the EU Directive.

The European Commission realised that diverging data protection legislation in the EU member states would
impede the free flow of data within the EU zone. Therefore the European Commission decided to harmonize data
protection regulation and proposed the Directive on the protection of personal data.

2.3.1.6. Basel II

Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued
by the Basel Committee on Banking Supervision. The purpose of Basel II, which was initially published in June
2004, is to create an international standard that banking regulators can use when creating regulations about
how much capital banks need to put aside to guard against the types of financial and operational risks banks
face. Advocates of Basel II believe that such an international standard can help protect the international finan-
cial system from the types of problems that might arise should a major bank or a series of banks collapse. In
practice, Basel II attempts to accomplish this by setting up rigorous risk and capital management requirements
designed to ensure that a bank holds capital reserves appropriate to the risk the bank exposes itself to through
its lending and investment practices. Generally speaking, these rules mean that the greater risk to which the
bank is exposed, the greater the amount of capital the bank needs to hold to safeguard its solvency and overall
economic stability.

Basel II uses a “three pillars” concept – (1) minimum capital requirements (addressing risk), (2) supervisory
review and (3) market discipline – to promote greater stability in the financial system. The first pillar defines the
operational risk by three different approaches - basic indicator approach (BIA), standardized approach (TSA), and
the internal measurement approach (an advanced form of which is the advanced measurement approach (AMA).

An operational risk is, as the name suggests, a risk arising from execution of a company’s business functions. It
is a very broad concept which focuses on the risks arising from the people, systems and processes through which
a company operates. It also includes other categories such as fraud risks, legal risks, physical or environmental
risks.



Page 50
Messaging, Web, Infrastructure & Endpoint Products

The following lists the official Basel II defined event types with some examples for each category:

•    Internal Fraud - misappropriation of assets, tax evasion, intentional mismarking of positions, bribery
•    External Fraud - theft of information, hacking damage, third-party theft and forgery
•    Employment Practices and Workplace Safety - discrimination, workers compensation, employee health and
     safety
•    Clients, Products, & Business Practice- market manipulation, antitrust, improper trade, product defects, fi-
     duciary breaches, account churning
•    Damage to Physical Assets - natural disasters, terrorism, vandalism
•    Business Disruption & Systems Failures - utility disruptions, software failures, hardware failures
•    Execution, Delivery, & Process Management - data entry errors, accounting errors, failed mandatory report-
     ing, negligent loss of client assets

To comply to the operation risk, malware protection solutions must be integrated and monitored accordingly.

2.3.1.7. Summary

                                                                                                         Policy
Compliance          Anti-Virus     Anti-Spam      Antiphishing      Encryption       Archiving
                                                                                                      enforcement
SOX                     V                               V                V               V                V
HIPAA                   V                               V                V               V                V
GLBA                    V                               V                V                                V
FISMA                   V               V               V                V                                V
EU                      V                               V                V               V                V
Basel II                V                               V                V               V                V




                                                                                                           Page 51
Enterprise Sales Compendium




Page 52
Product




Endpoint Security
Enterprise Sales Compendium




Page 54
Messaging, Web, Infrastructure & Endpoint Products


3. Kaspersky Endpoint Security

Kaspersky Endpoint Security provides centralized protection and full con-
trol over incoming and outgoing data (including email, web traffic and net-
work interactions) on Windows, Macs, Linux workstations and laptops,
and Smartphones for corporate users, whether they are working on the
office network or travelling on business.



                                                                                     Workstation




3.1. Endpoint Applications
Endpoint applications are basic for all type of KOSS products.

They are:

Kaspersky Anti-Virus 6.0 for Windows Workstations MP4
Kaspersky Anti-Virus for Windows Workstations uses the newest technologies from Kaspersky Lab and provides
centralized protection of workstations on the corporate network and beyond from all kinds of malware, potentially
dangerous programs, network attacks and unwanted mail.

Kaspersky Endpoint Security 8 for Mac
Kaspersky Endpoint Security for Mac provides a high level of protection that keeps information secure and fully
accessible and allows the centralized management of Mac workstations on the corporate network.

Kaspersky Endpoint Security 8 for Linux
Kaspersky Endpoint Security for Linux is based on a new antivirus engine and a range of optimization technolo-
gies that ensure the most efficient use of workstation resources and minimal impact on performance.

Kaspersky Endpoint Security 8 for Smartphones
Kaspersky Endpoint Security for Smartphones is a powerful and reliable solution for protecting corporate mobile
users from malicious programs, SMS spam and Internet attacks that target mobile platforms. It also provides
protection for confidential data stored on a Smartphone should the device be lost or stolen.




                                                                                                        Page 55
Enterprise Sales Compendium




Page 56
Application




Kaspersky Anti-Virus
for Windows Workstation Release 2
Enterprise Sales Compendium




Page 58
Messaging, Web, Infrastructure & Endpoint Products


3.2. Kaspersky Antivirus for Windows
Workstations Release 2
(KAV 6.0 for Windows WKS)
Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 provides
centralized protection of workstations on a corporate network and
beyond from all kinds of malware, potentially dangerous programs, network
attacks and unwanted mail. It has a relatively simple and user-friendly
interface, developed with the user’s needs in mind.

                                                                                     Workstation
Regardless of how big and complex your corporate network is, KAV 6.0
for Windows Workstation provides the ultimate in reliable, effective
performance. Straightforward deployment and a user-friendly interface
means it’s possible to have the solution up and running in no time.


3.2.1. Features and Benefits

Feature                             Description

Scanning Engine                     The new antivirus engine replaces the engine that has been used for the
(New!)                              last 10 years, and provides a range of benefits.

                                    •   significantly increased scanning speed
                                    •   lower impact on system resources
                                    •   reduced impact on operation of other applications
                                    •   the option to update the antivirus engine modules to implement
                                        new protection measures and new methods for detecting and treating
                                        malicious programs without having to reinstall the product. Module
                                        updates are implemented via updates of antivirus databases
                                    •   a completely new approach to the proactive detection of malware;
                                        extensive integration of heuristic technology in the antivirus engine
                                        enables the constant modification and creation of new, robust
                                        heuristics
                                    •   the scanning of packed files, including files that are packed multiple
                                        times, which increases the level of detection of malicious objects
Heuristic Analyser                  An heuristic analyzer based on emulation, or the so-called ‘sandbox’
(New!)                              principle, has been added to some components of KAV 6.0 for Windows
                                    WKS R2. In other words, if a sample program is not found in the antivirus
                                    databases, the heuristic analyzer imitates its launch in a secure virtual
                                    environment. This perfectly safe approach enables all the program’s
                                    actions to be analyzed and a conclusion to be reached about the potential
                                    threat that it poses before it runs in a live environment. Thus new threats
                                    are detected before their activity is recognized by virus analysts and before
                                    signatures are added to the database update.

                                    The virtual launch of programs uses up significant amounts of system
                                    resources, which is why, depending on the purpose of the various modules,
                                    the settings of the heuristic analyzer differ by default.

                                    Note: For Mail, File and Web Antivirus the heuristic analyzer is turned on
                                    by default, but with different level settings for each module. These changes
                                    were made to improve the efficiency of KAV 6.0 for Windows WKS R2.
Device Control                      The application enables the use of removable devices (data storage
(New!)                              devices, I/O devices) to be regulated on the corporate network.
                                    This reduces the risk of malicious programs penetrating users’ computers
                                    and helps prevent confidential data leaks.


                                                                                                         Page 59
Enterprise Sales Compendium

IM scanning                    Instant messaging is becoming more popular in the business environment.
(New!)                         KAV 6.0 for Windows WKS R2 checks files and links passed via instant
                               messengers (ICQ/MSN), protecting this data transmission channel from
                               malware and links to phishing sites.
Protection from phishing       Protection from phishing is now enabled in several components depending
                               on the source of the data - Mail Antivirus, Web Antivirus and Anti-Spam.
                               Link scanning is based on the phishing address database that is constant-
                               ly updated and Kaspersky Lab’s blacklist database. This provides users
                               with real-time protection from computer fraud.
Support for IPv6               It is predicted that the quantity of available IPv4 addresses will decline
                               significantly and in a couple years no free addresses may be left at all.
                               KAV 6.0 for Windows WKS R2 already supports the new IPv6 protocol,
                               which is intended to solve the problem of a lack of IP addresses.
New algorithm for analysing    The effectiveness of email filters has been increased thanks to the use of
spam                           server technology. Now, in addition to the Bayesian algorithm and header
                               and image recognition algorithms, a new recognition algorithm, Recent
                               Terms, was added. With the help of this technology, Anti-Spam searches
                               for phrases in the text of the message which are characteristic of spam.
                               These phrases are stored in updatable Anti-Spam databases
Scanning for rootkits          The new engine allows malicious programs utilizing rootkit technologies to
                               be combated even more effectively. The problem of rootkits is becoming
                               increasingly acute, which is why Rootkit Scan is included in antivirus scan-
                               ning as a separate setting.
Scanning when a system         The new version of KAV 6.0 for Windows WKS R2 enables on-demand
is inactive                    scanning only when nobody is working at a computer that is switched on,
                               i.e. it is locked or the screensaver is active. This allows a combination of
                               scanning and heuristic analysis without affecting employee productivity.
SSL connection checks          Now it is possible to check the secure connections not only in IE, but also
                               in Opera and Firefox.



3.2.1.1. New features compared to previous version

Antivirus engine (New!)
Heuristic analyzer (New!)
Device Control (New!)
IM scanning (New!)




Page 60
Messaging, Web, Infrastructure & Endpoint Products

3.2.2. Centralized management
Using the Kaspersky Administration Kit 8.0, systems administrators can now conceal the interface or the antivi-
rus client icon on corporate network workstations, preventing users from interfering with the antivirus protection.
The Kaspersky Administration Kit 8.0 provides centralized administration for Kaspersky Anti-Virus for Windows
Workstations, enabling installation, configuration and updating of all Kaspersky Lab solutions on the network.


Feature                             Description

Configuration options               The administrator can use the security policies and tasks in the program to
                                    configure protection parameters for groups of workstations or for individ-
                                    ual workstations, launch antivirus scans, receive reports on events on the
                                    network, install license keys and update signature databases and program
                                    modules.
Quarantine for infected and         Secure storage locations for infected and suspicious objects are contained
suspicious objects                  in a centrally managed database. Objects and/or their copies stored in
                                    these local folders are not accessible to users, but the administrator can
                                    retrieve information from them.
Notifications and reporting         A wide variety of reports are available, providing information on the pro-
                                    gram’s status and performance. The system administrator receives notifi-
                                    cations of certain types of events (such as the detection of a virus).
Automatic updating                  Updates to antivirus databases and application modules are available
                                    on-demand or automatically according to a schedule. Updates can either
                                    be downloaded directly from Kaspersky Lab servers on the Internet or from
                                    local servers on the network.



3.2.3. Supported platforms and third-party software
System requirements:
300 MB available HDD space
CD-ROM drive (for installing the program from CD)


Operating systems                                         Hardware requirements

Microsoft Windows 7 Professional / Enterprise /           Intel Pentium processor 800 MHz 32-bit (x86)/
Ultimate Microsoft Windows 7 Professional /               64-bit (x64) or higher (or a compatible CPU)
Enterprise / Ultimate x64                                 512 MB available RAM
Microsoft Windows Vista
Microsoft Windows Vista x64
Microsoft Windows 2000 Professional                       Intel Pentium processor 300 MHz or higher
(Service Pack 4 or higher)                                (or a compatible CPU)
Microsoft Windows XP Home Edition                         128 MB available RAM
Microsoft Windows XP Professional
(Service Pack 1 or higher)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows 98(SE)                                  Intel Pentium processor 300 MHz or higher
Microsoft Windows ME                                      (or a compatible CPU)
Microsoft Windows NT Workstation 4.0                      64 MB available RAM
(Service Pack 6a)

Note: Microsoft Windows 98(SE), Microsoft Windows ME and Microsoft Windows
NT Workstation 4.0 (Service Pack 6a) supports Kaspersky Anti-Virus for Windows Workstation 6.0.3.x




                                                                                                          Page 61
Enterprise Sales Compendium

3.2.4. Independent tests results
The Kaspersky Lab anti-malware engine not only provides premium protection, it also increases scanning speed,
lowers the impact on system resources and reduces the degradation of other business-critical applications dur-
ing scans and updates. Kaspersky Anti-Virus 6.0 for Windows Workstations is famous for its consistently high rat-
ing for malware detection in independent tests, e.g. VB100, where the corporate endpoint product outperformed
all major competitors in the wide-scale business market:

Virus Bulletin stated: “Kaspersky Lab once again submit-
ted a pair of products this month, with version 6 being the
more business focused of the two. The MSI installer pack-
age weighed in at a mere 63MB, although a multi-purpose
install bundle was considerably larger, and installed fairly
quickly and simply. A reboot and some additional set-up
stages – mainly related to the firewall components – add-
ed to the preparation time. Testing tripped along merrily for
the most part, with some excellent speed improvements
in the ‘warm’ scans, and on-access times were in the mid-range, with some very low
RAM usage and slightly higher use of CPU cycles when busy. After large on-demand
scans, logging proved something of an issue – large logs were clearly displayed in
the well-designed and lucid GUI, but apparently impossible to export; a progress dialog lurked a small way in
for several hours before we gave up on it and retried all the scans in smaller chunks to ensure usable results.
These scores in the end proved thoroughly decent across the board, with no issues encountered in handling the
required certification sets, and a VB100 award is granted to Kaspersky Lab’s version 6.”

3.2.5. Certificates

Certification                       Details

INTEL                               Kaspersky Anti-Virus for Windows Workstations 6.0 R2 has received the
                                    following certificates:

                                    «Runs great on Intel Centrino»;
                                    «Runs great on Intel Core 2 Duo»;
                                    «Runs great on Intel Core 2 Quad»;
                                    «Runs great on Intel Core i7».

Microsoft                           Kaspersky Anti-Virus for Windows Workstations 6.0 R2 has received the
                                    following certificate:

                                    «Windows 7 Compatible».

VMWare (in progress)                Vendor compatibility




Page 62
Messaging, Web, Infrastructure & Endpoint Products

3.2.6. FAQ

3.2.6.1. KAV 6.0 for Windows WKS

Why is Kaspersky Antivirus 6.0 for Windows Workstation slowing my system down?

KAV 6.0 for Windows WKS continually balances performance and security. It can provide resources to another
application when the user is working with resource-intensive applications and can scan the system when the PC
is not in use in order not to overload the system.

How can the product reduce the cost, time and pain of managing IT security in a company?

Choose products designed to make your job easy and be sure to consider the total cost of ownership in addition
to the initial purchase cost. Look for a product with simple-to-create policies that prevent users from making
costly mistakes. Using Kaspersky Anti-Virus 6.0 for Windows WKS, employees will not be interrupted while work-
ing in the event of a malware outbreak as the systems administrator can simply neutralized the problem remotely.

How can an antivirus solution detect unknown threats?

The new generation heuristic analyser allows more efficient detection and blocking of previously unknown mali-
cious software. Kaspersky Lab has integrated the heuristic analyser into the File Anti-Virus and Scan on Schedule
modules of Kaspersky Anti-Virus version 6.0 MP4, whilst in Kaspersky Anti-Virus 6.0 for Windows Workstations
MP4, the heuristic analyser has also been added to the Mail Anti-Virus and Web Anti-Virus modules. The heuristic
analyser in Kaspersky Lab’s version 6.0 MP4 products works on the basis of emulation, or so-called “sandbox”
technology.

What are rootkits? Why are they so dangerous?

The term “rootkit” refers to a set of programs that allow a hacker to maintain access to a computer after cracking
it and that prevent the hacker being detected. Both writers of illegal viruses and developers of so-called “legal”
spyware programs openly advertise that programs concealed using rootkits are invisible to the user and unde-
tectable by antivirus programs.

The new antivirus kernel provides more efficient defence against rootkit-based malware. Rootkit popularity keeps
growing due to a number of factors. Firstly, source codes for various rootkits are distributed freely on the Internet
and this allows any virus writer to create new variants of them. Secondly, a large number of Windows OS users are
working under administrator privileges, making it easier for a rootkit to install successfully on their PCs.




                                                                                                            Page 63
Enterprise Sales Compendium

Are there several possible ways to install KAV 6.0 for Windows WKS?


Method                               Description

Installation using the               You can run the installation file from the CD/DVD disc you purchased, or
Setup Wizard                         you can download it for free from the Kaspersky Lab website.

Installation from the Command        Installation from the Command Line allows the product to be installed with
Line. Installation in silent mode.   the user’s involvement (the Setup Wizard will launch), or without it (the
                                     installation will start in silent mode).
Installation via the Kaspersky       Kaspersky Administration Kit 8.0 allows a Kaspersky Anti-Virus installa-
Administration Kit 8.0 program       tion process to be started simultaneously on multiple computers from an
suite. Remote installation.          administrator’s computer. The setup process will not generally be visible
                                     on these machines and will not distract users from their work, depending
                                     on the settings of Kaspersky Administration Kit 8.0.
Installation using the Group         Remote installation of Kaspersky Lab programs without using Kaspersky
Policy Object Editor.                Administration Kit 8.0.
Installation with predefined         f you want to install Kaspersky Anti-Virus with common settings without
settings                             implementation of Kaspersky Administration Kit 8.0 on the local network,
                                     you can create an alternative configuration file and use it in the process of
                                     installation
Installation on top of previously    It is possible to install a new Kaspersky Lab product on top of the already
installed Kaspersky Lab              installed one. However, such installation has some specific features you
programs                             should be aware of. More information is on Kaspersky Technical support
                                     site
Installation of Kaspersky Lab        Kaspersky Anti-Virus has a special detection module which recognizes
products on top of antivirus         the most popular antivirus software of other vendors. When you install
software of other vendors.           Kaspersky Anti-Virus and it will request that the user uninstalls other ven-
                                     dors’ products first.




Page 64
Application




Kaspersky Endpoint Security for Mac
Enterprise Sales Compendium




Page 66
Messaging, Web, Infrastructure & Endpoint Products


3.3. Kaspersky Endpoint Security for Mac
(KES for Mac)
Kaspersky Endpoint Security for 8 Mac is an application intended for the
protection of desktops and laptops running the Mac OS X operating sys-
tem from viruses and other malware threats. It provides a high level of
security that keeps information safe and allows the centralized manage-
ment of Mac workstations on the corporate network.

Because of the new antivirus engine, KES 8 for Mac significantly increas-
es the quantity and quality of malware protection beyond that which is
                                                                                             Mac
standard on Apple Macintosh machines. It also protects Mac users’ repu-
tations by identifying threats to Windows and Linux users which they may
accidently pass on to colleagues and business partners.


3.3.1. Features and Benefits

Feature                             Description

Scanning Engine                     The new KLAVA-technology based antivirus engine provides excellent
(New!)                              protection from the latest threats.
Detected Threats                    Kaspersky Endpoint Security 8 for Mac detects and neutralizes Mac, Linux
                                    and Windows malware, threats and viruses.
On-access Scan                      The product detects and neutralizes security threats in real-time mode
                                    when objects are accessed during open, copy, run or save operations.
On-demand Scan                      The product can perform in-depth, on-demand scanning for viruses and
                                    threats in specified areas by user’s request or by schedule. By default,
                                    Kaspersky Endpoint Security provides the most demanded scanning tasks:

                                    •   Full Scan
                                    •   Critical Areas Scan
Updates                             The update task downloads signature and application module updates
                                    from Kaspersky Lab servers. Kaspersky Endpoint Security can create a
                                    back up copy of the updates in order to rollback update bases. The Client
                                    checks for updates several times a day.
Intuitive Mac OS interface          The user-friendly and intuitive interface keeps the user experience similar
(New!)                              to other Mac OS applications. As a result, KAV for Mac 8 looks and acts
                                    just like any other Mac OS application.
Quarantine and backup storage       Potentially dangerous and suspicious programs will be moved to a
                                    quarantine area. Files are stored there in an encrypted format. Quar-
                                    antined objects can be checked against the latest databases or can be
                                    restored if deemed safe by the user. Before disinfecting or deleting a file, it
                                    is copied and saved in Backup storage, making restoration possible in the
                                    case of a false positive or for some other reason.

                                    Advantage: Original files are retained regardless of the actions of the anti-
                                    virus program. The file is backed up in its original form.
iSwift technology                   Intelligent High-Speed Scanning technology, which is an integral part of
                                    Kaspersky Endpoint Security 8 for Mac, is designed for HFS file systems
                                    where each object is assigned an identifier. This identifier is then checked
                                    against the iSwift database. If there is a mismatch, the object undergoes
                                    a scan. Modified objects are rescanned as well. The algorithm ignores any
                                    intermediate scans and their quantity, considering only the time between
                                    the first and the last scan of the object. The object will also be scanned
                                    after setting stricter object scan settings.



                                                                                                            Page 67
Enterprise Sales Compendium

New features compared to previous versions:
There are no previous corporate applications for the Mac OS.

3.3.2. Centralized management
Centralized management via Kaspersky Administration Kit 8.0 allows:


Feature                            Description

the remote installation of         •   the running of scan and update tasks
Kaspersky Endpoint Security        •   the remote activation of applications
on computers provided that         •   the viewing of statistics and the creation of reports about the endpoint
Network Agent is already               security statuses of all computers on the network
installed                          •   the enforcement of common security policies and mobile policies on
                                       client computers
Remote Deployment                  The remote deployment process has system limitations: As out-of-the-box
(with limitation)                  Mac workstations do not allow remote connection as Windows does, they
                                   need to be prepared first.

                                   There are several ways to do this:

                                   Secure Shell
                                   • enable ’Remote access’ on the Mac workstation
                                   • install Network Agent remotely through SSH
                                   • deploy KES 8 for MAC using Kaspersky Administration Kit 8.0

                                   Remote login
                                   • enable ‘Remote login’ on the Mac workstation
                                   • login to the workstation and install Network Agent
                                   • deploy KES 8 for MAC using Kaspersky Administration Kit 8.0
Notifications                      Administrators can be notified about system events on Mac workstations
                                   via the common Kaspersky Administration Kit 8.0 model.
Reports                            Kaspersky Endpoint Security 8for Mac can generate reports concerning
                                   virtually every system event, allowing users to view the results of system
                                   checks.



3.3.3. Supported platforms and third-party software

Operating systems                  Hardware requirements

10.6 (32/64bit) -                  Intel-based Mac computer
"Snow Leopard"                     1 GB RAM
10.5 (32-bit edition) - "Leopard   500 MB free hard drive space
10.4 (32-bit edition) - "Tiger"

PowerPC processor is not supported




Page 68
Messaging, Web, Infrastructure & Endpoint Products

3.3.4. Certificates

Apple (in progress)                 Vendor compatibility

Check Mark (in progress)            Anti-virus Dynamic
                                    Anti-Trojan
                                    Anti-Virus
                                    Anti-Spyware Desktop

OPSWAT (in progress)                Vendor compatibility



3.3.5. Competitor Overview
Symantec AntiVirus for Macintosh automatically removes Mac and PC viruses from email attachments, Internet
downloads, and other sources to safeguard the corporate network. Centralized deployment, administration, re-
porting, and distribution of virus definition updates simplify enterprise-wide management of Mac clients.
As a plug-in for OfficeScan Client-Server Suite, Trend Micro Security for Mac 1.5 leverages Trend Micro™ Smart
Protection Network™ to proactively limit exposure to threats. Real-time, in-the-cloud Web Reputation technology
prevents users and applications from accessing malicious web content. With powerful detection capabilities for
malware that targets various operating systems, Trend Micro Security for Mac supports a consistent security de-
ployment across all endpoints, regardless of their form factor or operating system.

McAfee Endpoint Protection for Mac is an essential security solution for protecting the data on your Mac end-
points. Advanced protection technologies, including antivirus, anti-spyware, firewall, and application protection,
along with centralized management with McAfee’s ePolicy Orchestrator (ePO), allow businesses to secure their
Mac endpoints and ensure compliance with security policies.
Sophos Anti-Virus for Mac – part of Sophos Endpoint Security and Data Protection – provides protection for both
Intel-based and PowerPC-based Macintosh servers, desktops and laptops. It detects non-Mac viruses hidden on
Mac computers and is easy to manage in both all-Mac and mixed environments.

                                                                                     McAfee
                                                     Symantec       Trend Micro                      Sophos
                                      KES 8 for                                     Endpoint
Features/Competitors                                AntiVirus for     Security                      Anti-Virus
                                        Mac                                         Protection
                                                     Macintosh        for Mac                        for Mac
                                                                                     for Mac
Centralized management                    V                V             V              V               V
Web Management Console                    X                V             V              V               X
Mac OS X 10.4                             V                V             V              V               V
Mac OS X 10.5                             V                V             V              V               V
Mac OS X 10.6                             V                V             V              V               V
MacOS X Server                            V                X             V              X               X
Anti-Virus                                V                V             V              V               V
Anti-spyware                              V                V             V              V               V
Firewall                                  X                X             X              V               X
Anti-rootkit                              X                X             V              X               X
Web Anti-Virus                            X                X             V              X               X
Mail Anti-Virus                           X                X             X              X               X
Application contol                        X                X             X              V               X
Device control                            X                X             X              X               X




                                                                                                         Page 69
Enterprise Sales Compendium

3.3.6. FAQ

3.3.6.1. KES 8 for Mac

There is a belief that Macintosh computers are not affected by viruses. Why do companies need Kaspersky End-
point Security 8 for Mac?

There is no doubt that Mac’s are affected by malware. There are over 200 specific Mac threats in circulation and
Apple’s current antivirus solution protects against very few of them, for example, there are more than 20 Trojans
targeting Mac users. Trojans are among the most dangerous types of threat around, but Apple’s current security
solution only defends against 2 of them. Until recently, Apple’s standard security measures provided adequate
protection from the limited threat of cybercrime, but as Apple has grown more successful they have become a
much more attractive target for cybercriminals and this is reflected by the significant increase in the number of
threats recorded during past year.

Why should customer trust Kaspersky Lab with his security more than Apple?

The customer can rely on Kaspersky Lab’s specialist knowledge to strengthen your Mac’s security. We have long
since been regarded as a leader in the field of software security, with our technology being used in the products
of over 100 other security companies. Of the leading software security companies in the world, Kaspersky Lab is
the fastest growing.
• Kaspersky Lab was the first to develop many technological standards in the antivirus industry
• We are an international company employing over 1,500 highly-qualified specialists
• The Company is represented in more than 100 countries across the globe
• Our products provide protection for over 250 million users worldwide

Will KES 8 for Mac stop threats passing to Windows and UNIX workstations?

Kaspersky Endpoint Security 8 for Mac will stop PC and UNIX threats being passed from customer’s Mac to other
computers or business partners, ensuring that the network is not damaged and the business reputation remains
completely intact.

Can a PC virus damage a Mac?

Some PC viruses can damage the data on Mac’s, for example, such threats may be embedded into HTML code or
macros within office documents. However it is more likely that these types of threats will only have a small impact
on a Mac’s performance as they try to execute, but fail to find the target PC OS libraries they are targeting.

Will KES 8 for Mac impact system performance?

When idle, Kaspersky Endpoint Security 8 for Mac will consume less than 1% of a Mac’s processing capability and
will not be noticed by most users. When scanning the file system, the application will consume more processing
power. However, it has built-in load balancing capability to dramatically reduce its impact if the Mac is in use at
the time. Administrators can also schedule scans for those times when users are unlikely to be using their Mac’s.




Page 70
Messaging, Web, Infrastructure & Endpoint Products

Is it possible to remotely install KES 8 for Mac?

There are several limitations on Mac workstations that need to be considered during the remote deployment
process. The following steps will help administrators to avoid problems:

1. Create and package KES 8 for MAC using the Kaspersky Administration Kit 8.0
2. Install the Kaspersky Administration Kit 8.0 Network Agent on the Mac workstation (3 ways):
         Local
         Install Network Agent locally
         SSH
3. Enable ‘Remote Access’ on the workstation
4. Install the Network Agent through SSH
5. Remote login
         Enable ‘Remote Desktop’ on the workstation
         Install Network Agent via a remote desktop session
6. Create a group containing the Mac workstation
7. Create a software deployment task
8. Deploy the client to the Mac workstation

Is it possible to manage Mac’s from a single administration center?

All KES 8 for Mac computers can be managed remotely. Administrators can group Mac workstations and define
specific security policies for them, run updates, run license deployment and scan tasks and view reports and sta-
tistics. Remote management via the Kaspersky Administration Kit 8.0 operates in the same way as for Windows
and Linux workstations.

KES 8 for Mac also supports mobile policies in Kaspersky Admin Kit 8.0. It is possible to distribute it on Mac’s.

How is KES 8 for MAC activated?

The application can be activated either remotely with a key file or locally with either an activation code or a key
file. To deploy a license remotely, an administrator needs to create a remote activation task, specify its param-
eters and then target its deployment to a specific group of workstations.

What level of protection will KES 8 for Mac offer customer when he runs a PC emulator?

Although Kaspersky Endpoint Security 8 for Mac does protect Mac operating system against PC and Linux threats,
if customer either boots Mac as a PC or runs a PC emulator on top of Mac OS, KES 8 for Mac will not protect him.
If files are then transferred to Mac OS, the threats will be identified and neutralized as usual. If customer regularly
uses a PC emulator on Macintosh, Kaspersky Lab would strongly recommend another Kaspersky Anti-Virus to
ensure that he is protected.

What will happen when the license for Kaspersky Endpoint Security 8 for Mac expires?

If customer is using a purchased version of Kaspersky Endpoint Security 8 for Mac, when the license expires
the application will continue to work, but it will not receive any further updates to protect against new malware
threats when they emerge. If customer is running a trial version of the software it will stop working when the
license period expires.

Can Kaspersky Endpoint Security 8 for Mac be activated by an activation code for the consumer version of
Kaspersky Anti-Virus for Mac?

KES 8 for Mac is not compatible with activation codes from consumer Kaspersky Anti-Virus for Mac. Now it is
only compatible with a key from Kaspersky Work Space Security products and with a key for “workstations and
servers” from all other KOSS products.

Is it possible to install two or more antivirus applications on one Mac OS X?

It is not advisable to run more than one antivirus application on any computer at the same time. This is because
antivirus software spends much of its time working at operating system level. This would be regarded as suspi-
cious behaviour for most types of software, and cause continual alerts due to the behaviour of each solution.



                                                                                                              Page 71
Enterprise Sales Compendium

Is it necessary to purchase a separate security product for the PC emulator?
Kaspersky Lab strongly recommends customer to use another Kaspersky Anti-Virus if he accepts data onto Mac’s
PC emulator from any other computer via the Internet, network connection or USB stick, etc.

Is it possible to install Kaspersky Administration Kit 8.0 on a Mac?

Administrator can remotely manage Mac’s using Kaspersky Administration Kit 8.0 from any of PCs in the net-
work, but it is not possible to install it on the Mac OS.

Does KES 8 for Mac have a trial version?

Customer can download a one month trial version (depending upon your region) free of charge from our website.

Which corporate products include KES 8 for Mac?

Kaspersky Endpoint Security 8 for Mac is included into all Kaspersky Open Space Security products:
• Kaspersky Work Space Security
• Kaspersky Business Space Security
• Kaspersky Enterprise Space Security
• Kaspersky Total Space Security

Does a company need to order an additional product key for Mac if it has already purchased KOSS products for
use on Windows workstations?

It is possible to use the same key file on all endpoint applications. The only limitation is that the total amount of
endpoints (Windows, Linux, Mac and Smartphone) should not exceed KOSS’s designated amount.
KES 8 for Linux




Page 72
Application




Kaspersky Endpoint Security for Linux
Enterprise Sales Compendium




Page 74
Messaging, Web, Infrastructure & Endpoint Products


3.4. Kaspersky Endpoint Security for Linux
(KES for Linux)
Kaspersky Endpoint Security 8 for Linux provides strong and reliable pro-
tection to computers running Linux operating systems from all types of
viruses, spyware and other malware programs. The application has an
intuitive, user-friendly interface making it simple to use when checking
antivirus protection statuses.

KES 8 for Linux is less resource intensive due to the new antivirus engine.
The application is based on the new Kaspersky Anti-Virus Engine 8.0 and
a range of optimization technologies that ensure the most efficient use of                   Linux
workstation resources, with minimal impact on performance.


3.4.1. Features and Benefits

Features                             Description

Scanning Engine                      The new antivirus engine gives users the following advantages:
(New!)
                                     the new heuristic technologies used in the product combined with tradi-
                                     tional signature-based malware detection methods mean that it is even
                                     more effective the product does not need to be reinstalled in order to
                                     update the malware detection and treatment modules, or the antivirus
                                     engine
Light Application                    Kaspersky Endpoint Security provides low system resource usage (СPU,
                                     Disk usage, Disk I/O). Intelligent allocation of system resources between
                                     applications Kaspersky Endpoint Security 8 for Linux can pause its work
                                     in order to provide system resources to other applications. The application
                                     can pause not only scan tasks, but file antivirus tasks too.
On-access Scan                       Scans files in real time as they are opened, copies, run and saved. Detects
                                     and neutralizes security threats that attempt to access the file system.
On-demand Scan                       The product can perform on-demand antivirus scanning of specified drive
                                     areas by user demand or by schedule. It can detect, analyze, disinfect
                                     where possible, remove or isolate all malware treats in a selected area.
                                     Kaspersky Endpoint Security uses a proactive heuristic analyzer engine to
                                     increase detection rates.
Scanning from file managers          Kaspersky Endpoint Security can scan files from Nautilus and Dolphin file
                                     managers.
Regular database updates             The update task downloads signatures and application module updates
                                     from Kaspersky Lab servers. Where necessary, updates can be rolled back.

                                     Advantage: Application module task should perform using the DeltaRPM
                                     technology in order to minimize internet traffic usage and to use
                                     applications correctly.
Quarantine and backup storage        Potentially dangerous and suspicious programs are encrypted and placed
                                     into a quarantine area where they can be checked against the latest data-
                                     bases or can be restored if deemed safe by the user. Before disinfecting or
                                     deleting a file, it is copied and saved in Backup storage, making restoration
                                     possible in the case of a false positive or for some other reason.

                                     Advantage: Original files are retained regardless of the actions of the
                                     antivirus program. The file is backed up in its original form together with all
                                     of its attributes; including its security settings. Both traditional UNIX
                                     access rights and ACLs are saved.



                                                                                                            Page 75
Enterprise Sales Compendium

Intuitive Interface                 The GUI which is integrated into the Gnome and KDE desktop
                                    environments allows monitoring of the protection status. View detected
                                    malware, statistics and license information, run on-demand scans and
                                    antivirus database update tasks.
Command Line Management             Various antivirus administration tasks such as on-demand scans, on-
                                    access scans and update tasks for detailed configuration (i.e. protection
                                    level, scheduling, scan exclusions, database update sources and so on)
                                    can be managed via the Command Line, as well as report generation,
                                    monitoring and retrospective analysis tasks.



3.4.1.1. New features compared to previous versions:

New features compared to Kaspersky Antivirus for Linux Workstations 5.7

•   local GUI, integrated into KDE and GNOME desktop environments
•   flexible scan settings
•   pop-up notification about security events
•   reduced system resource usage
•   increased scan performance
•   increased malware detection rates (new AV Engine)
•   manageability via Kaspersky Administration Kit 8.0 (Security Center) improved significantly
•   remote installation via Kaspersky Administration Kit 8.0
•   antivirus databases can be updated from the Kaspersky Administration Kit 8.0 server
•   enhanced monitoring and reporting features
•   built-in Quarantine/Backup storage


3.4.2. Centralized management
Centralized management using Kaspersky Administration Kit 8.0 allows:

•   the remote installation and removal of Kaspersky Endpoint Security on or from computers
•   the update of signature databases and application modules and to rollback updates Improved!
•   the running of scan tasks with different settings
•   the remote activation of applications via a key file
•   the viewing of statistics and the creation of reports about the endpoint security statuses of all computers on
    the network
•   the enforcement of common security policies on client computers and the use of group tasks

Notifications:
An administrator can be notified via instant messaging services, email, SMTP or the Kaspersky Administration Kit
8.0 about system events on Linux workstations.

Reports:
Kaspersky Endpoint Security 8 for Linux can generate reports about virtually every system event, allowing users
to view the results of system checks.




Page 76
Messaging, Web, Infrastructure & Endpoint Products

3.4.3. Supported platforms and third-party software

Operating systems                              Hardware requirements

32-bit OS:                                     Intel Pentium II 400 MHz processor or higher;
Red Hat Enterprise Linux 5.5 Desktop           512 MB RAM.
Fedora 13                                      1 GB of swap
CentOS-5.5                                     2 GB free hard drive space for installation of the application
SUSE Linux Enterprise Desktop 10 SP3           and storage of temporary files.
SUSE Linux Enterprise Desktop 11 SP1
openSUSE Linux 11.3
Mandriva Linux 2010 Spring
Ubuntu 10.04 LTS Desktop Edition
Debian GNU/Linux 5.0.5
64-bit OS:                                     Intel Pentium II 400 MHz processor or higher;
Red Hat Enterprise Linux 5.5 Desktop           512 MB RAM.
Fedora 13                                      1 GB of swap
CentOS-5.5                                     2 GB free hard drive space for installation of the application
SUSE Linux Enterprise Desktop 10 SP3           and storage of temporary files.
SUSE Linux Enterprise Desktop 11 SP1
openSUSE Linux 11.3
Ubuntu 10.04 LTS Desktop Edition
Debian GNU/Linux 5.0.5

The application allows the running of scans and updating tasks in the Gnome and KDE graphic shells. It also sup-
ports the scanning of selected objects from Nautilus and Dolphin file managers.

3.4.4. Certificates

Certification                      Details

Red Hat (in progress)              Vendor compatibility
Novell (in progress)               Vendor compatibility
OPSWAT (in progress)               Vendor compatibility
Check Mark (in progress)           Anti-virus Dynamic
                                   Anti-Trojan
                                   Anti-Virus
                                   Anti-Virus Disinfection
                                   Anti-Spyware Desktop



3.4.5. Competitors’ overview
Symantec AntiVirus™ for Linux® includes real-time antivirus file protection through Auto-Protect scanning, and
file system scanning via manual and scheduled scans. You can schedule periodic definitions file updates by us-
ing the SAV command-line interface or by using the LiveUpdate™ Administration Utility and having your client
computers retrieve the updates from a local server.

Protect your Linux file servers from becoming unwitting hosts for viruses, trojans and a full range of other mal-
ware. Trend Micro ServerProtect™ for Linux™ offers real-time protection, high performance and low processing
overhead, and supports all common Linux distributions. Managed through an intuitive, portable Web-based con-
sole or Linux command line console, ServerProtect provides centralized virus scanning, pattern updates, event
reporting and antivirus configuration.

McAfee VirusScan Enterprise for Linux keeps viruses and other malware off Linux systems with a scalable and
easy to manage solution. Product delivers always-on, real-time antivirus protection for Linux environments. Its
unique, Linux-based on-access scanner constantly monitors the system for potential attacks. Regular automatic
updates from McAfee Labs protect your enterprise from the latest threats without requiring a system reboot.

                                                                                                         Page 77
Enterprise Sales Compendium


Sophos Anti-Virus for Linux – part of Sophos Endpoint Security and Data Protection – provides superior on-ac-
cess scanning for Linux desktops, laptops and servers, delivering excellent performance, stability and reliability,
along with out-of-the-box support for the widest range of Linux distributions.

                                                                                     McAfee
                                                Symantec         Trend Micro                          Sophos
                                                                                   VirusScan
Features/Competitors        KES 8 for Linux     AntiVirus       ServerProtect                        Anti-Virus
                                                                                   Enterprise
                                                for Linux          for Linux                         for Linux
                                                                                    for Linux
Centralized
                                   V                X                 V                V                 V
Management
Web Management
                                   X                X                 V                V                 X
Console
Anti-virus                         V                V                 V                V                 V
Anti-spyware                       V                V                 V                V                 V
Endpoint UI                       GUI               X                 X                X              Web UI
CLI                                V                V                 V                V                 V

32-bit and 64-bit operating system

Red Hat Enterprise
                                  5.x              5.x               5.x               5.x              5.x
Linux
Fedora                            13                13                X                12                X
CentOS                            5.x               X                5.x               5.x               X
SUSE Linux Enterprise          10.x, 11          10.x, 11         10.x, 11          10.x, 11         10.x, 11
openSUSE Linux                   11.3               X                 X                X               10.x
Mandriva Linux 2010
                                  5.1               X                 X                X                 X
Spring
Ubuntu 10.04 LTS
                                 10.4              10.4               X               9.10             8.04
Desktop (Server) Edition
 Debian GNU/Linux                 5.x              5.x               3.1                X                X
 Novell Open Enterprise
                                   X              OES2                X              OES2              OES2
 Server 2




Page 78
Messaging, Web, Infrastructure & Endpoint Products

3.4.6. FAQ

3.4.6.1. KES 8 for Linux

What are the system requirements for Kaspersky Endpoint Security 8 for Linux?
KES 8 for Linux protects a wide range of both 32-bit and 64-bit Linux OSs


32-bit OS

Red Hat Enterprise Linux 5.5 Desktop
Fedora 13
CentOS-5.5
SUSE Linux Enterprise Desktop 10 SP3
SUSE Linux Enterprise Desktop 11 SP1
openSUSE Linux 11.3
Mandriva Linux 2010 Spring
Ubuntu 10.04 LTS Desktop Edition
Debian GNU/Linux 5.0.5

64-bit OS

Red Hat Enterprise Linux 5.5 Desktop
Fedora 13
CentOS-5.5
SUSE Linux Enterprise Desktop 10 SP3
SUSE Linux Enterprise Desktop 11 SP1
openSUSE Linux 11.3
Ubuntu 10.04 LTS Desktop Edition
Debian GNU/Linux 5.0.5


Does KES 8 for Linux have a separate interface to the Windows WKS application?

Yes, Kaspersky Endpoint Security 8 for Linux uses Linux’s simple and intuitive interface.

How is KES 8 for Linux activated?
The application can be activated remotely or locally using the key file. To deploy a license remotely an administra-
tor should create a remote activation task, specify the parameters, attach the license and target deployment to
a specific group of workstations. An administrator can add two key files, one of them will be active and the other
will be the reserve and start working after the first key expires.

What is the procedure for installing KES 8 for Linux remotely?

For remote deployment on Linux computers, administrators should first install Network Agent on them. To install
Network Agent, the administrator must run the following command locally or remotely using the Remote console
(SSH):

from .rpm-packages:
# rpm -i klnagent-<build number>.i386.rpm
from .deb-packages:
# dpkg -i klnagent_<build number>_i386.deb
from .deb-packages to 64-bit operating system:
# dpkg -i --force-architecture klnagent_<build number>_i386.deb

After performing the command the installation process will run automatically. To set Network Agent parameters,
the administrator must run the following script:
# /opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl




                                                                                                           Page 79
Enterprise Sales Compendium

While the script runs, the following actions can be performed:

Set the DNS name or IP address of the Administration Server.
Set the Administration Server port or use the default port (14000).
Set the Administration Server SSL port or use the default port (13000).
Select whether or not to use an SSL connection for data transfer. An SSL connection is enabled by default.
Set the group name or use the default name based on the computer’s DNS name.

To remotely install KES 8 for Linux, the administrator must create an installation package and create and run the
remote installation task to managed computers from the Administration Server. The process is similar to KAV 6.0
for Windows WKS remote installation.

How is KES 8 for Linux managed using Kaspersky Administration Kit 8.0?

Remote management via Kaspersky Administration Kit 8.0 operates in the same way as for Windows and Mac
workstations. An administrator can check the security status, set the protection levels and parameters, create
and distribute group policies and create and run Scan and Update tasks. KES 8 for Linux can also be activated
remotely.

Is it possible to install Kaspersky Administration Kit 8.0 on the Linux OS?

It is not possible to install Kaspersky Administration Kit 8.0 on Linux OSs. You can manage KES 8 for Linux re-
motely using Kaspersky Administration Kit 8.0 installed on another computer on the network.

What will happen when the license for Kaspersky Endpoint Security 8 for Linux expires?

If a customer is using a purchased version of Kaspersky Endpoint Security 8 for Linux when the license expires,
the application will continue to work, but it will not receive any further updates to protect against new malware
threats when they emerge. If a customer is running a trial version of the software it will stop working when the
license period expires.

Is it possible to install two or more antivirus applications on one Linux OS?

KES 8 for Linux does not check if there is another antivirus product installed on the computer, so technically it is
possible. However, we strongly recommend that you do not install two antivirus solutions on the operating sys-
tem at the same because it can cause the system to crash or can damage the files.

Does KES 8 for Linux use a different Network Agent than the one used for Windows clients?

Kaspersky Endpoint Security 8 for Linux uses a very similar Network Agent, but of course, designed for Linux op-
erating systems. It can be deployed remotely and works with standard Network Agent utilities such as: klnagchk
(to check connections between the Agent and the administration server) and klmover (to connect the Agent
manually)

Does KES 8 for Linux have a trial version?

Depending on their region, a customer can download a one month trial version free of charge from our website.

Which corporate products include KES 8 for Linux?

Kaspersky Endpoint Security 8 for Linux is included into all Kaspersky Open Space Security products:
• Kaspersky Work Space Security
• Kaspersky Business Space Security
• Kaspersky Enterprise Space Security
• Kaspersky Total Space Security

Does a company need to order an additional key for Linux OSs if it has already purchased KOSS products that it
uses on Windows workstations?

Customer can use the same key file on all endpoint applications. The only limitation is that the total amount of
endpoints (Windows, Linux, Mac and Smartphone) should not exceed the number of endpoints allowed by KOSS.
Many people say that Linux-based computers are not affected by viruses, so why do companies need Kaspersky


Page 80
Messaging, Web, Infrastructure & Endpoint Products

Endpoint Security for Linux?

It is not true that Linux OSs are immune from virus attacks. Malware threats for non-Intel platforms do exist e.g.
Net-worms that can infect computers via an operating system vulnerability, add them to huge Botnets and then
use them for malicious purposes. Another reason to protect Linux-based machines is its growing popularity, es-
pecially in the education sector.

What kind of threats exist for Linux OSs?

Linux threats are very similar to Windows’ ones. They are: Spyware, Adware, Backdoors, Rootkits, Trojans, Vi-
ruses, Worms, etc.

Which types of threats does KES 8 for Linux offer protection from?
KES 8 for Linux will provide protection from the following types of threats:
• Worms
• Viruses
• Trojans
• Malware
• Adware
• Pornware

It cannot defend against rootkits as it does not contain the Anti-Rootkit engine module which is exclusive to KAV
6.0 for Windows WKS.

Does KES 8 for Linux have the same functionality and modules as KAV 6.0 for Windows WKS?

The list of functions varies greatly as can be seen from the following table:
                                                 KAV 6.0 for
Features                                                              Endpoint 8 for Linux   Endpoint 8 for Mac
                                              Windows WKS MP4
Real-time protection
                                                      YES                       YES                 YES
(On-access Scanning)
On-demand Scanning                                    YES                       YES                 YES
Regular updates                                       YES                       YES                 YES
Statistics                                            YES                       YES                 YES
Quarantine and Backup storage                         YES                       YES                 YES
Centralized management                                YES                       YES                 YES
Notifications about program operations                YES                       YES                 YES
Reports                                               YES                       YES                 YES
File Anti-Virus                                       YES                       YES                 YES
Mail Anti-Virus                                       YES                       NO                  NO
Web Anti-Virus                                        YES                       NO                  NO
Anti-Phishing                                         YES                       NO                  NO
Proactive Defense                                     YES                       NO                  NO
Anti-Spy                                              YES                       NO                  NO
Anti-Spam                                             YES                       NO                  NO
FireWall                                              YES                       NO                  NO
Heuristic technologies                                YES                       YES                 YES
Rootkit Scan                                          YES                       NO                  NO
                                                                      YES (not exactly but
iSwift technology                                     YES                                           YES
                                                                            similar)
Device Control                                        YES                       NO                  NO
Application Control                                   NO                        NO                  NO




                                                                                                          Page 81
Enterprise Sales Compendium

Will KES 8 for Linux prevent threats being passed on to Windows and Mac workstations?

Kaspersky Endpoint Security 8 for Linux will stop Windows and Mac threats being passed from customer’s com-
puters to other computers or business partners, ensuring that the network is not damaged and the customer’s
business reputation remains completely intact.

Can a Windows virus damage Linux?

In most cases, viruses designed for Windows OSs can’t damage data on Linux machines because they can’t be
executed successfully. However there are multiplatform viruses and malware that can damage both Windows
and Linux executable files.

It is possible to install KES 8 for Linux on operating systems which are not in the ‘system requirements’ list?
What would happen?

It may be possible to install KES 8 for Linux on unsupported operating systems, but we do not guarantee that ap-
plications will work correctly as we have not tested them under such conditions.




Page 82
Application




Kaspersky Endpoint Security
for Smartphones
Enterprise Sales Compendium




Page 84
Messaging, Web, Infrastructure & Endpoint Products


3.5. Kaspersky Endpoint Security for Smartphones
(KES for Smartphones)
Kaspersky Endpoint Security 8 for Smartphone (KES8) – one of the prod-
ucts of a new Kaspersky Lab’s Endpoint 8 corporate product line. KES8
protects confidential and sensitive data which is stored and processed
on the corporate mobile devices. Also product protects devices from ma-
licious and fraudulent mobile apps.

One of the main features of the product is possibility to deploy and
manage security on multiple remote devices from a single centralized
point.                                                                           SMARTPHONES



3.5.1. Features and Benefits
What are the threats and troubles, which are prevented by KES8?

•   Corporate data leakage in case of smartphone loss or theft
•   Corporate data misuse in case of unauthorized access to a smartphone
•   Disturbance from unwanted calls and SMSs
•   Mobile malware and fraudulent software

For more information on today’s mobile malware please check the details on the DVD.

How can KES8 secure corporate users?
• Remote locking, wiping, locating lost smartphone
• Reporting new phone number, if SIM card was changed
• Encryption of file folders and memory cards
• Anti-Virus: real-time protection, on-demand and scheduled scans, automatic over-the-air AV updates
• Anti-Spam for Calls & SMSs (Black- and White-list filter)
• Privacy Protection for hiding history of communication with particular contacts (contact book entries, call
   logs, SMSs)




                                                                                                    Page 85
Enterprise Sales Compendium

3.5.1.1. New features compared to previous versions:

•   Improved deployment process for Kaspersky Administration Kit
•   3rd party device management systems – Microsoft Mobile Device Manager and Sybase Afaria
    are now supported
•   Blackberry smartphones are now supported
•   Latest Nokia S60 and Windows Mobile devices are now supported
•   New client-side features: encryption, GPS Find, Privacy Protection, Anti-Spam for Calls

3.5.2. Features and Benefits

Feature                            Description

Remote and centralized             KES8 can be smoothly rolled out to the multiple devices in a variety of
deployment                         ways. If customer IT is using Kaspersky Administration Kit, KES8 can be
                                   installed on a first smartphone’s connection to a user’s PC or laptop, or
                                   deployed via email. In case when customer is using Microsoft Mobile
                                   Device Manager or Sybase Afaria it is even more simple and seamless.
                                   KES8 is just silently pushed to remote devices without bothering end users
                                   with any buttons or dialogues.
Remote and centralized policy      No matter customer is using Kaspersky Administration Kit, Microsoft
and restrictions management        Mobile Device Manager or Sybase Afaria – enterprise IT staff can obtain
                                   full control on remote installations of KES8. IT staff can define which fea-
                                   tures are enabled or disabled, which settings end user may configure and
                                   which not, what is the schedule for downloading antivirus updates, etc.
                                   Different policies can be applied to different groups of users. Policies are
                                   synchronized seamlessly over-the-air, without disturbing user.
Most popular smartphones are       Blackberry, Nokia S60, Windows Mobile devices – all smartphones, which
supported                          are most probably used in a corporate environment, are supported by
                                   KES8. This also means that even if customer’s employees are using dif-
                                   ferent types of smartphones (e.g. not only Blackberry, but also Nokia) they
                                   all can be covered by KES8 implementation – and managed from the one
                                   single point
Anti-Theft: lock, wipe, locate     KES8 features all necessary tools to prevent corporate data leakage and
corporate device in case of loss   misuse in case of a smartphone loss or theft.
or theft.
                                   Remotely Block employee’s phone if it is lost or stolen – by sending a pre-
                                   defined SMS to the phone. Device will be blocked and no-one will be able
                                   to access it’s contents. You can even choose to remotely Wipe the data.
                                   After locking, a prearranged message will be displayed on the screen, al-
                                   lowing any law-abiding citizen that finds the phone to return it to the owner.

                                   GPS Find allows to locate the phone. Just send an SMS with the appropri-
                                   ate password to the missing device and receive a link to Google Maps (as
                                   soon as a GPS connection is established) that will show the exact location
                                   of the device. Once you know the whereabouts of the phone, it should be
                                   apparent if it was lost or stolen and the appropriate action can be taken.
                                   Also, the first thing a thief normally does is to remove smartphone’s SIM
                                   card.

                                   If the SIM is replaced, SIM Watch will immediately block the device and
                                   send user an email with the phone’s new number allowing him to then use
                                   the Block, Wipe and GPS Find functions.
Encryption                         Give sensitive information on employees phones an extra level of security.
                                   Choose the folders on their smartphones that you want to encrypt and
                                   password protect. Users may also choose which folders to protect (if it’s
                                   not prohibited by a policy). The contents of encrypted folders and memory
                                   cards can’t be reviewed either on smartphone or a PC by anyone other
                                   than the phone owner. *Note that encryption is not included in KES8 for
                                   Blackberry.

Page 86
Messaging, Web, Infrastructure & Endpoint Products

Anti-Virus & Firewall               Fully functional real-time anti-malware and firewall protection are con-
                                    stantly at your service, along with automatic updates over-the-air, monitor-
                                    ing of network connections, scheduled and on-demand scans.

                                    Note:
                                    Anti-Virus and Firewall are not included in KES8 for Blackberry.
Anti-Spam for Calls & SMSs          Are trivial calls or messages distracting your employees at inopportune
                                    moments? Let them choose which contacts they want to accept calls and
                                    messages from. Anti-Spam can run in whitelist mode (only accepting calls
                                    and messages from specified contacts) or in blacklist mode (accepting
                                    calls and messages from all numbers except those on the list). One-click
                                    operation means that managing lists has never been so easy.
A Privacy Protection                In ‘Privacy Protection’ mode, user have exclusive control over which of his
                                    contacts he want to keep ‘private’. At the touch of a button he can easily
                                    hide and unhide everything related to a particular contact, including their
                                    phonebook entries, SMSs and call logs


3.5.3. Deployment
KES8 should be deployed by the means of a system, which will be later used for managing this product in the
enterprise. If a customer already has one of the supported mobile device management systems (MDMS) in his
infrastructure (which are Microsoft Mobile Device Manager and Sybase Afaria) – we highly recommend to use the
existing MDMS for KES8 deployment and management. Rationale for this is that existing MDMS suppose that all
mobile devices in the enterprise are already carrying MDMS’s network agent, which allow to make deployment
seamless and invisible (or almost invisible) to an end user.

Below it is described how IT staff can roll out KES8 in the enterprise using each of the supported MDMSs. De-
ployment using Microsoft Mobile Device Manager MDMS from Microsoft features the most seamless and easy
way to deploy KES8 in the enterprise. At the same time it’s main limitation is that only Windows Mobile devices
are supported. Nevertheless, if this system is already running in customer’s infrastructure and corporate mobile
devices standard is Windows Mobile – Mobile Device Manager is a better option than Kaspersky Administration
Kit for deployment and management.

You can also refer to official Mobile Device Manager website:
http://tinyurl.com/microsoft-MDM

Deployment process:
1. System administrator should install all necessary certificates, which come together with KES8 package.
   This is a matter of few minutes.
2. System administrator should create an installation package for KES8, using standard Mobile Device Man-
   ager “Create Package” wizard. During this process, system administrator should define installation file, it’s
   title, target devices (all or some groups of them, only for particular languages, or only for particular Windows
   Mobile versions), permissions (e.g. – may user uninstall this package or not).
3. Finally, when installation package is created – as soon as corporate device will synchronize with Mobile
   Device Manager again (it happens according to system administrator defined schedule), KES8 package will
   be enrolled to the device and installed in a completely silent manner. After KES8 is installed connection to
   Mobile Device Manager server is established automatically, without user involvement.

Sybase Afaria offers less simple way to deploy applications, but it’s big advantage is that all 3 smartphone plat-
forms are supported (as well as for Kaspersky Administration Kit) – Nokia S60, Blackberry and Windows Mobile.

You can also refer to official Sybase Afaria website: http://www.sybase.com/products/mobileenterprise/afaria




                                                                                                          Page 87
Enterprise Sales Compendium

Deployment using Sybase Afaria
1. Instead of one-step procedure for Microsoft Mobile Device Manager, for Sybase Afaria system administrator
   should take two major steps. Step 1, so called “Software Manager Channel” should be created. On this step
   installation file, installation folder on the device, etc., are defined. “Software Manager Channel” will later
   transfer file to the device and start installation.
2. “Clients Actions” should be configured. Here system administrator should define that on a first connection to
   a server, device should receive and run “Software Channel” created above.
3. On first connection to Sybase Afaria mobile device will start KES8 installation. User will see installation wiz-
   ard (pretty simple, with just few steps) – and will have to follow it. After KES8 is installed, connection to Syb-
   ase Afaria server is established automatically, without user involvement.

Deployment using Kaspersky Administration Kit – via workstation
This installation method is the same as in previous version (Kaspersky Mobile Security Enterprise Edition 7.0),
and it was slightly improved in KES8.

This installation approach suits all 3 supported smartphone platforms, and is good in one of the following cases:
• Every employee who has a mobile device has also a corporate PC or laptop (we believe this is 70-80% of all
    cases), KES8 is installed when smartphone is connected to a PC for synchronization
• system administrator don’t want to install KES8 remotely, so he collect devices – and connect it to his PC one
    after another and thus KES8 is installed on each connection.

Deployment process
1. System administrator remotely installs network agent on user’s PCs. This agent will be monitoring which
   devices are connected to a PC.
2. User connects his mobile device to a PC, KES8 dialogue appears on a PC. User has to accept KES8
   installation.
3. Dialogue appears on the smartphone. User proceed with a few steps of the installation wizard. After the prod-
   uct is installed, it connects to Kaspersky Administration Kit seamlessly and automatically.

Deployment using Kaspersky Administration Kit – via email
Majority of corporate mobile users read their corporate email on the phone. System administrator has an option
to send bulk email to his users, with a URL (link to a KES8 distributive) and a short instruction of what user should
do with it.

Deployment process:
1. System administrator sends a bulk email to a group of users, who should have KES8 installed. Email has a
   URL to the installation file and a short step-by-step instruction.
2. User follow the link in the email, KES8 is downloaded and installation starts. All the installation steps are the
   same in comparison with installation via PC (see above), except of the Step 3.
3. Due to mobile devices technical limitations, it is impossible to deliver settings of connection to corporate
   Kaspersky Administration Kit together with the installation file. So, during the installation, one of the steps
   is – user has to fill in 2 fields, IP-address and connection port, which will be used for KES8 connection to the
   management server.

After installation is over, KES8 connects to Kaspersky Administration Kit seamlessly and automatically.

Deployment using Kaspersky Administration Kit – via email, simplified, for big customers
Of course, asking user to define any connection settings manually (see above, Deployment via email, Step 3)
is not a big fun neither for IT staff nor for the users. For big customers (1000+ devices) we can create a special
installation file which has connection settings inside, hardcoded. This will allow to deploy KES8 via email without
manual Step 3. Developing special customized version is not a big issue and will take not more than 2 weeks.
Once again – this is the only way due to some limitations of mobile platforms.

To order or to discuss this option – please contact KES8 Product Manager: Victor.Dronov@kaspersky.com




Page 88
Messaging, Web, Infrastructure & Endpoint Products

3.5.4. Centralized Management
Using one of the management systems supported – Kaspersky Administration Kit, Microsoft Mobile Device Man-
ager or Sybase Afaria – IT staff can configure plenty of product settings and restrictions
(or what we call “policies”).


Feature                             Description

Anti-Virus                          which types of files to check and which not, actions on malware detection
                                    (delete, quarantine, log or ask user), antivirus updates schedule
Anti-Theft                          which Anti-Theft components are enabled or disabled (Block, Data Wipe,
                                    GPS Find, SIM Watch), which emails and numbers are used for notifica-
                                    tions in case of trouble, as well as detailed settings of each component
Encryption                          which folders should be encrypted
Anti-Spam                           Enable or disable Anti-Spam for Calls & SMSs and Privacy Protection, as
                                    these features are more for user convenience than for corporate security
                                    needs
Syncronization                      How often product should synchronize with the management server.
                                    For all of the settings above IT staff can prohibit or allow user to change
                                    configuration set by policy

Also, a part of a policy is the license key. It is not being transferred to a device, but on each connection KES8
check is it still valid.

The way how system administrator manage policies is different for each management platform.


Feature                             Description

Kaspersky Administration Kit        using separate KES8 plug-in for Administration Kit
Microsoft Mobile                    using MMC administrative template (comes with a KES8 package)
Device Manager
Sybase Afaria                       using additional utility (comes with KES8 package), which looks exactly
                                    like KES8 plug-in for Kaspersky Administration Kit (the same structure and
                                    interface)

In each case, managing policies is completed by saving policy file, which is automatically delivered and applied
on devices on a nearest sync with the management system.




                                                                                                           Page 89
Enterprise Sales Compendium

3.5.5. Competition Overview

3.5.5.1. Symantec

Symantec has a whole bunch of products which can be claimed as direct rivals to KES8
• Endpoint Protection Mobile Edition (for Windows Mobile and Symbian),
• Mobile Security Suite for Windows Mobile,
• Mobile Security for Symbian,
• Mobile AntiVirus for Windows Mobile

as well as the management platform – Symantec Mobile Management.

The scope of Symantec’s solutions features:
• Anti-Virus & Firewall
• Anti-Spam for SMSs
• Encryption (only for Windows Mobile)
• 3rd party application delivery and management
• Devices inventory and reporting
• Integration with Symantec Systems Management

Conclusion: Symantec has a better management solution, playing in a higher league than KES8 (the same league
as Microsoft Mobile Device Manager, for example). This means, that KES8 is a “3rd party application to be de-
ployed” and Symantec Mobile Management is a “solution to deploy 3rd party applications”.

At the same time, in this higher league Symantec offer pretty poor management functionality (other MDMSs offer
much more), as well as security features – they don’t have Ant-Theft (remote lock, wipe, locate, and SIM-Watch)
which is very important, as well as Anti-Spam for Calls, Privacy Protection. And they do not support Blackberry,
one of the major corporate smartphone platform.

3.5.5.2. McAfee

McAfee. What is the most important about McAfee is that their solution (McAfee VirusScan Mobile Enterprise) is
just an antivirus – and nothing more. They also support only Windows Mobile. As for the management issues –
McAfee ePolicy Orchestrator (ePO) is used. It can manage policies, lock-down settings, monitor devices status.
Conclusion: current solution from McAfee is very poor competitor to KES8 in terms of client functionality, security
features, as well as smartphone platforms supported.

3.5.5.3. Trend Micro

Trend Micro Mobile Security 5.0, designed for Windows Mobile and Symbian, features
• Anti-Virus & Firewall
• IDS
• Encryption
• Anti-Spam for SMSs
• Feature Lock (ability to lock user’s camera, GPS, WiFi etc.)

Manageability of the solution is ensured by OfficeScan Client/Server Edition Console. They are not too wordy in
describing this system, but they claim at least provisioning of the application to the devices and settings manage-
ment.

Conclusion: Trend Micro Mobile Security 5.0 can be treated as a “good enough” system, anyway it lacks Anti-
Theft, Anti-Spam for Calls, it doesn’t support Blackberry and 3rd party mobile device management systems.

3.5.5.4. F-Secure

F-Secure is a very active and well-know company in mobile security industry. It’s solutions for Symbian and Win-
dows Mobile features
• Anti-Theft (Lock, Wipe, SIM Watch)
• Anti-Virus & Firewall

F-Secure announced their own Mobile Services web portal, which plays a role of a management console. It al-
lows administrator to monitor connected devices, but it doesn’t feature any advanced provisioning. Users have to

Page 90
Messaging, Web, Infrastructure & Endpoint Products

install app on their own and then activate it using a code given by IT staff.

Conclusion: well-know competitor, with a strong PR in mobile industry and a strong consumer product, but with
only basic functionality in a corporate product, they don’t support Blackberry and management capabilities are
pretty poor.

3.5.5.5. Mobile device management platforms with embedded security features

If by “mobile security” we mean more than just antivirus (and we do) – we should take into account also indirect
competitors. There are a lot of companies, focusing mainly on mobile devices management, but with embedded
security essentials in their management solutions.

Most common features are:
   • Lock and Wipe of the lost/stolen phone;
   • Feature lock (ability to lock user’s camera, GPS, WiFi etc.);
   • Backup and restore of mobile data;

Some companies of that kind (there are much more in the market):
   • mFormation
   • Fromdistance
   • Zenprise

Conclusion: the noticeable trend is that mobile device management systems embed basic security features in
their solutions. We can fight it using the fact we have antimalware protection and this is a must. Also, depending
on a case we can demonstrate wider smartphone platform support, additional features like encryption or anti-
spam for calls & SMSs.

3.5.5.6. Success Story: London Metropolitan Police

Kaspersky Lab made a customized enterprise solution (based on Kaspersky Mobile Security Enterprise Edition
7.0, previous version of the product), together with UK company Arquiva. Solution was rolled-out in 2009 across
London Metropolitan Police mobile forces (up to 40’000 mobile devices).

Arqiva‘s Police Mobile Data Solution focuses on improving front-line policing in the UK. The software is installed
on mobile handset devices manufactured by HTC and operates on the Windows Mobile platform. It provides
officers in the field with immediate, encrypted and secure access to vital systems and resources such as the
Police National Computer, Warrants Management System, Command and Control, mapping, email, fixed penalty
notices, briefing updates and accident reporting.

Every handset is locked down and surrounded by a ‘security shell’ of which Kaspersky Mobile Security Enterprise
Edition 7.0 (previous version of the product) form an integral part. Due to the project specifics, it was undesirable
to have any kinds of external connections in the product, so this was customized:
     • no connection to Kaspersky Administration Kit; customer didn’t want to manage the product and roll-out
         was performed manually;
     • antivirus updates are not downloaded from the server; AV updates are downloaded by verified Police
         utility, which puts it in a local folder from where Kaspersky Mobile Security use it.
The main conclusions:
     • We are capable to perform big projects, we have a good reference.
     • We can be flexible and customize the solution if it’s needed and if it’s worth doing it.
     • Not always great manageability is a must.

3.5.6. Supported Smartphones and Management Platforms
KES8 can be deployed and managed by the following platforms:
    • Kaspersky Administration Kit 8.0
    • Microsoft System Center Mobile Device Manager
    • Sybase Afaria
There are 3 different clients (apps running on the smartphone side) for the following OSs:
    • Symbian S60 9.1 - 9.4 (only Nokia)
    • Windows Mobile 5.0 - 6.5
    • Blackberry 4.5 - 5.0



                                                                                                            Page 91
Enterprise Sales Compendium

3.5.7. FAQ
Why deployment using Kaspersky Administration Kit isn’t that easy, as it is for specialized mobile device manage-
ment solutions (e.g. Microsoft Mobile Device Manager)?

Any centralized deployment on mobile devices has 2 phases. First phase is installing a network agent, which
later will be performing remote management activities (ideally – completely silent, without user knowledge and
involvement), including installation of some software. Second Phase – is installing the software with the help of
the network agent, which is already on the device.

In Windows Mobile, agent of Microsoft Mobile Device Manager comes with every device by default. So it is very
easy to connect a device to the management server, and then install something.

In Sybase Afaria you have to deploy network agent manually first. The only thing is that if you come to some
company and they have Afaria deployed already – you can seamlessly install KES8 (just because headache
with manual agent deployment is in the past).

In Kaspersky Administration Kit, we also have some manual steps required from IT staff or end user – be-
cause KES8 is a network agent and a security software “all-in-one”. An option to have a separate “mo-
bile network agent”, was considered, but refused. Rationale: it doesn’t help to avoid manual steps.


Do we have or are we going to have iPhone support?

No, we don’t. As well as none of our competitors has it. The thing is that iOS API is limited due to Apple’s policy
– “if we do something in security field, we do it on our own”. We are continuously researching possibilities of
this platform, and iOS4 even allow to do some features, but this is still not enough for a really valuable product.

Can IT staff recover user password if user forgot it?

Unfortunately not. It wasn’t included in KES8 because of time limitations. This is one of the features to be imple-
mented in the next version.




Page 92
Product




Kaspersky Anti-Virus for File Servers
Enterprise Sales Compendium




Page 94
Messaging, Web, Infrastructure & Endpoint Products


4. Product : Kaspersky Anti-Virus for File Servers

4.1. General Introduction
Three major platforms can be marked out as being of particular market significance - The Microsoft Windows
Server family (53%), all Linux-based operation systems (16%) and Novell Netware (6%).

The Windows Server family accounts for more than half of the server OS market. Its position has strengthened
due to the release of Windows Server 2008 R2 (October, 2009) which has a number of variants that cover dif-
ferent business needs and take the form of an automatic update for the many companies that pay for the use of
Microsoft’s products by subscription.

Nowadays, due to the impact of the financial crisis, Linux has enjoyed significant commercial success on server
platforms and today it is recognized as the most widely available server operating system the industry has ever
seen and is available for every major type of architecture. Linux server edition’s market share is 16% - against
53% for the Windows Server OS family, which is still increasing.

Novell chose the Linux OS for its main business products and now Novell Netware’s market share is reducing –
support for the latest version of NetWare (6.5) was withdrawn in March 2010. But still Netware customers show
loyalty and a preference for the OS.

The next chapters will explain the product application environment of each applicatoin and explains the different
business needs of customers.




                                                                                                        Page 95
Enterprise Sales Compendium


4.2. Positioning Statement
Kaspersky Anti-Virus (KAV) for File Server consists of three applications that are compatible with Windows, Linux
and Novell platforms and are designed to protect file servers from viruses and other threads.

The product’s solid design provides the customer with the necessary confidence to use it under heavy load condi-
tions, safe in the knowledge that it won’t slow the system down or otherwise interfere with business operations.
The product’s versatile support for a wide range of applications allows for its implementation in even the most
complex of IT infrastructures, whilst its sophisticated management capabilities make system administration very
straightforward.

The product is primarily aimed at medium-to-enterprise level companies as they usually have multiple file server
different types and dedicated servers for enterprise applications in their IT infrastructure. Additionally, enterprise
level companies are using storage solutions like EMC or NetApp. This is a trend that is quickly growing and which
we shall be supporting completely in future versions of our products.

Due to the increasing popularity of the Linux platform and the necessity to protect both Windows and Linux serv-
ers, we expect a very high demand for the KAV for File Servers product suite.

For companies without enterprise applications or storage solutions Kaspersky Lab has developed Kaspersky Anti-
Virus for Servers which covers only Microsoft Windows servers but it is part of the Endpoint Product Suite.

The product plays an important role in providing comprehensive protection for a company’s IT infrastructure. It is
compatible with all of Kaspersky Lab’s corporate products and fully manageable by Kaspersky Lab Administration
Kit.




Page 96
Messaging, Web, Infrastructure & Endpoint Products


4.3. Kaspersky Anti-Virus for File Server Product Suite
The Kaspersky Anti-Virus (KAV) for File Server Product Suite is a new product suite targeted at enterprise custom-
ers consisting of three applications.

Kaspersky Anti-Virus 8.0 for Server Enterprise Edition (New!)
Kaspersky Anti-Virus 8.0 for Linux File Server (New!)
Kaspersky Anti-Virus 5.7 for Novell Netware

The previous product suite consisted of the following applications.

Kaspersky Anti-Virus 6.0 for Windows Servers
Kaspersky Anti-Virus 5.7 for Linux File Server
Kaspersky Anti-Virus 5.5 for Samba Server
Kaspersky Anti-Virus 5.7 for Novell Netware

These applications will be replaced by the applications in the new product suite.

4.3.1. KAV 8.0 for Windows Server Enterprise Edition (KAV 8.0 WSEE)
The new version, KAV 8.0 for WSEE will be:
Part of KAV for File Servers which belongs to the new Business Solutions family (formerly Targeted Security)
Part of KOSS 2, KOSS 3, KOSS 4

The previous version, KAV 6.0 for WSEE was available as:
A separate product in Targeted Security
Part of KOSS 2, KOSS 3, KOSS 4

4.3.2. KAV 8.0 for Linux File Server (KAV 8.0 LFS)
The new version, KAV 8.0 for LFS will be:
Part of KAV for File Servers which belongs to the new Business Solutions family (formerly Targeted Security)
Part of KOSS 2, KOSS 3, KOSS 4

The previous version, KAV 5.7 for LFS was available as:
A separate product in Targeted Security
Part of KOSS 2, KOSS 3, KOSS 4


4.3.3. KAV for Novell Netware
This application will be a part of KAV for File Servers and KOSS 2, KOSS 3, KOSS 4. We will not be launching a new
version of KAV for Novell Netware due to ending support of that operating system.

Kaspersky Anti-Virus 5.7 for Novell Netware was released in March, 2007. Novell Netware is a dying platform, the
latest version of NetWare (6.5), will no longer be supported after March 2010 and will be discontinued entirely
in March, 2012. At the end of 2009 more than 50% of Netware customers migrated to the Linux platform (Open
Enterprise Server 2). Expectations for migration in 2010 are about 80-90%. We have decided to support the cur-
rent version of this application until the time of Novell Netware’s discontinuation in March, 2012.




                                                                                                         Page 97
Enterprise Sales Compendium


4.4. Target Audience
The difference between markets is mainly defined by which platforms the client uses.

4.4.3.1. Kaspersky Anti-Virus for Windows Server Enterprise Edition (KAV4WSEE)

Companies of all sizes with a complex infrastructure based on Microsoft solutions do need advanced capabilities
and compatibilities. Our potential customers expect more scalability and efficiency in comparison to a standard
server protection application.

4.4.3.2. Kaspersky Anti-Virus for Linux File Server (KAV4LFS)

Companies of all sizes, mostly mid-level and enterprise companies, governmental, public and educational or-
ganizations are increasingly using and switching to Linux operation systems for server systems.

4.4.3.3. Kaspersky Anti-Virus for Novell Netware

Mostly enterprise Companies and governmental organizations in EEMEA and the USA are using this particular
platform instead of Microsoft solutions. Novell Open Enterprise Server 2 (OES2) will replace Novell Netware since
it is out of life. OES2 is a linux-based operating system and can be protected with KAV4FS.

The target audience remains mostly unchanged for all of the applications that are included in the product suite.




Page 98
Messaging, Web, Infrastructure & Endpoint Products


Target audience                                        Decision Makers

                                                       CEO - Business decision maker. Decides on IT budget-
SMB Mid-Level (100+)
                                                       ing. Cares about the general P&L situation regarding
Medium-sized businesses with 100+ users that           corporate IT.
typically have some in-house IT security expertise
or formal outsourcing arrangements covering this.      CIO/CISO - (Technical decision maker) Takes decisions
The upper limit for SMBs is deliberately not defined   about infrastructure purchasing and development
by an arbitrary number of users, but by each com-      and oversees the general corporate IT strategy. They
pany’s IT security requirements. SMBs will typically   typically own the IT budget and fight for it. Cares about
have less than 1000 users in the USA and less than     savings. Sometimes the role of CEO and CIO are
500 users in Europe.                                   undertaken by the same person.

                                                     Administrators, including dedicated specialists (e.g.
Enterprise Level (1000+)                             backup administrators and IT analysts) - have a strong
                                                     influence on product choice and the decision-making
Typically large, structurally complex organizations  process. They work with the product after purchase and
with more than 1000 users that:                      take decisions regarding its renewal. Enterprise com-
need to maintain their competitive advantage by se- panies often have administrators that are responsible
curely enhancing cross-organisational IT collabora- only for support workstations and file servers – these
tion are highly interested in regulatory compliance, administrators also take decision in choosing security
measuring productivity and management reporting products.
wish to increase organizational effectiveness and
minimize the cost of security system ownership
generally undertake a tender process for the pro-
curement of equipment


SMB Small Level (<100)

Small to medium businesses with less than 100          CEO - Business decision maker. Decides on IT
users, with some in-house IT security expertise and    budgeting.
a business need to store huge volumes of data.
                                                       Administrators - choose products and have a strong
                                                       influence on the decision-making process, work with
                                                       the product after purchase and take decisions regard-
                                                       ing its renewal.


4.5. Target Markets
•   Russian governmental departments with more than 1000 users. On the Russian market the Microsoft plat-
    form is more prevalent than Linux, but a key requirement (and an advantage for Kaspersky Lab) is that it
    should be easy to sell all the products as a bundle together with Endpoint products

•   European governmental organizations with more than 1000 users. Have special compliance requirements.
    Many prefer Linux products to Windows in order to reduce dependence upon Microsoft, thus we should pro-
    mote our Linux-based products heavily, including KAV for Linux File Server

•   European and Asian educational organizations 100 - 1000 users. Definitely prefer Linux platform due to its
    open source characters and its customisation features. We can offer our Linux-based products, including
    KAV for Linux File Server

•   European financial organizations 1000 - 10,000 users. To assist with the strict compliance requirements of
    such organizations we can offer our products for the Microsoft platform, including KAV for WSEE

•   USA SMB 10 - 999 users. Need a Microsoft product, so we can offer our products for the Microsoft platform
    as a part of the KOSS bundle and as a separate bundle for the protection of network perimeters and infra-
    structure. The KAV for WSEE application is available for this purpose




                                                                                                         Page 99
Enterprise Sales Compendium

•   KOSS 1 users worldwide. Current customers of KOSS1 who need file server protection, but didn’t bother with
    it because our previous products didn’t support their server platforms. Now they may want to buy the new
    version of KAV for File Servers because of the new product features, e.g. Windows Server 2008 R2 support

•   EMC storages users. Small, medium and enterprise customers in various industries that have modern IT
    infrastructure, including storage systems such as EMC Celerra

•   Novell users. Mostly large enterprise and governmental organizations in EEMEA and Russia. We are expect-
    ing Netware users to migrate to the new version, the linux based Novell Open Enterprise Server 2 as we are
    ready to offer them KAV for Linux File Server instead of their current Anti-Virus for Novell Netware. On top of
    that, we are the only one provided protection for the current Novell Netware system and our competitors have
    already removed the product from their portfolio. This will allow us to switch customers that continue using
    Novell Netware from competitor’s products to Kaspersky Products.


4.6. Customer problems and our value proposition

4.6.1. Customer problems and needs
•   Customers need protection for the latest versions of server platforms - when they upgrade or buy new hard-
    ware they want up-to-date server solutions. The new version of KAV for File Servers protects the latest ver-
    sions of MS Windows and Linux server OS
•   Customers, especially in the enterprise sector, often have complex network infrastructure and need to have
    security solution compatible with different kinds of infrastructure components, for example terminal servers,
    clusters, virtual OS’ and network storages. In addition, some companies have heterogeneous networks and
    require a single solution that protects different platforms on the same network
•   Our partners need flexible solutions for server protection if they are to tender successfully - both for clients
    that want to protect certain critical units and for companies that have heterogeneous infrastructure and de-
    mand solutions for other platforms / levels or prefer a single security vendor approach
•   Clients want to have simple and effective security solution manageability - existing solutions on the market
    often have complex interfaces and bootless manageability
•   An important criterion when choosing a server protection product is reliability. Product reliability ensures
    uninterrupted operation of the company’s business processes




Page 100
Messaging, Web, Infrastructure & Endpoint Products

4.6.2. Value statement
•    Kaspersky Lab solutions cover all the main server platforms – Windows, Linux and Novell. In the new version
     of KAV for File Servers we support the latest versions of those platforms. With the exception of virtualized OS
     environments, other platforms are very specific and have negative market forecast. All high-end / role-spe-
     cific servers running on Windows Server / Linux / Netware OS require specially designed security solutions
     in order to provide protection to those parts of an organization and its information transmission processes
     for which they are responsible
•    Kaspersky Lab offers highly effective solutions for medium and enterprise level customers with complex or
     heterogeneous network infrastructure – protection for terminal servers, clusters, virtual OS and network
     storages.
•    Our product is easy to use and provides effective network security management. It allows the productivity of
     IT staff to be increased.
•    The product’s solid design provides the customer with the necessary confidence to use it under heavy load
     conditions, safe in the knowledge that it won’t slow the system down or otherwise interfere with business
     operations.
•    Any mid-SMB or enterprise can consider the product as the answer to all of their problems. The product gives
     very robust information protection due to the use of Kaspersky antivirus technologies.
•    Kaspersky Lab offers a complete range of products. From endpoint, network infrastructure, mail and web
     security solutions, through to technical support services and beyond


4.7. Competitive analysis
All of Kaspersky Lab’s key competitors have a security solution for file servers, usually it’s a part of an endpoint
suite, but sometimes it is a standalone solution. In spite of the endpoint security market having reached matu-
rity, as characterized by strong competition between the existing major players, there is still a noticeable gap for
specialized server security solutions. In most cases vendors prefer to provide the customer with an integrated
endpoint solution without a targeted product for high-end file servers. At least, that is the standpoint of the Big 3
in the table below, with Trend Micro being the exception. This fact gives Kaspersky Lab the opportunity to fulfil the
market demand by providing such a solution.

We have identified a definite niche in the market, file server products for enterprise. Not just file server protec-
tion, but protection for storages, terminal servers, clusters and other enterprise-oriented equipment. We expect
a high demand for the new Kaspersky Anti-Virus for File Servers (for Windows Server, Linux and Novell Netware).

Below we have a high-level key feature comparison table showing Kaspersky Anti-Virus for Fileserver applications
against similar competitive products.


    Platform           McAfee                 Trend Micro               Symantec                   Sophos

                Virus Scan Enterprise      Server Protect for      Endpoint Protection      Endpoint Security and
                                          Microsoft Windows                                   Data Protection
    Windows
                    VirusScan for         and Novell NetWare      AntiVirus for Network
                       Storages                                    Attached Storage
                VirusScan Enterprise         Server Protect        Endpoint Protection      Endpoint Security and
     Linux
                      for Linux                for Linux                                      Data Protection




                                                                                                          Page 101
Enterprise Sales Compendium

4.7.1. Key feature comparison: Kaspersky Anti-Virus 8.0
for Windows Server Enterprise Edition versus Top-4 rivals

                                                Symantec                           McAfee
                                                                 Trend Micro                    Sophos
                                                Endpoint                         VirusScan
                                                               Server Protect                  Endpoint
Features/                       KAV for         Protection                      Enterprise
                                                                for Microsoft                 security and
Competitors                     WSEE           AntiVirus for                    and VirusS-
                                                                Windows and                    data pro-
                                               Network At-                         can for
                                                               Novell NetWare                   tection
                                             tached Storage                       storages

Centralized management
                                   V               V                  V              V             V

Windows Server 2008 R2
                                   V               V                  X              X             X
support
Terminal servers support
                                   V               X                  V              V             X
(MS, Citrix)
Cluster support
                                   V               X                  V              X             X

Backup apps. support (IBM
Tivoli, HP Data Protector,         V               V                  X              X             X
Symantec Vault )
EMC support
                                   V               V                  V              V             V

NetApp support
                                   X               V                  V              V             V

VMware Ready
                                   V               V                  V              X             V



4.7.2. Key feature comparison: Kaspersky Anti-Virus 8.0
for Linux File Server versus Top-4 rivals

                                                                                                Sophos
                                                                                  McAfee
                                                Symantec        Trend Micro                    Endpoint
Features/                                                                       Virus Scan
                             KAV for Linux      Endpoint       Server Protect                 Security and
Competitors                                                                     Enterprise
                                                Protection        for Linux                       Data
                                                                                 for Linux
                                                                                               Protection
Centralized management
                                  V                 V                V              V              V

Novell OES 2 and NSS
support                           V                 V                X              V              X

Samba protection
                                  V                 X                V              V              X

Free BSD support
                                  V                 X                X              X              X

Web management console
                                  V                 V                ?              ?              ?




Page 102
Messaging, Web, Infrastructure & Endpoint Products


4.8. Key Product Features and Benefits
As Anti-Virus for File Servers consists of a number of applications, we will describe the features separately by
application.

4.8.1. Key Features (by new applications)

4.8.1.1. Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition

Provides anti malware protection for data stored on servers running under Microsoft Windows. This product has
been developed specifically for high-performance corporate servers.

Main features:
• Real-time antivirus protection
• On-demand scans
• Supports dedicated tasks for critical system area scans
• Flexible scan configuration
• Scalable and highly resilient
• Adaptable utilization of system resources
• Complete protection for terminal servers
• Support for server clusters

Advanced features:
• Centralized installation and administration using Kaspersky Administration Kit
• Choice of management tools (by Administration Kit 8.0 , MMC or command line)
• Includes iSwift and iChecker antivirus scan optimization technologies
• Application performance reporting system

New features:
• Support for EMC Celerra
• Support for Microsoft Windows Server 2008 R2
• Certified compatible with VMware
• Compatible with third-party server software (Backup, HSM, etc.)
• Support for HSM systems


4.8.1.2. Kaspersky Anti-Virus 8.0 for Linux File Server

Provides real-time protection and on-demand scanning on servers running under Linux from all types of mali-
cious programs. It supersedes two earlier products – Kaspersky Anti-Virus 5.7 for Linux File Server and Kasper-
sky Anti-Virus 5.5 for Samba Server.

Main features:
• Real-time antivirus protection
• On-demand scans
• Flexible scan settings
• Fault tolerant
• Centralized installation and administration
• Choice of management tools (by Administration Kit 8.0 , MMC or command line)

Advanced features:
• Extended reporting system
• Notification of security events

New features:
• Administration tool - Kaspersky Web Management Console
• Protection for Samba servers
• Novell OES 2 and NSS file system support
• Quarantine and backup storage
• FreeBSD Support


                                                                                                      Page 103
Enterprise Sales Compendium

4.8.2. Business benefits for customers
•   Product reliability: The product provides stable, uninterrupted protection for business-critical information
    assets
•   Versatility: The product ensures effective data protection for large companies with complex network infra-
    structures, including multi-platform server networks
•   Efficiency: The product protects data whilst minimizing server loading and no additional hardware is required
•   Effective use of IT personnel: A user-friendly interface, flexible administration and straightforward configura-
    tion and reporting systems reduce the amount of time IT personnel have to spend working with the product
•   Client-oriented technical support: Kaspersky Lab’s in-house technical support team is there to provide round-
    the-clock assistance. Bespoke support programs for large companies guarantee fixed response times and
    quick solutions to any problems that arise

4.8.3. Customer benefits for IT-specialists
•   Support for latest version of all popular server platforms: protection for file servers running Windows, Linux,
    Novell NetWare and Free BSD
•   High performance: A new antivirus engine, load balancing of server resources, optimised antivirus scanning
    technology and the exclusion of trusted processes from scanning, all increase the product’s performance
    and lower the amount of computing resources required to perform antivirus scans
•   Reliability: In the event of a malfunction or forced shutdown the application’s automatic restart ensures sta-
    ble system protection while the diagnostics system determines the cause of the malfunction
•   Powerful manageability and reporting system: Simple and user-friendly management tools, information
    about server protection status, flexible time settings for scans and reporting system allows efficient control
    of file server security
•   Customer-focused technical support: Kaspersky Lab provides standard high quality technical support ser-
    vices on a 24x7 basis, and additionally offers a Business Support Program and an Enterprise Support Pro-
    gram, which include four service categories: product improvement and innovation, proactive and self-help
    services, knowledge transfer and problem resolution
•   Support for complex network infrastructure: The product protects terminal servers (Citrix, Microsoft), it runs
    on cluster servers and is compatible with the well known EMC Celerra storage format
•   Support for virtualized network infrastructure: The product supports Windows Server 2008 R2 with proven
    Hyper-V/App-V support; the product has VMware Ready certification – proven reliability for virtual environ-
    ments
•   Multi-system network protection - Integration with Samba servers enables companies to protect worksta-
    tions and file servers in multi-system networks
•   Compatibility with third-party solutions - Supports actual dedicated server software – IBM Tivoli, Symantec
    Enterprise Vault, HP Data Protector

4.8.4. Benefits for partners
•   Healthy margins: Kaspersky Lab gives partners an excellent opportunity to generate high earnings from the
    sale of its products, offering a flexible discount system and favourable partnership conditions
•   Reliable vendor: Kaspersky Lab is a reputable company demonstrating impressive yearly growth
•   Strong brand: The Kaspersky Lab brand is recognized worldwide as a provider of high-end IT security solu-
    tions. Its strong reputation for excellence in the home user market has been the catalyst for the success of
    its new products in the corporate sector
•   Advanced technology: Kaspersky Lab develops solutions based on its own innovative technologies and its
    products consistently demonstrate some of the best results in the field of IT security
•   Marketing support for sales: Kaspersky Lab offers marketing support to partners and runs regular training
    sessions to inform partners about its products
•   Assistance with tendering: Kaspersky Lab offers support to partners throughout the entire tendering process
    to ensure that our partners’ bids are successful
•   Customer-focused technical support – Kaspersky Lab provides standard high quality technical support ser-
    vices on a 24x7 basis, and additionally offers a Business Support Program and an Enterprise Support Pro-
    gram, which include four service categories: product improvement and innovation, proactive and self-help
    services, knowledge transfer and problem resolution. High-quality technical support provided by the vendor
    helps partners to strengthen the brand’s reputation from a customer perspective
•   Multi-solution vendor – Kaspersky Lab has wide range of corporate products and can offer anti-malware
    protection solutions for all types of corporate network nodes




Page 104
Messaging, Web, Infrastructure & Endpoint Products

4.8.5. Market share forecast
Assumptions:

•   We estimate the size of the security software for file servers market to be worth about $260 million. This is a
    pessimistic estimation based on file server numbers worldwide and expert evaluation of the number of pro-
    tected servers, correlation of file and other types of servers, the average price of security solutions for servers
    and information about enterprises’ IT budgets and spending
•   The Windows Server market share is 53%, Linux’s market share is 16% and Novell Netware’s share is 6%
•   KAV for Linux File Server has a 21% share, KAV for WSEE – 70.6% and KAV for Novell Netware – 8.4%
•   The market’s annual growth rate is 5% (estimated by experts to be about 3-5%, several factors are taken into
    consideration – alongside a decline in server sales due to the impact of the crisis, the Linux platform has
    seen steady growth)
•   Our present market share of the file server market is 2.7%
•   Our sales are forecast to grow based on the assumption that we will launch the best product on the market
    at the right time and support it with an aggressive marketing campaign
•   Our goal is to reach a 5% market share by 2014




                                                                                                            Page 105
Enterprise Sales Compendium




Page 106
Application




Kaspersky Anti-Virus
for Windows Servers Enterprise Edition
Enterprise Sales Compendium




Page 108
Messaging, Web, Infrastructure & Endpoint Products


4.9. Application: Kaspersky Anti-Virus
for Windows Server Enterprise Edition (KAV4WSEE)
Kaspersky Anti-Virus for Windows Servers Enterprise Edition
provides anti-malware protection for data stored on servers
running under Microsoft Windows.

This product has been developed specifically for enterprise
application server and high performance servers.




4.9.1. Microsoft File Server Security
File servers are dedicated server hardware systems designed for specific functions, with workstations attached
for reading and writing files or databases. File servers may also be categorized by the performed function or role.
(e.g. Terminal Server, Cluster).

Additionally, third party enterprise applications are implemented to perform certain company task. These
enterprise application running on top of the underlying Microsoft operation system. (e.g. Citrix, Oracle, SAP)

Since file servers crucial function is storage, additional interfaces for external storage systems had been
implemented. Those storage platforms are EMC or Netapp so mentioned the two enterprise products widely used
in mid and large enterprises.

Protection for storages, terminal servers, clusters and other enterprise-oriented equipment remains as a niche
market since most of our competitor do not provide a dedicated solution. This protect the company from malware
and avoid an epidemic in the company network.


4.9.2. Definition

4.9.2.1. Main Features

•   Real-time antivirus protection
•   On-demand scans
•   Supports dedicated tasks for critical system area scans
•   Flexible scan configuration
•   Scalable and fault tolerant
•   Adaptable utilization of system resources
•   Essential protection of terminal servers
•   Support for server cluster

4.9.2.2. Advanced Features

•   Centralized installation and administration using Kaspersky Administration Kit
•   Choice of management tools
•   Includes iSwift and iChecker antivirus scan optimization technologies
•   Application performance reporting system

4.9.2.3. New Features compared to KAV for WSEE 6.0

•   Support for EMC Celerra
•   Support for Microsoft Windows Server 2008 R2
•   Certified compatible with VMware
•   Compatible with third-party server software
•   Support for HSM systems


                                                                                                         Page 109
Enterprise Sales Compendium


4.10. General Application Description

Features                      Description

Scanning Engine               The new scanning engine offers users the following advantages:
Improved!
                              •   Scans 5-7 times faster than the previous version
                              •   Consumes 50% less system resources
                              •   No need to reinstall the application to update the antivirus engine,
                                  malware detection and treatment modules
                              •   The latest heuristics technologies complement the conventional
                                  signature-based systems for enhanced detection performance
Assigning trusted zones       The product lets you specify the area to be scanned as well as trusted
Improved!                     zones that are exempt from scanning.

                              The trusted zone management tools have been improved: the user can as-
                              sign individual files as trusted, as well as file types and entire folders.

                              Advantage:
                              • Reduced scanning time
                              • Reduced configuration time
                              • Ability to exempt popular server applications from scanning to ensure
                                 their compatibility
Scanning of critical system   A dedicated task can be launched that scans the system’s most vulnerable
areas                         areas, autorun files and the operating system. Scanning autorun objects
                              helps prevent malware from launching during system start-up and can
                              detect any hidden processes.
                              Advantage: increased server protection.
Flexible scan settings        File scan settings can be used to:

                              •  Exempt certain processes from being scanned
                              •  Set the level of antivirus protection - the administrator can adjust the
                                 balance between the depth and time of scanning
                              • Specify which file types must always be scanned and which should be
                                 exempted completely
                              • Preset responses to suspicious and infected objects according to
                                 threat type
                              Advantage: Optimized usage of server resources and flexible manage-
                              ment of corporate network security.
On-demand scanning            The administrator can initiate a manual scan or scheduled scans. This
                              feature is useful when new software has been installed or if an infection is
                              suspected.
                              Advantage: maximum control and manageability of file server security.
Security settings templates   The product allows security settings to be saved as templates. Individual
                              security configuration templates can then be used with on-demand scan-
                              ning tasks and always-on protection.
                              Advantage: reduces the time required to configure server security and
                              individual settings can be saved for various situations.




Page 110
Messaging, Web, Infrastructure & Endpoint Products

File and folder attributes can    When objects are identified as suspicious, KAV 8.0 for WSEE places them
be saved when placing them in     in quarantine or into a dedicated folder in encrypted format.
quarantine or backup storage
                                  If KAV 8.0 for WSEE treats or deletes an infected file, its original is placed
                                  into backup storage.

                                  The file is backed up in its original form together with all of its attributes,
                                  including its security settings.

                                  Advantage: the original documents are retained regardless of the actions
                                  of the antivirus program.

Scans and treats archived files   KAV 8.0 for WSEE performs scans and other actions, as required, with
                                  packed and multi-packed archives, ensuring an increased malware detec-
                                  tion level.
Checks scripts                    KAV 8.0 for WSEE blocks execution of malicious scripts.
                                  Advantage: increased levels of malware detection.



4.10.1. Administration and notifications

Features                          Description

Centralized administration with   Full support for the latest Administration Kit version, including installation,
Kaspersky Administration Kit      management, reporting and updates. The system enables remote installa-
Improved!                         tion and configuration of applications on several servers simultaneously as
                                  well as their management.
                                  Advantage: quick and easy installation, management and administration
                                  of file server security in companies with complex network architectures.
Remote/local administration via   An intuitive new graphic user interface helps the system administrator to
MMC                               configure and manage applications locally or remotely.
Improved!                         Advantage: reduces configuration and management time.
Command line administration       Using the command line is an alternative and resource-saving way to man-
                                  age the product.
                                  Advantage: helps the administrators manage the product with proprietary
                                  automations tools, as required.
Performance counters              This is a useful tool to track the product’s performance while it undertakes
                                  always-on protection tasks.
                                  Advantage: the tool helps the administrator analyse the product’s opera-
                                  tion and optimise it if needed.
Program notification system       The product supports administrator notifications via the messaging service
                                  or email for an extensive event list. The application is integrated with Sim-
                                  ple Network Management Protocol (SNMP) and can operate with
                                  Microsoft Operations Manager (MOM).
                                  Advantage: faster reporting means a more rapid response to issues.

Reports                           Program operations can be tracked using graphic-based reports as well as
                                  Microsoft Windows or Kaspersky Administration Kit event logs. The search
                                  system and dedicated filtering allows data to be found quickly
                                  Advantage: administrators can see and resolve any issues as they arise,
                                  improving server security management.

Control over administrator        Different roles with specific privileges can be assigned to each of the serv-
privileges                        ers’ administrators.
                                  Advantage: internal security within large companies can be maintained at
                                  the required levels, including control of the IT personnel’s privileges.




                                                                                                          Page 111
Enterprise Sales Compendium

Flexible setting of scan times      To ensure best use of server resources and minimize disruption to users,
                                    antivirus scan start and finish times can be set exactly. This limits on-
                                    demand scans to periods of minimum server load, such as at night or at
                                    weekends.
                                    Advantage: reduced possibility of system overload. Minimizes server load
                                    during peak times and simplifies the administrator’s server management
                                    role.



4.10.2. Performance

Features                            Description

Server load balancing               KAV 8.0 for WSEE helps balance the use of server resources between the
Improved!                           antivirus system and other applications according to the task priorities.
                                    Antivirus scanning can be performed in background mode.
                                    Advantage: reduces antivirus program activity when other tasks are being
                                    performed, e.g. updating the server’s software. Ensures the server keeps
                                    up with the core business tasks.
Optimised performance with          The use of iSwift and iChecker technologies scans everything during the
iSwift and iChecker                 first on-demand scan, then only new and modified objects thereafter. This
technologies                        dramatically improves the product’s performance.
Improved!
Supports operation in server        KAV 8.0 for WSEE can be installed on clusters of servers working in
clusters                            Active/Active and Active/Passive modes. The solution helps ensure the
                                    server operates correctly when resources migrate between cluster resourc-
                                    es (failover/failback situations).

                                    The cluster is protected completely when KAV 8.0 for WSEE is installed
                                    on each node of the corporate network. The application protects the file
                                    server system’s local disks and the cluster’s shared disks currently owned
                                    by the protected node.

                                    Advantage: the product is completely suited to the complex server cluster
                                    architecture typically found in large companies.
Support for the server’s uninter-   KAV 8.0 for WSEE does not require the server to be rebooted when the
rupted operation: KAV 8.0 for       antivirus is installed or updated. Rebooting the server is undesirable/not
WSEE does not interrupt the         an option for most corporate networks.
server’s operation                  Advantage: continuous running of the server software ensures
                                    uninterrupted operation of the company’s business processes.




Page 112
Messaging, Web, Infrastructure & Endpoint Products

4.10.3. Supported platforms and third-party software

Features                         Description

Support for EMC Celerra          KAV 8.0 for WSEE supports the popular EMC Celerra data storage solu-
(New!)                           tion. The product provides antivirus protection for data and is completely
                                 compatible with EMC Celerra.
                                 Advantage: high-level antivirus protection of cutting-edge network in-
                                 frastructure and data storage systems for both the SMB and Enterprise
                                 sectors.
Support for Microsoft Windows    KAV 8.0 for WSEE supports the widely popular Windows Server 2008 R2,
Server 2008 R2                   including its Server Core, Datacenter and Hyper-V releases.
(New!)                           Advantage: high-level antivirus protection of cutting-edge network infra-
                                 structure for both the SMB and Enterprise sectors.
                                 The product is certified Windows Server 2008 R2 compatible.
                                 Advantage: wide possibilities for partners to use the solution in a variety
                                 of tenders.
Compatibility with VMware        KAV 8.0 for WSEE protects both permanent and virtual (guest) operat-
(New!)                           ing systems. A copy of the product must be installed on each operating
                                 system.

                                 Advantage: high-level antivirus protection of the widely popular VMware
                                 virtual machine.

                                 The product is certified VMware Ready. (New!)
                                 Advantage: wide possibilities for partners to use the solution in a variety
                                 of tenders.
Compatible with third-party      KAV 8.0 for WSEE is compatible with a wide range of server software,
server software                  including backup software. This allows the antivirus solution to be used
(New!)                           with a wide range of different clients:

                                 •   Symantec Enterprise Vault 8.0
                                 •   IBM Tivoli Storage Manager 6.1
                                 •   IBM WebSphere
                                 •   HP Data Protector software

                                 Advantage: the solution’s flexibility allows it to be used on servers with a
                                 varied array of installed software without the risk of conflict, making the
                                 network administrator’s job easier.
Support for HSM systems          KAV 8.0 for WSEE supports configuration of offline file scan modes
(New!)                           The product checks if a specific file is located on the local disk and helps
                                 configure scan modes compatible with disk storage management systems.
                                 Advantage: effective antivirus protection of complex hierarchical file
                                 systems.
Protection of terminal servers   KAV 8.0 for WSEE protects Microsoft Terminal and Citrix XenApp servers
Improved!                        (formerly Presentation Server). This feature helps:

                                 Protect terminal users working in desktop/application publishing modes
                                 Notify terminal users of events using the terminal services tools
                                 Audit actions performed with terminal users’ files and scripts

                                 (New!) Certified Citrix XenApp: Citrix Ready for XenApp 6.0 compatible.
                                 Advantage: the solution is flexible enough to protect the infrastructure
                                 of terminal servers as effectively as it does regular servers.
Protection of DAS storage        The product protects data storage systems directly attached to servers
                                 (DAS storage).
                                 Advantage: high level of antivirus protection for those companies that
                                 would like to increase their servers’ storage capacities at low cost (solution
                                 flexibility).

                                                                                                      Page 113
Enterprise Sales Compendium

4.10.4. Certifications of the current version of KAV4WSEE 6.0

Title                             Details

                                  In October 2009 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise
                                  Edition MP2 successfully passed certification tests on Microsoft Win-
                                  dows 2003 Server X64 platform conducted by VB-Comparatives and was
                                  awarded “VB 100%” certification.


Virus Bulletin (VB 100%)
Certification
                                  This logo means that Kaspersky Anti-Virus 6.0 for Windows Server Enter-
                                  prise Edition has been optimised to run on the multi-kernel processors
                                  Intel Xeon thus improving the scan efficiency.



Intel Xeon Support
                                  The Logotype “Certified for Windows Server 2008” awarded by the
                                  Microsoft Company shows high quality of Kaspersky Anti-Virus 6.0 for
                                  Windows Servers Enterprise Edition and proves its full compatibility with
                                  Windows Server 2008. Veritest laboratory attests applications on behalf of
                                  the Microsoft Company.
Certified for Windows Server
2008
                                  OPSWAT certification attests that Kaspersky Anti-Virus 6.0 for Windows
                                  Servers Enterprise Edition is correctly installed on all supported operat-
                                  ing systems, is not reported as malware and has a high ability to detect
                                  viruses, fault detection test was positive with 0 threats detected on a clean
                                  install.
OESISOK Antivirus Certification
                                  http://www.opswat.com/
                                  Awarded by Citrix Systems, guarantees that Kaspersky Anti-Virus 6.0 for
                                  Windows Servers Enterprise Edition is fully compatible with Citrix XenApp
                                  (Citrix Presentation Server) versions 4.0 and 4.5.


Citrix Ready Certification




Page 114
Messaging, Web, Infrastructure & Endpoint Products

4.11. Application Environment
Since KAV4WSEE had been developed to focus on medium-to-enterprise level companies, we need to take under
consideration that those companies have a different IT infrastructure. This lead us to the point, where we need to
understand clearly the IT environment KAV4WSEE runs in.

4.11.1. Cluster and Cluster types
A computer cluster is a group of linked computers, working together closely so that in many respects they form
a single computer. The components of a cluster are commonly, but not always, connected to each other through
fast local area networks. Clusters are usually deployed to improve performance and/or availability over that of a
single computer, while typically being much more cost-effective than single computers of comparable speed or
availability.

Mainly, we divide cluster system in two groups:

1. High-availability (HA) cluster
2. Load-Balancing cluster


4.11.1.1. High-availability (HA) cluster

High-availability clusters are implemented primarily for the purpose of improving the availability of services that
the cluster provides. They operate by having redundant nodes, which are then used to provide service when sys-
tem components fail. The most common size for an HA cluster is two nodes, which is the minimum requirement to
provide redundancy. HA cluster implementations attempt to use redundancy of cluster components to eliminate
single points of failure.

Such HA cluster can be categorized into the following models:

•   Active/Active - Traffic intended for the failed node is either passed onto an existing node or load balanced
    across the remaining nodes. This is usually only possible when the nodes utilize a homogeneous software
    configuration.
•   Active/Passive - Provides a fully redundant instance of each node, which is only brought online when its as-
    sociated primary node fails. This configuration typically requires the most amount of extra hardware.

The Microsoft Cluster Server (MSCS) is designed to allow servers to work together, to provide failover and in-
creased availability. Microsoft uses three technologies for clustering. Microsoft Cluster Services (MSCS), Compo-
nent Load Balancing (CLB) and Network Load Balancing Services (NLB). Microsoft Cluster Services (MSCS) was
first introduced in Windows NT® 4.0 Enterprise Edition. With the new release of Microsoft Windows 2008 and
2008 R2 the MSCS services has been renamed to Windows Server Failover Clustering (WSFC).

4.11.1.2. Load-Balancing cluster

Load-balancing is when multiple computers are linked together to share computational workload or function as
a single virtual computer. Logically, from the user side, they are multiple machines, but function as a single virtual
machine. Requests initiated from the user are managed by, and distributed among, all the standalone computers
to form a cluster. This results in balanced computational work among different machines, improving the perfor-
mance of the cluster systems.




                                                                                                           Page 115
Enterprise Sales Compendium

4.11.2. Enterprise Storage Solutions
Definition: Enterprise storage is a centralized storage system that businesses use for managing and protecting
data. It also enables data sharing through connectivity to various computers in a network environment that in-
cludes UNIX, Microsoft Windows and mainframe platforms.

Enterprise storage differs from consumer storage with respect to the size of the storage operations and also the
technology used. When considering the implementation of an enterprise storage technology, enterprises should
appraise the technology on four parameters. These include storage, backup, archiving, and disaster recovery.
Together, these four constitute the major functions of an enterprise storage system and they impact both cost
and performance.

Explosive data growth caused by concurrent requirement for historical, integrated, and granular data. Require-
ment for alternate storage mechanisms so that infrequently used “dormant data” can be stored in a more cost-
effective manner. Enterprise business storage has to cater to an increased number of users including data
miners, explorers, departmental users, multidimensional users, power users, and executive users. Enterprise
business storage plays a key role in ensuring that enterprise business intelligence is available to be leveraged
at the most opportune moment and that discrete data silos are consolidated to provide an enterprise business
intelligence infrastructure.

4.11.2.1. Storage System Types

The three basic storage systems are direct attached storage (DAS), storage area network (SAN) and network at-
tached storage (NAS).

DAS is the basic building block on which SAN and NAS can be deployed. Thus, DAS which constitutes block-level
storage dictates the performance of SAN and NAS and ultimately the entire enterprise storage environment. The
host computer’s storage interface is connected to DAS. A data network is required so that computers other than
the host computer can access DAS.

The storage devices that are used to develop a DAS storage subsystem include SCSI, PATA, SATA, SAS, FC, Flash,
and RAM.

SANs offer greater functionality than DAS as they allow more than one host to connect to a single storage device
at the block level. This enables server computers to systematically control the storage volume in a storage de-
vice. However, multiple clients cannot share a single volume. SAN offers a host of compatibility advantages with
respect to applications. SAN technologies include iSCSI, FC, and AoE.

NAS is essentially a file server that resides on top of SAN or DAS. NAS ensures Microsoft compatibility by using
server message block (SMB) and network file system (NFS) for UNIX compatibility. Unlike SAN or DAS, NAS allows
multiple clients to share a single volume. The drawback of NAS is that it does not offer compatibility with as many
applications as SAN or DAS; this is because most applications run with a block-level storage device.

4.11.2.2. Direct Attached Storage (DAS)

DAS refers to a digital storage system directly attached to a server, without a storage network in between. Mainly,
it is used to differentiate non-networked storage from SAN and NAS solutions.

DAS storage is directly connected to a server via a host bus adapter (HBA). Between the DAS storage and the
server is no network in place.

Most functions found in modern storage solutions do not depend on whether the storage is attached directly to a
server (DAS) or via a network (SAN and NAS).

4.11.2.3. Network Attached Storage (NAS)

In contrast to Storage Area Network (SAN), NAS uses file-based protocols such as NFS or SMB/CIFS where it is
clear that the storage is remote, and computer request a portion of an abstract file rather than a disk block.




Page 116
Messaging, Web, Infrastructure & Endpoint Products

4.11.2.4. Storage Area Network (SAN)

A SAN is an architecture to attach remote computer storage devices to servers in such a way that the device ap-
pear as locally attached to the operation system. A SAN network utilise different technologies for transmitting
data from the server. Those technologies are Fibre Channel Fabric (FC) or iSCSI.



                                                    File System



                                                                                              NFS
                                                             ISCSI
                                                                                              CIFS




                       DAS                              SAN                             NAS



                                         Ethernet     Fibre Channel       Ethernet     Fibre Channel


                                                                                     File System




                     Storage                          Storage                          Storage

                                                     Figure 12.


The targeted mid-large enterprise market use EMC and Netapp SAN solutions.

4.11.2.5. EMC Corporation

EMC Corporation (NYSE: EMC) is a U.S. Fortune 500 and S&P 500 provider of information infrastructure systems,
software and services. It is headquartered in Hopkinton, Massachusetts, USA. EMC’s data storage products are
built to store and protect information. EMC’s enterprise content management software is used to capture and
store documents in a secure and central location. Using this software, employees can share documents and work
together.

EMC Celerra unified storage platforms combine an IP storage, native CLARiiON storage providing NAS, iSCSI, and
Fibre Channel in a single solution.

•   Multi-protocol (NAS, iSCSI, Fibre Channel and MPFS)
•   Native Block Option for Fibre Channel and iSCSI
•   Fibre Channel and ATA drive support
•   Flash Drive Support
•   Block and file I/O

In mid-large enterprise companies storage solutions like EMC Celerra are used to store certain data, like user
profiles or SAP, Microsoft CRM data on a centralized system. Since the EMC storage system does not allow to
install Antivirus solutions directly, you have to facilitate a Microsoft Server to scan the storage. Therefore EMC
provides a specific interface which had been implemented in Kaspersky WSEE.

Those interfaces are placed in the EMC Celerra Event Enabler (CEE) framework. This framework is divided in two
components:
        1. EMC Celerra AntiVirus Agent (CAVA)
        2. EMC Celerra Event Publishing Agent (CEPA)


                                                                                                        Page 117
Enterprise Sales Compendium

CAVA is the EMC-provided agent running on a Windows server that communicates with a standard antivirus
engine to scan CIFS files stored on a Celerra Network Server. It uses industry-standard (Common Internet File
System) protocols in a Microsoft Windows Servers. CAVA uses third-party antivirus software to identify and elimi-
nate known viruses before they infect files on the storage system. Using EMC Celerra AntiVirus Agent contains
information about using CAVA.

CEPA is the EMC-provided agent running on a Windows server that provides external applications with notifica-
tion and optional control of changes made by CIFS clients in file systems on the Celerra in real time. CEPA allows
applications to register to receive event notification and context from Celerra. CEPA delivers to the consuming
application both event notification and associated context (file/directory metadata needed to make a business
policy decision) in one message. Using EMC Celerra Event Publishing Agent contains information about using
CEPA.

4.11.2.6. CAVA Features in Detail

Scan-On-First-Read
CAVA uses the access time of a file to determine if a file should be scanned. The access time is compared with
time reference stored in the EMC CAVA service. If the file’s access time is earlier than the reference time, the
file is scanned on read before it is opened by the CIFS client. You can set the access time using the server_vir-
uschk command. EMC Celerra Network Server Command Reference Manual provides more information about
the server_viruschk command. CAVA updates the scan-on-first-read access time when it detects a virus definition
file update on the AV engine.

Updating virus definition files
CAVA can automatically detect a new version of the virus definition file and update the access time. To use this
feature you must have scan-on-first-read enabled. Currently, the latest versions of all supported third-party anti-
virus engines support automatic pattern updates. The EMC Celerra Network Server Release Notes and the EMC
E-Lab Interoperability Navigator provide the latest information on other antivirus products.

Scan on Write
CAVA initiates a scan after a file is modified and closed. If a file is opened, but there are no modifications made to
it, it is not scanned upon closing it.

CAVA Calculator
CAVA Calculator is a utility that assists you in determining the number of CAVA servers for the environment prior
to installation. CAVA Calculator can be installed and run independent of CAVA and the Celerra Network Server,
whereas the sizing tool uses the actual workload.

CAVA virus-checking client
The virus-checking (VC) client is the agent component of the Celerra Network Server software on the Data Mover.
The VC client interacts with the AV engine, which processes requests from the VC client. Scanning is supported
only for CIFS access. While the scan or other related actions are taking place, access to the file from any CIFS
client is blocked.

Full file system scan
An administrator can perform a full scan of a file system using the server_viruschk -fsscan command. To use this
feature, CAVA must be enabled and running. The administrator can query the state of the scan while it is running,
and can stop the scan if necessary. A file system cannot be scanned if the file system is mounted with the option
noscan. As the scan proceeds through the file system, it touches each file and triggers a scan request for each
file.




Page 118
Messaging, Web, Infrastructure & Endpoint Products

4.11.2.7. Netapp Storage Solutions

Netapp. Inc, formerly Network Appliance, is a proprietary computer storage and data management company
headquartered in Sunnyvale, California.

The line of NetApp filers was the company’s flagship since the very beginning. A filer is a type of disk storage
device which owns and controls a file system, and presents files and directories to hosts over the network. This
scheme is sometimes called file storage, as opposed to the block storage that has been traditionally provided by
major storage vendors like EMC Corporation and Hitachi Data Systems.

NetApp’s filers initially used NFS and CIFS protocols based on standard local area networks (LANs), whereas
block storage consolidation required storage area networks (SANs) implemented with the Fibre Channel (FC)
protocol. Today, NetApp systems support it via FC protocol, the iSCSI protocol, and the emerging Fibre Channel
over Ethernet (FCoE) protocol.

NetApp filer, known also as NetApp Fabric-Attached Storage (FAS), or NetApp’s network attached storage (NAS)
device are NetApp’s offering in the area of Storage Systems. A FAS functions in an enterprise-class Storage area
network (SAN) as well as a networked storage appliance. It can serve storage over a network using file-based
protocols such as NFS, CIFS, FTP, TFTP, and HTTP. Filers can also serve data over block-based protocols such as
Fibre Channel (FC), Fibre Channel over Ethernet (FCoE) and iSCSI. NetApp Filers implement their physical storage
in large disk arrays.

Most other large storage vendors’ filers tend to use commodity computers with an operating system such as
Microsoft Windows Storage Server or tuned Linux. NetApp filers use highly customized commodity hardware and
the proprietary Data ONTAP operating system, both originally designed by founders Dave Hitz and James Lau spe-
cifically for storage-serving purposes. Although Data ONTAP (Currently in Version 8) is NetApp’s operating system
specially optimised for storage functions at high level and low level, it is based on FreeBSD.


4.11.3. Terminal Services

4.11.3.1. Microsoft Terminal Services / Microsoft Remote Desktop Services

Remote Desktop Services, formerly known as Terminal Services, is one of the components of Microsoft Windows
(both server and client versions) that allows a user to access applications and data on a remote computer over a
network, using the Remote Desktop Protocol (RDP). With terminal services, only the user interface of an applica-
tion is presented at the client. Any input to it is redirected over the network to the server, where all application
execution takes place. Microsoft changed the name from Terminal Services to Remote Desktop Services with the
release of Windows Server 2008 R2 in October 2009.

For an enterprise, Terminal Services allows IT departments to install applications on a central server. For example,
instead of deploying database or accounting software on all desktops, the applications can simply be installed
on a server and remote users can log on and use them via the Internet. This centralization makes upgrading,
troubleshooting, and software management much easier. As long as employees have Remote Desktop software,
they will be able to use enterprise software. Terminal Services can also integrate with Windows authentication
systems to prevent unauthorized users from accessing the applications or data.

Microsoft has a long-standing agreement with Citrix to facilitate sharing of technologies and patent licensing
between Microsoft Terminal Services and Citrix Presentation Server (formerly Citrix MetaFrame) which has now
been renamed to Citrix XenApp. In this arrangement, Citrix has access to key source code for the Windows plat-
form enabling their developers to improve the security and performance of the Terminal Services platform.

Terminal Server is the server component of Terminal services. It handles the job of authenticating clients, as well
as making the applications available remotely. It is also entrusted with the job of restricting the clients according
to the level of access they have. The Terminal Server respects the configured software restriction policies, so as
to restrict the availability of certain software to only a certain group of users. The remote session information is
stored in specialized directories, called Session Directory which is stored at the server. Session directories are
used to store state information about a session, and can be used to resume interrupted sessions. The terminal
server also has to manage these directories. Terminal Servers can be used in a cluster as well.




                                                                                                          Page 119
Enterprise Sales Compendium

The Terminal Services Gateway service component, also known as TS Gateway, can tunnel the Remote Desktop
Protocol session using a HTTPS channel.[7] This increases the security of Remote Desktop Services by encapsu-
lating the session with Transport Layer Security (TLS). This also allows the option to use Internet Explorer as the
RDP client.

RemoteApp (or TS RemoteApp) is a special mode of Remote Desktop Services, available only in Remote Desktop
Connection 6.1 and above (with Windows Server 2008 being the RemoteApp server), where a remote session
connects to a specific application only, rather than the entire Windows desktop.

4.11.3.2. Citrix XenApp (formerly Citrix MetaFrame Server and Citrix Presentation Server)

XenApp is an application virtualization / application delivery product that allows users to connect to their corpo-
rate applications. XenApp can either host applications on central servers and allow users to interact with them
remotely or stream and deliver them to user devices for local execution. In contrast to Microsoft Remote Services,
XenApps uses an proprietary presentation layer protocol called Independed Computing Infrastructure (ICA) to
transport the data from the server to the client.

Citrix utilizes the underlaying platform, Microsoft Software Remote Services, and extend desktop and virtual ap-
plication deployments, with security and access to Windows applications.

Citrix Receiver
Citrix Receiver is a new lightweight software client that makes accessing virtual applications and desktops on any
device as easy as turning on your TV. See how it works. Much like a satellite or cable TV receiver in a broadcast
media service, Citrix Receiver allows IT organizations to deliver desktops and applications as an on-demand ser-
vice to any device in any location with a rich “high definition” experience.

Application Virtulization
Citrix application virtualization technology isolates applications from the underlying operating system and from
other applications to increase compatibility and manageability. This application virtualization technology enables
applications to be streamed from a centralized location into an isolation environment on the target device where
they will execute. With XenApp, applications are not installed in the traditional sense. The application files, con-
figuration, and settings are copied to the target device and the application execution at run time is controlled by
the application virtualization layer. When executed, the application run time believes that it is interfacing directly
with the operating system when, in fact, it is interfacing with a virtualization environment that proxies all requests
to the operating system.




Page 120
Messaging, Web, Infrastructure & Endpoint Products

Application Streaming
Application streaming simplifies application delivery to users by virtualizing applications on client devices. Admin-
istrators can install and configure an application centrally and deliver it to any desktop on demand.
Use the application streaming feature to install and configure an application on one file server in your App Hub,
publish the application using the XenApp publishing wizard, and deliver it to any desktop or server on demand.
To upgrade or patch an application, you make the updates only in the location where you stored the application.
Application streaming augments application delivery not only to user desktops, but also to servers in your server
farms.




                                                     Figure 13.




                                                                                                          Page 121
Enterprise Sales Compendium

4.11.4. Hierarchical Storage Management
Hierarchical Storage Management (HSM) is a data storage technique which automatically moves data between
high-cost and low-cost storage media. HSM systems exist because high-speed storage devices, such as hard
disk drive arrays, are more expensive (per byte stored) than slower devices, such as optical discs and magnetic
tape drives. While it would be ideal to have all data available on high-speed devices all the time, this is prohibi-
tively expensive for many organizations. Instead, HSM systems store the bulk of the enterprise’s data on slower
devices, and then copy data to faster disk drives when needed. In effect, HSM turns the fast disk drives into
caches for the slower mass storage devices. The HSM system monitors the way data is used and makes best
guesses as to which data can safely be moved to slower devices and which data should stay on the fast devices.

In a typical HSM scenario, data files which are frequently used are stored on disk drives, but are eventually mi-
grated to tape if they are not used for a certain period of time, typically a few months. If a user does reuse a file
which is on tape, it is automatically moved back to disk storage. The advantage is that the total amount of stored
data can be much larger than the capacity of the disk storage available, but since only rarely-used files are on
tape, most users will usually not notice any slowdown.

KAV4WSEE supports the following HSM solutions:

1.   Symantec Enterprise Vault 8.0
2.   IBM Tivoli Storage Manager 6.1
3.   IBM WebSphere
4.   HP Data Protector Software




Page 122
Messaging, Web, Infrastructure & Endpoint Products


4.12. Solution Overview
This chapter shows three examples on implementing Kaspersky Anti-Virus 8.0 for Windows Server Enterprise
Edition.


4.12.1. First Case: Microsoft Windows 2008 R2 Failover Clustering
The failover cluster is widely used in mid-large enterprise companies to provide support for mission-critical
applications, such as databases, messaging systems, file and print services.

A failover cluster is a group of independent computers, or nodes, that are physically connected by a local-area
network and that are connected by cluster software. The group of nodes is managed as a single system and
shares a common namespace.

Normally, if a server that is running a particular application crashes, the application will be unavailable until
the server is fixed. Failover clustering addresses this situation by detecting hardware or software faults and
immediately restarting the application on another node without requiring administrative intervention.




                                                   Figure 14.


This failover cluster configuration is fully supported by Kaspersky Anti-Virus 8.0 for Windows Server Enter-
prise Edition. The WSEE 8.0 will be installed on both nodes and ensures that the system is protected either in
Active-Active or Active-Passiv mode.




                                                                                                       Page 123
Enterprise Sales Compendium

4.12.2. Second Case: Microsoft Windows 2008 R2 with EMC Storage
This setup shows an example implementation with three Microsoft Windows Server 2008 with EMC CAVA
installed and running Kaspersky WSEE 8.0 to protect the files on the EMC while users on the workstations or
servers accessing the files.




                                    EMC CAVA
            Windows Server                                                              Workstation / Server

                                                                          EMC Storage




                                               EMC CAVA             EMC CAVA


                             Windows Server




                                                                Windows Server



                                                          Figure 15.




The EMC CAVA Calculator provides access to CIFS network shares which will be scanned by KAV4WSEE
according the settings made by the administrator. To determine how many servers are needed to scan the EMC
storage, EMC provides the EMC Calculator which estimate the needed servers based on the actions on the EMC
and the available storage.

The EMC CAVA installation guide includes a detailed description how to configure KAV4WSEE to provide highest
security.




Page 124
Application




Kaspersky Anti-Virus for Linux File Servers
Enterprise Sales Compendium




Page 126
Messaging, Web, Infrastructure & Endpoint Products


4.13. Application: Kaspersky Anti-Virus
for Linux File Server (KAV4LFS)
Kaspersky Anti-Virus for Linux File Server 8.0 is a solution offering
antivirus protection to the vast majority of Linux and FreeBSD file
servers. It supersedes two earlier products: Kaspersky Anti-Virus for
Linux File Server 5.7 and Kaspersky Anti-Virus for Samba Server 5.5.

This product has been developed specifically for enterprise
application server and high performance servers.




4.13.1. Linux File Server security
Linux refers to the family of Unix-like computer operating systems using the Linux kernel. Linux can be installed
on a wide variety of computer hardware, ranging from mobile phones, tablet computers and video game con-
soles, to mainframes and supercomputers. Linux is predominantly known for its use in servers; in 2009 it held a
server market share ranging between 20–40%. Most desktop computers run either Microsoft Windows or Mac
OS X, with Linux having anywhere from a low of an estimated 1–2% of the desktop market to a high of an esti-
mated 4.8%. However, desktop use of Linux has become increasingly popular in recent years, partly owing to the
popular Ubuntu, Fedora, Mint, and openSUSE distributions and the emergence of netbooks and smartphones
running an embedded Linux.

The development of Linux is one of the most prominent examples of free and open source software collaboration;
typically all the underlying source code can be used, freely modified, and redistributed, both commercially and
non-commercially, by anyone under licenses such as the GNU General Public License. Typically Linux is packaged
in a format known as a Linux distribution for desktop and server use. Linux distributions include the Linux kernel
and all of the supporting software required to run a complete system, such as utilities and libraries, the X Window
System, the GNOME and KDE desktop environments, and additionally enterprise services. Commonly used appli-
cations with desktop Linux systems include the Mozilla Firefox web-browser, the OpenOffice.org office application
suite and the GIMP image editor.

The name “Linux” comes from the Linux kernel, originally written in 1991 by Linus Torvalds. The main supporting
user space system tools and libraries from the GNU Project (announced in 1983 by Richard Stallman) are the
basis for the Free Software Foundation’s preferred name GNU/Linux.

The above mentioned enterprise services like FileServer, HTTP Server, FTP Server, SAMBA Server must be pro-
tected against malware.




                                                                                                         Page 127
Enterprise Sales Compendium

4.13.2. Definition

4.13.2.1. Main Features

•   Real-time antivirus protection
•   On-demand scanning
•   Flexible scan settings
•   Fault tolerant
•   Centralized installation and administration
•   Choice of administration tools

4.13.2.2. Advanced Features

•   Reporting system
•   Notification of security events

4.13.2.3. New Features compared to KAV for Linux File Server 5.7

•   Kaspersky Web Management Console
•   Protection for Samba servers
•   Quarantine and backup storage
•   Support for NSS file system
•   Support for FreeBSD


4.14. General Application Description

Feature                               Description

Protection against viruses,           The new antivirus engine gives users the following advantages:
worms and Trojans -
new antivirus engine 8.0              •   the new heuristic technologies used in the product combined with tradi-
Improved!                                 tional signature-based malware detection methods mean that it is even
                                          more effective
                                      •   the product does not need to be reinstalled in order to update the mal-
                                          ware detection and treatment modules or the antivirus engine
On-demand scanning                    The product can perform on-demand antivirus scanning of specified drive
Improved!                             areas. This option is indispensible for checking suspect files and newly
                                      installed software

                                      Improved!
                                      The product’s optimised architecture means scanning speeds have in-
                                      creased compared to the previous version.
                                      Advantage: provides maximum control over the management of file server
                                      security.




Page 128
Messaging, Web, Infrastructure & Endpoint Products

Flexible scanning settings     File scanning settings allow:
Improved!
                               •   objects to be selected using masks and alphanumeric expressions,
                                   including wildcard characters
                               •   different settings to be assigned to different users accessing protected
                                   objects on the file server
                               •   a variety of scanning exceptions to be specified, for example, file type,
                                   catalogue, program or user
                               •   the level of antivirus protection to be adjusted – the administrator can
                                   select the appropriate balance between the depth and speed of scans
                               •   specific actions to be assigned for suspicious or infected objects, includ-
                                   ing by threat type
                               •   scans to be launched according to the most convenient schedule
                               •   archived objects to be treated or deleted. (New!)

                               Improved! The new version contains more configuration options than the
                               previous version.
                               Advantage: The ability to create exceptions for distributed server programs
                               ensures compatibility with them; This approach helps optimise the server
                               load and ensures the flexible management of corporate network security.
Quarantine and backup stor-    When a suspicious object is detected, the program places it in quarantine,
age                            where objects are stored in encrypted format. If the product treats or deletes
(New!)                         an infected file, its original is placed into backup storage. The file is backed
                               up in its original form together with all of its attributes, including its security
                               settings.
                               Advantage: the original documents are retained regardless of the actions of
                               the antivirus program.



4.14.1. Administration and notifications

Feature                        Description

Kaspersky Web                  The console allows the following actions to be performed remotely via a web
Management console             browser:
(New!)
                               •   configuration of the sending of notifications
                               •   protection status tracking of the server and operation of the antivirus
                                   program
                               •   the viewing of information about system events over time
                               •   the creation of graphical reports that can be saved in PDF and XLS
                                   formats.

                               Advantage: the user-friendly management console saves the server admin-
                               istrator time when working with the program.
Centralized management using   Full support for the latest version of Kaspersky Administration Kit allows:
Kaspersky Administration Kit   remote installation configuration, the creation of security policies, license
8.0                            management and the acquisition of reports and updates from the adminis-
Improved!                      tration server. Kaspersky Administration Kit enables a program to be in-
                               stalled, configured and managed on several servers simultaneously.

                               Improved! The new version of Kaspersky Administration Kit now includes
                               the capability to install and configure the program, manage tasks in full and
                               receive system notifications.
                               Advantage: the installation, management and administration of file server
                               protection in companies with complex network infrastructures is easier and
                               faster.




                                                                                                        Page 129
Enterprise Sales Compendium

Command-line management       The program can manage any scheduled task (including remotely via SSH)
Improved!                     and receive reports about malware activity and the operation of the antivirus
                              program or its individual components. Reports can be exported and saved in
                              HTML and CSV formats.

                              Improved! In the new version, reports can be created, exported and saved
                              in HTML and CSV formats. The program’s log search capabilities have also
                              been greatly enhanced.

                              Advantage: alternative management methods allow the use of additional
                              automation tools and a flexible approach to integration with programs pro-
                              vided by other vendors.
Notifications about           There is an extended list of events that the administrator can receive notifi-
program operations            cations about via messaging services or by e-mail.
Improved!
                              Improved! It is now possible to receive notifications via SMTP and Kaspersky
                              Administration Kit.
                              Advantage: faster reporting means a more rapid response to issues.
Reports                       Graphical reports created in PDF or XLS formats using the web console or
Improved!                     Kaspersky Administration Kit help the administrator manage the program’s
                              operations. Program component reports can also be viewed, via the com-
                              mand line, in a choice of HTTP or CSV formats.

                              Improved! PDF and XLS formats have been added for viewing reports on the
                              web console.

                              Advantage: administrators can see and resolve any issues as they arise,
                              improving server security management
Flexible scan time settings   To ensure best use of server resources and minimize disruption to the
Improved!                     users, antivirus scan start and finish times can be set exactly. This limits
                              on-demand scans to periods of minimum server load, such as at night or at
                              weekends.

                              Improved: The times for scans and antivirus database updates can be set
                              directly from the new version of the program – via the web console or com-
                              mand line.

                              Advantage: reduces the need to reboot the system, thereby minimizing
                              server downtime. Minimizes peaks in server load and simplifies server man-
                              agement.




Page 130
Messaging, Web, Infrastructure & Endpoint Products

4.14.2. Performance

Feature                       Description

Balancing server load         The program helps balance the use of server resources between the antivi-
                              rus system and other applications according to the task priorities. Antivirus
                              scanning can be performed in background mode.
                              Advantage: reduces antivirus program activity when other tasks are being
                              performed, e.g. updating the server’s software. Ensures the server keeps up
                              with the core business tasks
Regular database updates      Updating antivirus databases can be carried out on-demand, or automatical-
Improved!                     ly via Kaspersky Lab servers, from the Kaspersky Administration Kit server
                              or via the company’s local servers. The program automatically selects the
                              least loaded update server.

                              Improved! In the new version it is now possible to perform updates from the
                              Kaspersky Administration Kit server, which can expedite the update pro-
                              cess and minimize incoming traffic if a client has installed more than one
                              Kaspersky Lab product.
                              Advantage: the optimised update process saves the administrator time.
Continuous server operation   The server does not need to be rebooted when the antivirus program is
(program does not             installed or updated. Rebooting the server is undesirable / not an option for
interrupt server operation)   most corporate networks
                              Advantage: continuous running of the server software ensures uninter-
                              rupted operation of the company’s business processes




                                                                                                   Page 131
Enterprise Sales Compendium

4.14.3. Supported platforms and third-party software

Feature                        Description

Support for Novell NSS file    The program supports the Novell Open Enterprise Server 2 platform and the
system                         Novell NSS file system.
(New!)                         Advantage: When Novell Netware users migrate to newer Novell operating
                               systems, the program provides equally effective protection.
Support for FreeBSD            The program supports current versions of FreeBSD.
(New!)                         Advantage: the program’s versatility means that it can be used in networks
                               with less conventional FreeBSD operating systems.
Support for Samba servers      The program protects Samba server (a free, open source implementation
(New!)                         of networking protocols that emulate Windows file servers and runs under
                               Linux, giving Windows clients transparent access to data stored on Linux file
                               servers).
                               Advantage: integration with Samba servers enables companies to protect
                               workstations and file servers in multi-system networks.
Support for the most popular   The program supports all the latest 32- and 64-bit Linux operating systems
Linux systems                  such as Red Hat, Fedora, SUSE, open SUSE, Debian GNU and Ubuntu.
Improved!                      Advantage: support for Linux operating systems increases the chances of
                               partners winning tenders with these kinds of requirements.



4.14.4. Certification of KAV4LFS 5.7

Title                           Details

                                In February 2009 Kaspersky Anti-Virus 5.7 for Linux File Servers / Work-
                                stations successfully passed certification tests on Red Hat Enterprise
                                Linux 5.2 platform conducted by VB-Comparatives and was awarded “VB
                                100%” certification.


Virus Bulletin (VB 100%)
Certification




Page 132
Messaging, Web, Infrastructure & Endpoint Products

4.14.5. Kaspersky Antivirus for Samba Servers
This version is replaced with KAV4LFS 8.0 which includes a Samba protection module. However, we still have
customers using KAV4Samba and followed you find the functions to be able to compare this application with
KAV4LFS 8.0

4.14.5.1. Product Information

Kaspersky Anti-Virus for Samba Server is designed to protect file storage areas on Samba Servers, which emulate
Windows file servers under the Linux operating system. Thus, Windows-based users within a heterogeneous net-
work are provided with safe and transparent access to data stored on Linux file servers. Kaspersky Anti-Virus is
easily integrated with the Samba Server and does not require the Samba Server or parts of the operating system
to be re-compiled.

4.14.5.2. Features


Feature                            Description

Real-time protection for file      The application intercepts requests for access to Samba file storage areas,
                                   analyses the files being accessed for malicious code and disinfects or de-
                                   letes infected objects. Suspicious objects are quarantined pending further
                                   analysis.
On demand file system scanning The application scans specified areas for infected and suspicious objects
                               at the specified times (or on demand). It analyses objects and disinfects,
                               deletes or quarantines objects for further analysis.
Anti-Virus scanning optimization   The iChecker™ technology significantly reduces the time required for
                                   duplicate scans of each object by only scanning those files that have been
                                   modified since the latest scan.
Quarantine                         Infected, suspicious and damaged objects detected in the file system can
                                   be moved to the quarantine folder, where they are processed according to
                                   administrator defined rules.
Backup storage                     The solution saves copies of infected objects in a backup storage area
                                   before they are treated and/or deleted, making it possible to restore an
                                   object on demand in the event that disinfection fails.



4.14.5.3. Administration and notification


Feature                            Description

Remote administration              Kaspersky Anti-Virus for Samba Server can be configured either
                                   traditionally via the application’s configuration file or using the
                                   Web interface.
Antivirus database updates         Antivirus database updates can be downloaded from Kaspersky Lab’s
                                   servers via the Internet or from local update servers on demand or au-
                                   tomatically on schedule. Administrators can choose the type of antivirus
                                   databases to be used: standard (detection of true malware only) or extend-
                                   ed (databases used to detect potentially hostile software – e.g., spyware,
                                   adware, etc.). Kaspersky Lab antivirus databases are updated hourly.




                                                                                                         Page 133
Enterprise Sales Compendium

4.14.5.4. Certifications


Title                               Description

                                    In April 2007 Kaspersky Anti-Virus 5.7 for Samba Servers successfully
                                    passed certification tests conducted by AV-Comparatives and was awarded
                                    “VB 100%” certification.

                                    http://www.virusbtn.com/
Virus Bulletin (VB 100%)
Certification


4.15. Application Environment
Since companies of all sizes increasingly using linux operation system, we need to take under consideration that
those companies have a different IT infrastructure than non-linux based environments, thus we need to under-
stand clearly the environment KAV4LFS runs in.


4.15.1. General Linux File Server
Linux operation system exists is many flavours. Until 2010 the number of different distributions is uncountable
but in mid-large enterprise companies certain distributions are used. The reason for that is simple. The enterprise
applications like Oracle Database, File Services or other general services as third party software, which requires
a specific operation system.

The three core distribution are debian, slackware and redhat. All other linux distributions are based on those
masters and had been modified or developed for certain purposes.

A typical distribution comprises a Linux kernel, GNU tools and libraries, additional software, documentation and
desktop environment, if needed. In mid-large companies, linux servers increasing and in contrast to windows
based environments the administration and maintenance is more complex. Additionally, well know windows ser-
vices and protocols do not work in linux environments. A malware protection software like KAV4LFS fits in this
environment and supports certain features which only apply to those environment and services.


4.15.2. Samba Server
A Samba server is linux based server, which has a Samba service installed on top of the operation system. Samba
is a free software re-implementation, originally developed by Australian Andrew Tridgell, of the SMB/CIFS net-
working protocol. As of version 3, Samba provides file and print services for various Microsoft Windows clients
and can integrate with a Windows Server domain, either as a Primary Domain Controller (PDC) or as a domain
member. It can also be part of an Active Directory domain.

Samba is standard on nearly all distributions of Linux and is commonly included as a basic system service on
other Unix-based operating systems as well. Samba is released under the GNU General Public License. The name
Samba comes from SMB (Server Message Block), the name of the standard protocol used by the Microsoft Win-
dows network file system.

Samba servers providing network shares via SMB/CIFS protocol to windows environments. This means this ser-
vice must be protected from malware otherwise the malware spreads in the network without knowing the source
of the malware




Page 134
Messaging, Web, Infrastructure & Endpoint Products

4.15.3. Novell Open Enterprise Server 2
The Novell Open Enterprise Server (OES) is the successor of Novell Netware 6.5. OES is based on SUSE Linux
Enterprise Server (SLES). OES was released in 2005 and had been updated to OES 2 in 2009.

Novell Open Enterprise Server is best thought of as a platform for delivery of level shared network services (file,
print, directory, clustering, backup, storage management, PKI, web applications, etc.) and common management
tools. OES can run atop either a Linux or a NetWare kernel. Clustered configurations can include nodes with ei-
ther kernel types, and most services can migrate freely between the platforms. Thus, customers can deploy the
platform selection that best suits their needs, as opposed to being locked into a single platform.

Novell executives, expect that porting these services to an OS with growing popularity and better support from
hardware and software vendors will give Novell a good opportunity to improve its business results.

OES is Novell’s reaction to two things:
• the increased significance of Linux and open-source in the company strategy and the industry in general
• the fact that it lost a lot of market share, not because the customers were dissatisfied with the quality of its
   networking services (usually it was just the opposite), but mostly because these services ran almost exclu-
   sively on top of an OS that was narrowly specialized in its initial design and didn’t get as strong support

Novell Storage Services (NSS) is a file system used by Novell. It has some unique features that make it especially
useful for setting up shared volumes on a file server. NSS is a 64-bit file storage system and may the best suited
file system for companies that need to store and maintain large volumes, numerous files, or large databases.

More important and the reason why large-enterprise companies using Novell is the fact, that Novell services are
very robust and have some advantages compared with Microsoft.


4.15.4. FreeBSD Server
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via the Berkeley Software Distribution
(BSD). It has been characterized as “the unknown giant among free operating systems”. It is not a clone of UNIX,
but works like UNIX. FreeBSD is generally regarded as reliable and robust.

FreeBSD is a complete operating system. The kernel, device drivers and all of the userland utilities, such as
the shell, are held in the same source code revision tracking tree, whereas with Linux distributions, the kernel,
userland utilities and applications are developed separately, then packaged together in various ways by others.
Third-party application software may be installed using various software installation systems

Since FreeBSD is reliable and robust large enterprise companies using it to host mission critical solutions or ap-
plications. Most competitors do not support FreeBSD at which gives us the opportunity to protect the server with
our Linux server application.




                                                                                                        Page 135
Enterprise Sales Compendium


4.16. Solution Overview

4.16.1. Deployment Scenario: Remote Deployment of KAV4LFS
One of the new features implemented in Kaspersky Antivirus 8.0 for Linux File Servers is the remote deploy-
ment abilities. This function is only available if Kaspersky Administration Kit is used and the clients are already
installed with the Kaspersky Netagent for Linux Servers.

The application is installed using the push install method. Push install allows you to remotely install applications
on specific client computers of a logical network. While starting the task, the Administration Server copies instal-
lation files from the shared folder to a temporary folder on each client computer, and runs the setup program on
these computers.

In the past, many customers have complaint that our Linux application cannot be deployed in a large en-
vironment very easy. Now with version KAV4LFS 8.0 this has changed. With the remote deployment task
the administrator get the tools to install a group of computers at once without interaction, as it was before.


                        Company Premises




                       Mail flow to and                     Remote
                     from the company                      Deployment


                            Kaspersky Administration Kit

                            Update Repository

                            Installation packages

                            Policies

                            Rules

                            Taks


                                                                                               Server




                                                      Figure 16.


The only limitation is that each node you want to install KAV4LFS on, needs to fulfil the following prerequisites.
• Node needs gcc compiler to compile kernel modules
• Node needs kernel sources or a share where the kernel sources are located
• Node needs Kaspersky Agent for Linux server

If the requirements are prepared the installation can be performed and after its complete each node needs to run
the initialization process where the license will be installed and the kernel will be compiled according the settings
made in the remote installation task.




Page 136
Application




Kaspersky Anti-Virus for Novell Netware
Enterprise Sales Compendium




Page 138
Messaging, Web, Infrastructure & Endpoint Products


4.17. Application: Kaspersky Anti-Virus
for Novell Netware (KAV4Novell)
Kaspersky Anti-Virus for Novell NetWare was expressly developed to
provide antivirus protection for file servers running under the Novell
NetWare operating system.

This product has been developed specifically for enterprises applica-
tion server and high performance servers.




4.17.1. Novell Netware File Server Security
Novell developed with NetWare a network operating system that no complex and overweighted GUI needs for
use on servers. Novell provides simple but powerful text-based menus on the command line for the configuration
since the first NetWare release. The administration of resources like printers, files and users is possible with a
client and a graphical window system and granted administrator rights. Since NetWare 6 no more client is neces-
sary for this, the configuration can be done completely on the server.

NetWare needs only low hardware requirements and has memory protection. It protects single processes from
each other and is very stable through this in operation. Virtual memory is used reliably. By IFS file systems can be
exchanged. This operating system is used for all sorts of fields of application. Use as a directory service, Internet
server, Intranet server, file server or also application server is part of it.

The first release of NetWare was 1983 for the operating system DOS. In 2005 the current version of the network
operating system Open Enterprise Server was published in different variants. Either with NetWare 6.5 kernel or
Linux kernel of the Suse Enterprise 9 server, no matter which variant is used the same services are available.

Nevertheless, due to its wide use in corporate environment, its still a target vor malware writers and hackers.


4.17.2. Definition

4.17.2.1. Main Features

•   Real-time antivirus protection
•   On-demand scans
•   Backup Copies
•   Quarantine for dangerous objects

4.17.2.2. Advanced Features

•   Centralized installation and administration using Kaspersky Administration Kit
•   Choice of management tools
•   Application performance reporting system
•   Update Management

Kaspersky Anti-Virus is based on the client-server architecture. Its server part consists of two modules: Kaspersky
Anti-Virus, dealing with antivirus functionality, and antivirus database updating, responsible for updating the an-
tivirus database and application modules. The client part consists of Snapin for ConsoleOne, a web module, and
a module for managing the application using Kaspersky Administration Kit that provide the user interface for
the application administrative services and enable the user to install the application, set it up, and manage the
server part.




                                                                                                          Page 139
Enterprise Sales Compendium


4.18. General Application Description

Features                       Description

Real-time server protection    Scans all started or modified files, then disinfects and/or deletes infected
                               objects
On-demand server scan          Successively scans the files on the server on
                               administrator’s demand or according to a schedule with user-specified
                               frequency. The antivirus application can disinfect and/or delete infected
                               objects
Anti-Virus database updating   Updates the antivirus database used to search for viruses, and distributes
                               the downloaded updates to other servers on the Novell NetWare network.
                               The database can be scheduled for automatic updating. The application
                               will download the latest updates via the Internet or the LAN and distribute
                               these among the specified servers. Prior to updating the antivirus data-
                               base on a server the program will back up all the files being modified, thus
                               making it possible to revert to the latest update if necessary
Quarantine                     Moves infected or suspicious files to a special storage location called
                               ‘quarantine’. Quarantined files can be analysed by the administrator or
                               sent to the Kaspersky Lab for examination
Event log keeping              creates detailed logs and writes the results of the on-demand server scan-
                               ning, real-time protection and antivirus database updating. The logs can
                               be viewed and printed
Backup                         Saves backup copies of any suspicious or infected files prior to disinfecting
                               or deleting them. This makes it possible to restore the data in the event of
                               disinfection, deletion failure or error
Notification                   Notifies users and administrators of finished scans, warns about found
                               dangerous objects using Novell NetWare network and by email


4.18.1. Supported Platforms and Third-Party Software

Features                       Description

Netware Support                KAV4Novell 5.7 supports:
                               Novell Netware 5.x, 6.0, 6.5




Page 140
Messaging, Web, Infrastructure & Endpoint Products

4.18.2. Administration and Notification

Features                          Description

Centralized administration with   Provides centralized administration of multiple servers from the
Kaspersky Administration Kit      Administration Kit e.g.
                                  • Create Tasks
                                  • Define Policies
                                  • Define Update Repository
Centralized administration        The ConsoleONE provides access to the server administration interface
with ConsoleONE                   and Kaspersky Snapin for ConsoleONE allows the administration of
                                  Kaspersky Anti-Virus for Novell e.g.
                                  • Configure AV scanner
                                  • Configure Update Task
                                  • Configure Scan Tasks
Server administration with the    The Web management module provides an interface to configure
Web management module             Kaspersky Anti-Virus for Novell.
                                  • Configure AV scanner
                                  • Configure Update Task
                                  • Configure Scan Tasks


4.18.3. KAV4Novell Maintenance Pack 2

Features                          Description

New scanning engine               The new scanning engine offers users the following advantages:
(New!)
                                  •   Scans 5-7 times faster than the previous version
                                  •   Consumes 50% less system resources
                                  •   No need to reinstall the application to update the antivirus engine,
                                      malware detection and treatment modules
                                  •   The latest heuristics technologies complement the conventional
                                      signature-based systems for enhanced detection performance
New Antivirus database            The new database updater offers more stability and compatibility within
Updater                           the Netware operation system.
(New!)
Minor updates                     Improvement of internal functions to increase performance, stability and
Improved!                         compatibility.




                                                                                                     Page 141
Enterprise Sales Compendium

4.18.4. Certifications

Title                      Details

                           In October 2007 Kaspersky Anti-Virus 5.7 for Novell NetWare successfully
                           passed certification tests conducted by AV-Comparatives and was award-
                           ed “VB 100%” certification.



Virus Bulletin (VB 100%)
                           Kaspersky Anti-Virus 5.0 for Novell NetWare successfully passed certifica-
                           tion of the Novell Company. Result of the multi-level testing carried out by
                           Novell experts was awarding Russian software product with a prestigious
                           “Novell Yes” certification.

                           Being certified by “Novell Yes” is the best acknowledgement of the soft-
                           ware product from the direct OS developer.
Novell Yes Certification
                           In August 2006 Kaspersky Anti-Virus 5.6 for Novell NetWare was awarded
                           “VB 100%” certification.

                           Kaspersky Labs successfully maintains its prestigious Checkmark certi-
Virus Bulletin (VB 100%)   fication awarded by West Coast Labs, an independent scientific research
                           center. The Checkmark certificate attests that Kaspersky Anti-Virus passed
                           all required tests, measuring its ability to combat malicious programs with
                           100% effectiveness.

                           “Virus Bulletin” (http://www.virusbtn.com) regularly conducts anti-virus
                           software attesting. In order to display the VB 100% logo, an anti-virus prod-
                           uct must detect all viruses from the “WildList” (http://www.wildlist.org)
                           which helps to show objectively if the anti-virus software is reliable




Page 142
Messaging, Web, Infrastructure & Endpoint Products

4.18.5. Novell Netware vs. Novell Open Enterprise Server
The table below compares features of Novell Open Enterprise Server 2 to the previous versions of Open Enter-
prise Server and NetWare. This explains clearly why Novell services are widely used.

As you can see, OES is based on SUSE Linux Enterprise Server 9 and OES2 on SUSE Linux Enterprise Server 10,
which both are now supported by Kaspersky Anti-Virus 8.0 for Linux File Server to ensure smooth migration from
Novell Netware to Novell OES looking from the malware protection perspective.

                                                               Open Enterprise             Netware


Feature                                                         v2        v1       v 6.5     v 6.0    v 5.1


Content & Application/Open Source Service
SUSE Linux Enterprise Server 9                                             O
SUSE Linux Enterprise Server 10                                  O
Mono                                                             O         O
JBoss                                                            O         O
Apache Web Server                                                O         O         O         O
Tomcat Servlet Engine                                            O         O         O         O
MySQL Database                                                   O         O         O         O
Perl Scripting Support                                           O         O         O         O
PHP Scripting Support                                            O         O         O
FTP Support                                                      O         O         O         O
SOAP Server                                                      O         O                   O
UDDI Server                                                      O         O
DNS/DHCP Servers                                                 O                   O         O
XEN Virtual Machine                                              O


Networking and Productivity Services
Novell iFolder                                                   O         O         O         O
iPrint                                                           O         O         O         O
NetStorage                                                       O         O         O         O
File Versioning                                                  O                   O
Novell Client for Windows                                        O         O         O         O        O
Novell Client for Linux                                          O         O
Novell Client for Vista                                          O
Directory-integrated DNS/DHCP Servers                            O                   O         O
Apple Filing Protocol Support                                    O
CIFS Support                                                     O
64-bit eDirectory                                                O




                                                                                                     Page 143
Enterprise Sales Compendium

                                                   Open Enterprise           Netware


Feature                                             v2       v1      v 6.5    v 6.0    v 5.1


Management Services
Domain Services for Windows                          O
Upgrade Utility                                      O
Remote Upgrades (RPM Support)                        O        O
YaST                                                 O        O
Server Consolidation Migration Utility               O        O       O
Global Directory                                     O        O       O         O       O
Directory Synchronization                            O        O       O
Multi-factored Authentication                        O        O       O
Graded Authentication                                O        O       O
Advanced Authentication Support                      O        O       O
Storage Resource Management                          O        O
Global Server Management                             O        O       O
Global Health                                        O        O       O
Auditing                                             O        O       O         O


Storage and Clustering Services
Dynamic Storage Technology                           O
Business Continuity Clustering                       O                O         O
Storage Scalability                                  O        O                 O
Native Windows Client Support for 4 GB Files         O        O       O
Native Mac OS X Client support for 4 GB Files        O        O       O
Native UNIX, Linux Client Support for 4 GB Files     O        O
Snapshot Backup                                      O                O
Fibre Channel SAN Support                            O        O       O         O
iSCSI SAN Support                                    O        O       O
Cluster Services                                     O        O       O         O
GEO Site Failover                                    O        O       O         O




Page 144
Product




Kaspersky Security for Mail Servers
Enterprise Sales Compendium




Page 146
Messaging, Web, Infrastructure & Endpoint Products


5. Product : Kaspersky Security for Mail Servers

5.1. General Introduction
Messaging security includes anti-spam, antimalware, content filtering, encryption, data loss prevention (DLP),
and information protection and control (IPC) products for messaging applications such as email, instant mes-
saging (IM), and other types of collaborative applications. Messaging security products are deployed on software,
appliance, SaaS, and virtual security platforms.

Kaspersky Anti-Virus for Mail Server product suite provides applications to protect the mail server from malware
and spam. The applications support in particular Microsoft Exchange Server and linux based mail transfer agents
(MTS).




                                                                                                       Page 147
Enterprise Sales Compendium

5.1.5.1. Anti-Spam Protection

To prevent Spam different Anti-Spam techniques are available and proofed in the market. Some of these tech-
niques have been embedded in products, services and software to ease the burden on end users and administra-
tors. None is a complete solution to the spam problem, and each has advantages and disadvantages.

Anti-Spam techniques can be broken into four broad categories:

1.   those that require actions by individuals,
2.   those that can be automated by e-mail administrators,
3.   those that can be automated by e-mail senders and
4.   those employed by researchers and law enforcement officials.

Since Anti-Spam is a quite complex topic, we will focus on those techniques implemented in our Mail Security
Product Suite. To get the full picture of Anti-Spam please have a look at http://en.wikipedia.org/wiki/Antispam .


5.1.5.2. Antivirus Protection

The email correspondence is one of the basic methods of spreading viruses. Some of the most deadly email
worms and Trojan horses can be delivered to your personal or office computer as an attached file in an e-mail. The
Email Antivirus protection service enables your email provider to scan automatically all your e-mails for viruses,
Trojan horses and worms and block them from being delivered if a threat is found. In this way, the antivirus soft-
ware installed on the server helps improve the server’s and your personal computer’s security at once.




Page 148
Messaging, Web, Infrastructure & Endpoint Products


5.2. Messaging Security Market Overview
While the messaging security market is quite broad, stable and includes companies of all sizes, web security is
still a very young market. Many companies are not aware of the benefits or the need for these types of services.
However, as web security solutions become more accessible and popular, they will in turn help drive the market
forward in the coming years.

IDC’s estimate of the growth of the worldwide messaging security market through 2013 is presented in Table be-
low. This market will grow to more than $5 billion in worldwide revenue by 2013, which translates to a compound
annual growth rate (CAGR) of 11.5% over the forecast period. Figure 2 compares the revenue distribution by plat-
form for 2008 and 2013. As you can see, hosted services and virtual security appliances represent the strongest
growth platforms for messaging security.

Source: IDC Worldwide Messaging Security 2009 - 2013 Forecast

                                                                                          2009-
                                                                             2008                     2013
                               2009    2010     2011      2012     2013                   2013
                                                                            Share (%)                Share (%)
                                                                                         CAGR (%)
Traditional Software           1435    1398     1341      1258     1126           50            -5      22,5
Virtual security appliance      52      118        216     363     525            0,6      97,7         10,5
Hardware appliance             931     1054     1183      1304     1416       28,2         11,6         28,3
Hosted service                 850     1128     1411      1667     1936       21,2         25,8         38,7
Total                          3268    3698     4151      4593     5003          100       11,5         100
Growth (%)                     12,6     13,1    12,2      10,7     8,9
                                                    Figure 17.


Worldwide Messaging Security Revenue by Platform, 2008 - 2013


                                          Forcast 03/2009
                       6

                       5

                       4
  ($ B)




                       3

                       2

                       1

                       0
                              2008          2009           2010           2011          2012         2013
          Forcast 03/2009    2,902         3,268           3,698          4,151         4,593        5,003


                                                    Figure 18.


IDC believes today’s organizations must update their messaging security solutions to stay competitive, as the
challenges of protecting the business from internal and external threats to those systems continue to escalate.

To analyse the needs of large enterprise companies we have to differentiate between certain technologies to
provide maximum protection.




                                                                                                       Page 149
Enterprise Sales Compendium


5.3. Positioning Statement
Kaspersky Security for Mail Server is a solution that protects mail servers and groupware servers from mali-
cious programs and spam. It includes five applications that protect all popular mail servers, including Microsoft
Exchange, Lotus Domino, Sendmail, qmail, Postfix and Exim. The solution can also be used to set up a dedicated
mail gateway. The solution works perfectly in companies with complex heterogeneous infrastructure. The solu-
tion is aimed at companies of all sizes, but primarily from medium to enterprise level. As the solution consists
of different applications, it can be used by different target groups. SMB – companies mainly using Microsoft
solutions, and looking for protection for Microsoft Exchange Server which performs all of the mail transfer roles;
medium and large - companies using Lotus Domino or Microsoft Exchange as a collaboration system and Linux
products as a mail relay; ISPs and Web-portals – companies using Linux solutions as a mail relay. The solution
plays an important role in providing comprehensive protection for a company’s IT infrastructure.


5.4. Kaspersky Anti-Virus for Mail Server Product Suite

5.4.1. Kaspersky Security for Mail Servers
This is a renewed product suite targeted at medium-size and enterprise customers and consisting of
five applications:

Kaspersky Security 8.0 for Exchange Servers (New!)
Kaspersky Anti-Virus 8.0 for Lotus Domino (New!)
KAV for Linux Mail Server
Kaspersky Mail Gateway
Kaspersky Anti-Spam for Linux

The previous product suite consisted of:

Kaspersky Anti-Virus for Microsoft Exchange
Kaspersky Anti-Virus for Linux Mail Server
Kaspersky Anti-Virus for Lotus/Domino
Kaspersky Mail Gateway
Kaspersky Security for Microsoft Exchange Server 2003
Kaspersky Security for Microsoft Exchange Server 2007

This year we are taking the first steps towards simplifying our solution, by Q4 2010 we will have merged all the
applications for Linux inte one and added an anti-spam module to the Lotus application.
These will be replaced by the new suite consisting of the products listed above.

5.4.2. Kaspersky Security 8.0 for Exchange Servers
The new version, KS 8.0 for Exchange Servers, replaces three old applications for Microsoft Exchange and will be:
Part of Kaspersky Security for Mail Servers which belongs to the new Business Solutions family
(former Targeted Security)
Part of KOSS 3 and KOSS 4

The previous versions, Kaspersky Anti-Virus for Microsoft Exchange, Kaspersky Security for Microsoft Exchange
Server 2003 and Kaspersky Security for Microsoft Exchange Server 2007 were available the same way as:
Part of Kaspersky Security for Mail Servers which belonged to Targeted Security
Part of KOSS 3 and KOSS 4

5.4.3. Kaspersky Anti-Virus 8.0 for Lotus Domino
The new version, KAV 8.0 for Lotus Domino, will be:
Part of Kaspersky Security for Mail Servers
Part of KOSS 3 and KOSS 4

The previous version, KAV for Lotus Domino, was available the same way as the new version is.



Page 150
Messaging, Web, Infrastructure & Endpoint Products

5.4.4. KAV for Linux Mail Server 5.6
This application has not been renewed this year, as a next step it will be a part of the new Linux Mail Security
application that we are going to launch in Q4 2011.

It will be a part of Kaspersky Security for Mail Servers and KOSS 3 and KOSS 4.

5.4.5. Kaspersky Mail Gateway 5.6
This application has not been renewed this year, as a next step it will be a part of new Linux Mail Security
application which is going to be launched in Q4 2011.

The current version will be a part of Kaspersky Security for Mail Servers and KOSS 3, KOSS 4.

Kaspersky Anti-Spam for Linux 3.0
This application has not been renewed this year, as a next step it will be a part of the new Linux Mail Security ap-
plication which is going to be launched in Q4 2011.

This application was available as a separate product, now it will be a part of Kaspersky Security for Mail Servers
and KOSS 3 and KOSS 4.


5.5. Target Markets
The difference between markets is defined by platforms and by company size.

Kaspersky Security for Mail Servers contains applications supporting the most popular mail and collaboration
platforms: Microsoft, IBM and Linux. That means it doesn’t matter which platform a client uses, we supply a sin-
gle solution that protects all of them. However, we need to know the specific differences between customers with
Microsoft, IBM and Linux mail server infrastructures.

5.5.5.1. Microsoft Exchange Server

All sizes of companies. Vertical markets are: Financial Services (25%), Educational Services (14%), Healthcare
(12%) and Government (12%)

5.5.5.2. IBM Lotus Domino

Mostly enterprise companies with complex infrastructure who need convenient docflow systems.
Vertical markets are: Financial Services (16%), Legal Services (16%) and Government (14%).

5.5.5.3. Linux Mail Server

Mostly Enterprise companies using Linux mail servers as a mail relay in addition to core mail and collaboration
systems; ISPs and Web-Portals, which use Linux mail servers as a mail relay; SMBs which are looking for an in-
expensive solution.




                                                                                                          Page 151
Enterprise Sales Compendium


Target Audience                                          Decision Makers

                                                         CEO - business decision maker. Decides on
SMB Small Level (<100 users)
                                                         IT budgeting.
Small organizations with less than 100 worksta-
tions and 1-3 servers.                               Administrators - choose products and have a strong
                                                     influence on the decision-making process, work with
These companies are characterized by limited IT      the product after purchase and take decisions
resources dedicated to IT security maintenance and regarding its renewal.
as a result, they need stable, easy-to-use and inex-
pensive solutions, which provide minimal function-
ality for protection and
administration.

For these companies, it is common to hire external
system administrators (possibly with a low level
of professional experience) for common problem
solving.
These types of companies are most vulnerable to
spam attacks because they publish their email ad-
dresses on the Internet.

SMB Medium-Level (>100 users)                            CEO - business decision maker. Decides on IT budget-
                                                         ing. Cares about the general P&L situation regarding
Medium-sized businesses with 100+ users.                 corporate IT.

For the lower part of this sector it is common to hire   Financial Director - often involved in the decision mak-
external system administrators (with high levels of      ing process instead of the CEO, decides on IT budgeting
professional experience), or dedicated system ad-        and expenses.
ministrators for common problem solving. However,
in most cases, there is no dedicated IT security         CIO/CISO - technical decision maker - takes decisions
specialist.                                              about infrastructure purchasing and development
                                                         and oversees the general corporate IT strategy. They
For the upper part of this sector it is common to        typically own the IT budget and fight for it. Cares about
have an IT department with demarcated employee           savings. Sometimes the role of CEO and CIO are under-
responsibilities (for example, some employees are        taken by the same person.
dedicated to the mail system maintenance, some to
the gateways, etc.)                                Intermediate IT personnel - IT Manager, IT Service Desk
                                                   Manager, Information and Communication Manager,
There are a lot of users in these types of compa-  Security Manager - in enterprise companies often
nies, so in most cases they will have a defined IT authorized to take decision about purchasing software
security policy.                                   applications.

SMBs will typically have less than 1000 users in the Administrators, including dedicated specialists such as
USA and less than 500 users in Europe.               mail server administrators - have a strong influence on
                                                     product choice and the decision-making process.
                                                     They work with the product after purchase and take
                                                     decisions regarding its renewal. Enterprise companies
                                                     often have administrators that are solely responsible
                                                     for supporting workstations and file servers – these
                                                     administrators also take decisions about the
                                                     procurement of security products.




Page 152
Messaging, Web, Infrastructure & Endpoint Products


Target Audience


Enterprise Level (>1000 users)

Typically large, structurally complex organizations with more than 1000 users, which generally need:

To maintain their competitive advantage by securely enhancing cross-organisational IT collaboration are high-
ly interested in regulatory compliance, measuring productivity and management reporting wish to increase
organizational effectiveness and minimize the cost of security system ownership generally undertake a tender
process for the procurement of equipment

These companies are characterized by a clear structure of responsibilities in their IT departments. Also, these
companies sometimes have complicated topologies, branches and local offices. In such cases, the IT
department structure will be complicated too, with many levels of responsibility and subordination.
Regarding IT-infrastructure, local offices could be managed by the main department, or have full local control.
In the latter case, these branches could be considered as standalone medium or large-sized companies.

For these types of organizations, the mail system could be very complex in nature. All roles and all types of
clusters could coexist within this structure.

Also, a portion of the email will come from trusted sources which will affect the number of spam and infected
messages. So, there is a requirement to check only those emails received from un-trusted sources. As a con-
sequence, there is a need to use black and white lists of senders.

Additional features is functional filling. For example, email access to the junk mail folders for recipients,
support for SNMP and support for a single management console. Companies also need highly fault tolerant
software solutions, integration with complex software programs that monitor the status of the network infra-
structure, as well as the status of critical applications installed on the organization’s machines.



•   SMBs using a Microsoft platform needing a security product to protect their Microsoft solutions with simple
    settings that ordinary system administrators are able to customize. We can offer our solution for the MS
    platform as part of the KOSS 3 and KOSS 4 bundle and as a separate solution for the protection of corporate
    mail servers
•   Enterprise companies, (e. g. financial, legal and governmental organizations) using IBM solutions as a base
    for their corporate workflow. They have complex infrastructure, have dedicated IT specialists for supporting
    different IBM Lotus Domino Server solutions. Such companies always need high performance mail servers
•   Enterprise companies (e. g. governmental and educational organizations, large corporations) that have
    heterogenic infrastructure often distributed worldwide and including both Windows and Linux mail servers.
    Linux mail server may be placed between the external traffic and internal corporate mail system which may
    be based on a Microsoft solution and play a mail relay role. Linux mail servers require high performance and
    don’t need advanced functionality, only such basic functions as antivirus and anti-spam protection, backup
    and a logging system
•   ISPs, web portals and carriers, providing mail services, producing large volumes of mail traffic, mostly with a
    Linux server based infrastructure due to its high productivity
•   KOSS 1 and KOSS 2 users worldwide. Current customers of KOSS1 and KOSS2 who need mail server protec-
    tion, but didn’t bother with it because our previous products didn’t support their mail server platforms. Now
    they may want to buy the new version of Kaspersky Security for Mail Servers because of the new product
    features, e.g. The Anti-Spam module for Microsoft Exchange Server protection and the chance to upgrade to
    KOSS 3 or to KOSS 4 when they are ready to renew




                                                                                                        Page 153
Enterprise Sales Compendium


5.6. Customer problems and value proposition

5.6.1. Customer problems and needs
•   Customers need protection for the latest versions of mail server platforms - when they upgrade their mail
    server or buy a new one they want up-to-date server solutions. The new version of Kaspersky Security for
    Mail Servers protects the latest versions of Microsoft Exchange Server and IBM Lotus Domino
•   SMB customers want to filter out malware and spam in their mail traffic to create a comfortable business
    environment for the company’s users
•   Enterprise customers often have complex heterogeneous network infrastructure and require a single solu-
    tion that protects different platforms on the same network
•   ISPs need to protect their customers’ traffic from spam and digital threats. They also need easy-to-configure
    and easy-to-deploy solutions due to their often complex and comprehensive network infrastructure
•   Our partners need flexible solutions for mail server protection if they are to tender successfully - both for cli-
    ents that want to protect certain mail servers and for companies that have heterogeneous infrastructure and
    demand solutions for other platforms / levels, or prefer a single security vendor approach
•   Two important criteria when choosing mail server protection products are reliability and high performance.
    Product reliability ensures uninterrupted operation of the company’s business processes. High performance
    allows the effective execution of business processes

5.6.2. Value Statement
•   Kaspersky Lab’s solution covers all the main mail server platforms – Microsoft Exchange, Lotus Domino and
    Linux. In the new version of Kaspersky Security for Mail Servers, we support the latest versions of the Micro-
    soft and Lotus platforms
•   Kaspersky Lab offers highly effective solutions for medium and enterprise level customers with complex or
    heterogeneous network infrastructure – protection for Microsoft Exchange Servers, Lotus Domino and Linux
    mail servers
•   Our solution is easy to use and provides effective network security management. It allows the productivity of
    IT staff to be increased
•   The product’s solid design provides the customer with the necessary confidence to use it under heavy load
    conditions, safe in the knowledge that it won’t slow the system down or otherwise interfere with business
    operations
•    Any medium-sized SMB or enterprise can consider the solution as the answer to all of their problems. The
    solution gives very robust information protection due to the use of Kaspersky Anti-Virus and Anti-Spam tech-
    nologies
•   Kaspersky Lab offers a complete range of solutions. From endpoint, network infrastructure, mail and web
    security solutions through to technical support services and beyond




Page 154
Messaging, Web, Infrastructure & Endpoint Products


5.7. Competitive Analysis
All of Kaspersky Lab’s key competitors have a security solution for mail servers, mainly separate products for
each mail server platform type.

Below we have a high-level key feature comparison table showing KAV for FS applications against similar com-
petitive products. Historically, mail protection has not been Kaspersky Lab’s flagship solution. At this stage in
Kaspersky Security for Mail Server’s evolution the solution contains just a basic set of features. Despite not
having any unique features in our solution, we can compete using our traditional strengths which are our high
AV and AS detection rates. In the latest edition we support the newest versions of the platforms (except Linux
applications) and this allows us to upgrade existing clients to the latest version and attract new customers too.
With the next generation product (Engine 9.0) we are going to have some unique advantages which will allow us
to lead this particular market segment. At present we have to concentrate on highlighting not only the product’s
features, but the associated business benefits that we can offer too.

The competition is different in different regions, but technically, the most powerful competitor is Symantec. Its
worldwide market share of messaging security software is about 29%. The next significant players are Trend Mi-
cro, McAfee and Microsoft. They have about 57% of the total software security market (IDC, 2009), and Kaspersky
Lab has only 0.5%.

With Microsoft Exchange Server protection, our competitive edge comes from a Kaspersky Lab engine being
installed in Microsoft Forefront. Even though Microsoft Forefront uses our own OEM engine, we assume that a
dedicated solution from Kaspersky Lab would appeal strongly to discerning customers who want a dedicated so-
lution from a well-known security vendor. Moreover, the KAV engine used by Microsoft Forefront is older and less
advanced than the new AV 8.0 engine.

5.7.1. Key feature comparison: KS 8.0 for Exchange versus Top-5 rivals

                                           Syman-                     McAfee                        Microsoft
                                                                                       ESET
                          Kaspersky        tec Mail     Trend Micro GroupShield                     Forefront
                                                                                     NOD32 for
Features/                Security 8.0    Security for   ScanMail for 7.0.2 for                      Protection
                                                                                     Microsoft
Competitors              for Microsoft    Microsoft      Exchange    Microsoft                       2010 for
                                                                                     Exchange
                           Exchange       Exchange         Server    Exchange                       Exchange
                                                                                     Server 4.2
                                             6.0                       2010                           Server


Anti-Virus                     V              V             V              V             V              V

Anti-Spam                      V              V             V              V             V              V

Content filtering              X              V             V              V             X              V

DAG compatible                 V            V (+)           V              V             V              V

Reports                        V              V             V              V             X              V

Statistics                     V              V             V              V             V              V

Centralized
                               X              V             V              V             X              V
management
Supported for Micro-
                               V              V             V              V             V              V
soft Exchange 2010
Support for
                               V              V             V              V             V              V
Windows 2008 R2
Role based
                               X              V             V              X             X              X
administration



                                                                                                       Page 155
Enterprise Sales Compendium

5.7.2. Key feature comparison: KAV 8.0 for
Lotus Notes Domino versus Top-3 rivals

                                          Symantec       Trend Micro        McAfee
Features/                 KAV 8.0 for
                                         Mail Security   ScanMail for     GroupShield
Competitors              Lotus/Domino
                                         for Domino        Domino         for Domino

Anti-Virus protection           V             V               V                 V

Anti-Spam protection            X             V               V                 V

Content filtering               X             V               V                 V

Web interface                   V             X               X                 V

Reports                         V             V               V                 V

Statistics                      V             V               V                 V

Centralized management          X              V              V                 V

Support for
                                V             V               V                 X
IBM Lotus Domino 8.5.x

Support for Linux               V             V               V                 X



5.7.3. Key feature comparison: KAV for Linux Mail
Solutions versus Top-2 rivals

                                                                        Trend Micro Inter-
Features/                                                 Symantec
                                         KAV for Linux                   Scan Messaging
Competitors                                               Brightmail
                                                                          Secutiry Suite

Anti-Virus protection                          V              V                 V

Anti-Spam protection                           V              V                 V

Content filtering                              X              V                 V

Reports                                       V*              V                 V

Statistics                                     V              V                 V

Centralized management                         X              V                 V

Active Directory/LDAP                          X              V                 V




Page 156
Messaging, Web, Infrastructure & Endpoint Products


5.8. Key Product Features and Benefits

5.8.1. Key features: KS 8.0 for Microsoft Exchange
KS 8.0 for Exchange Servers provides anti-malware and anti-spam protection of messaging traffic and public
folders (for actual MS Exchange Server platforms).

The new version has to include such in-demand features as: anti-spam, Exchange 2010 and Windows 2008 R2
support. As a minimum, these features allow the product to be competitive based on its AV and AS detection
rates, tender flexibility and leverage of our existing Endpoint distribution channels.

Our solution for MS Exchange is not an independent solution but an add-on for that platform. So our customers
are those that use that platform and who want to protect their mail systems (incl. SMB and Enterprise) and our
market share is a subset of the installed base of that platform.

KS 8.0 for Exchange Servers protects mailboxes, public folders and relayed email going through Microsoft Ex-
change Server 2007 and 2010 against malicious programs and spam. The application’s integration with the Mi-
crosoft Exchange Server ensures effective detection and removal of viruses and spam, creating a barrier to their
penetration of the corporate network. This product is available as part of Kaspersky Security for Mail Servers from
the Kaspersky Targeted Security range and is for companies that choose to protect certain critical units. It is also
available as a part of the KOSS 3 and 4 product suites for companies that demand solutions for other platforms/
levels, or prefer a single security vendor approach.

5.8.1.1. Main features

•   Intelligent detection and effective anti-spam protection (New!) (compared with the Kaspersky Security for
    Microsoft Exchange Server 2007 version)
•   Real-time antivirus protection
•   Support for Microsoft Exchange 2010 (New!)
•   Support for Microsoft Windows 2008 R2 (New!)
•   Optimal utilization of system resources (New!)
•   Classification of incoming messages
•   On-demand scans
•   Creation of backup copies
•   Flexible scan configuration
•   Scalable and fault tolerant
•   Regular updates of anti-spam and antivirus databases
•   Support for server clusters
•   Administration via the Microsoft Management Console (MMC)

5.8.1.2. Advanced features

•   Application performance reporting system
•   Notification system
•   Logging system
•   Detailed reports

5.8.2. Key features: KAV 8.0 for Lotus Notes Domino
KAV 8.0 for Lotus Domino provides anti-malware protection of messaging traffic, database files, their replications
and documents.

The new version supports the new platform (Lotus Domino 8.5.x) and also provides Linux support. As a minimum,
these features allow the product to be competitive based on its AV detection rate, tender flexibility and leverage
of our existing Endpoint distribution channels. Our solution for Lotus Domino is not an independent solution but
an add-on for that platform. So our customers are those that use that platform and who want to protect their
mail systems (incl. SMB and Enterprise) and our market share is a subset of the installed base of that platform.
If a customer already has a Lotus system installed, KAV will be a “door opener” for other Kaspersky Lab security
products. It’s a considerable opportunity for us.



                                                                                                         Page 157
Enterprise Sales Compendium

5.8.2.1. Main features

•   Permanent antivirus protection for documents
•   On-schedule scanning of emails, databases, documents and other objects
•   Support for Lotus Domino 8.5.x (New!)
•   Support for Linux (Red Hat 4.х, 5.x and SLES 9, 10.x, 11.x) (New!)
•   Distributed management of server protection parameters (New!)
•   Simple mechanism for updating databases (New!)
•   Role-based administration (New!)
•   Backup copies (Quarantine)
•   Flexible configuration of protection parameters
•   Regular updates of antivirus databases
•   Scalable and fault tolerant
•   Administration via a web interface

5.8.2.2. Advanced features

Group management of antivirus policies (New!)
Logging system
Reporting system
Message tagging and notification system (New!)


5.8.3. Key features: Kaspersky Anti-Virus for Linux Mail Server

5.8.3.1. Main features

•   Permanent antivirus protection
•   Customizable notifications
•   Quarantine and Backup
•   File server scanning
•   Message filtering
•   Flexible management
•   Remote administration
•   Hourly updates of antivirus databases
•   Scalable settings

5.8.4. Key features: Kaspersky Mail Gateway

5.8.4.1. Main features

•   Antivirus scanning
•   Spam filtering
•   User notification
•   Quarantine
•   Message filtering
•   Protection of the server against unauthorized access
•   Flexible management
•   Remote administration
•   Regular updates of anti-spam and antivirus databases
•   Flexible scan configuration
•   Reporting system




Page 158
Messaging, Web, Infrastructure & Endpoint Products

5.8.4.2. Key features: Kaspersky Anti-Spam

•   List-based filtration
•   SPF and SURBL technologies
•   Analysis of formal attributes
•   Signature analysis.
•   Linguistic heuristics
•   Graphical spam detection
•   Real-time UDS requests
•   Flexible management
•   Management of user groups
•   Options for processing spam
•   Detailed reports
•   Updating databases on schedule


5.9. Key Product Benefits
5.9.1. Business benefits for customers
•   Business productivity: mail traffic protected from spam and malware creates a comfortable business
    environment for the company’s users
•   Business reputation support: scanning of outgoing mail and document traffic provides a guarantee that
    a company’s mail traffic is free of malware and spam
•   Product reliability: The product provides stable, uninterrupted protection for mail and documents
•   Versatility: The product ensures effective mail and document protection for large companies with complex
    network infrastructures, including multi-platform server networks
•   Efficiency: The product protects data whilst minimizing server loading
•   Effective use of IT personnel: A user-friendly interface, flexible administration and straightforward configura-
    tion and reporting systems reduce the amount of time IT personnel have to spend working with the product
•   Client-oriented technical support: Kaspersky Lab’s in-house technical support team is there to provide round-
    the-clock assistance. Bespoke support programs for large companies guarantee fixed response times and
    quick solutions to any problems that arise

5.9.2. Customer benefits for IT- specialists
•   Support for the latest version of popular mail and collaboration platforms: protection for mail servers running
    Microsoft Windows Exchange, IBM Lotus Domino and Linux
•   High performance: A new antivirus engine, load balancing of server resources, optimised antivirus scanning
    technology and the exclusion of trusted processes from scanning all increase the product’s performance and
    lower the amount of computing resources required to perform antivirus scans
•   Reliability: In the event of a malfunction or forced shutdown, the application’s automatic restart ensures sta-
    ble system protection while the diagnostics system determines the cause of the malfunction
•   Powerful manageability and reporting system: Simple and user-friendly management tools, information
    about a server’s protection status, flexible time settings for scans and a comprehensive reporting system
    provide efficient control of file server security
•   Customer-focused technical support: Kaspersky Lab provides standard high quality technical support ser-
    vices on a 24x7 basis and additionally offers a Business Support Program and an Enterprise Support Pro-
    gram which include four service categories: product improvement and innovation, proactive and self-help
    services, knowledge transfer and problem resolution
•   Reduction of traffic load: Kaspersky Security for Mail Servers significantly reduces the traffic load on complex
    mail networks where it is installed as a mail relay




                                                                                                         Page 159
Enterprise Sales Compendium

5.9.3. Benefits for partners
•   Healthy margins: Kaspersky Lab gives partners an excellent opportunity to generate high earnings from the
    sale of its products, offering a flexible discount system and favourable partnership conditions
•   Reliable vendor: Kaspersky Lab is a reputable company demonstrating impressive yearly growth
•   Strong brand: The Kaspersky Lab brand is recognized worldwide as a provider of high-end IT security solu-
    tions. Its strong reputation for excellence in the home user market has been the catalyst for the success of
    its new products in the corporate sector
•   Advanced technology: Kaspersky Lab develops solutions based on its own innovative technologies and its
    products consistently demonstrate some of the best results in the field of IT security
•   Marketing support for sales: Kaspersky Lab offers marketing support to partners and runs regular training
    sessions to inform partners about its products
•   Assistance with tendering: Kaspersky Lab offers support to partners throughout the entire tendering process
    to ensure that our partners’ bids are successful
•   Customer-focused technical support – Kaspersky Lab provides standard high quality technical support ser-
    vices, and additionally offers a Business Support Program and an Enterprise Support Program, which include
    four service categories: product improvement and innovation, proactive and self-help services, knowledge
    transfer and problem resolution. High-quality technical support provided by the vendor helps partners to
    strengthen the brand’s reputation from a customer perspective
•   Multi-solution vendor – Kaspersky Lab has a wide range of corporate products and can offer anti-malware
    protection solutions for all types of corporate network nodes

5.10. Market Share Forecast
Assumption:

•   The worldwide installed base of on-premises email and collaboration mailboxes has reached 450 million ac-
    counts in 2009 and will increase to 621 million by year-end 2013. This represents an average annual growth
    rate of 8% over the next four years
•   IDC estimates the size of the messaging security software market to be about 1504.2 $M in 2010
•   According to IDC’s estimations, the messaging security software market is reducing due to messaging secu-
    rity SaaS growth and will be 5% less in 2013
•   Our present market share of the messaging security market is 0.5% (IDS estimations, without KOSSs)
•   Our sales are forecast to grow based on the assumption that we will launch new products and will catch up
    with the competition through an aggressive marketing campaign
•   Our goal is to reach a 5% market share by 2014




Page 160
Messaging, Web, Infrastructure & Endpoint Products


5.11. Microsoft Exchange Market Overview
Based on the Radicati study “Microsoft Exchange Server and Outlook Market Analysis 2010-2014”, in 2010,
Microsoft Exchange Server will have a worldwide installed base of 301 million mailboxes, and is expected to
reach 470 million by 2014. This represents an average annual growth rate of 12%.

Currently, On-Premises Microsoft Exchange Server deployments account for the majority of worldwide Microsoft
Exchange Server mailboxes. In 2010, On-Premises Microsoft Exchange Server deployments represent 76% of
worldwide Microsoft Exchange Server mailboxes. By 2014, On-Premises Microsoft Exchange Server mailboxes
are expected to account for 72% of deployments as demand shifts to Hosted Exchange services.

Microsoft Exchange Server 2007 is currently the most deployed version of Microsoft Exchange Server, accounting
for 44% of worldwide On-Premises Exchange deployments in 2010, but will gradually decline over the next four
years in favour of the newly released Microsoft Exchange Server 2010.

Released in November 2009, Microsoft Exchange Server 2010 builds on top of the high availability and unified
messaging components of Microsoft Exchange Server 2007, and introduces out-of-the-box archiving capabili-
ties. By 2014, we expect that Microsoft Exchange Server 2010 will account for 57% of total Exchange deploy-
ments. However, uptake of Microsoft Exchange Server 2010 will be gradual, mainly due to the current cautious
economic situation, as well as general organizational inertia in moving to new systems.

Worldwide Microsoft Exchange Server installed base by mailbox type, 2010 vs. 2014

                             2010                                                    2014
                   4%
                        9%                                                      9%
                              15%                                                      19%
                                      Managed Exchange
                                                                                             Managed Exchange
                                      Hosted Exchange
                                                                                             Hosted Exchange
                                      On‐Premises Exchange                72%
             72%                                                                             On‐Premises Exchange
                                      Other




                                                             Figure 19.




                                                                                                          Page 161
Enterprise Sales Compendium

Accordingly, the amount of mailboxes on those Microsoft Exchange Servers will increase as well. Radicati stud-
ies show clearly that the number of active mailboxes worldwide is expected to increase from over 2.9 billion in
2010 to over 3.8 billion by year-end 2014. This represents an average annual growth rate of 7% over the next
four years. In 2010, the number of email users worldwide is nearly 1.9 billion. This figure is expected to increase
to nearly 2.5 billion by year-end 2014.

The average number of mailboxes per user is expected to stay roughly at 1,6 mailboxes per user over the next
four years.


                                      Worldwide Active Mailboxes, 2010 ‐ 2014
                                                    4,5
                                                      4
                                                    3,5
                                                      3
               in Million




                                                    2,5
                                                      2
                                                    1,5
                                                      1
                                                    0,5
                                                      0
                                                          2010              2011   2012     2013          2014
                            Worldwide Active Mailboxes    2,925            3,146   3,375    3,606         3,843
                            Worldwide Email Users         1,879            2,024   2,172    2,317         2,463


                                                                      Figure 20.


Besides the amount of active mailboxes Radicati had a closer look at the distribution of business and consumer
mailboxes. In 2010, Consumer mailboxes total nearly 2.2 billion mailboxes, representing 75% of all worldwide
mailboxes. This figure is expected to reach over 2.9 billion mailboxes by year-end 2014. Corporate mailboxes
will account for 729 million mailboxes in 2010. Over the next four years, this figure is expected to increase at an
average annual rate of 8%, totalling 991 million mailboxes by 2014.

                                   2010                                                         2014

                                        25%                                                         26%


                                                          Corporate                                               Corporate

               75%                                        Consumer                    74%                         Consumer




                                                                      Figure 21.


To determine the industry Kaspersky Security for Mail Server is addressing to, we have to take under considera-
tion the numbers by Radicati Group, which shows that the majority of Microsoft Exchange Server seats are in the
Financial Services industry, which accounts for 25% of Microsoft Exchange Server deployments. These organiza-
tions require a secure email platform, and often deploy an archiving and compliance solution in order to comply
with government rules and regulations – all of which are readily available, either natively or through a third party
vendor, for Microsoft Exchange Server.




Page 162
Messaging, Web, Infrastructure & Endpoint Products

The Education Services sector accounts for 14% of Microsoft Exchange Server deployments. Microsoft has re-
cently made a stronger push in the Education Sector with its Live@EDU offering, a free hosted service based on
Microsoft Exchange Server 2010 that provides email for students and faculties via Microsoft Outlook Web App
(OWA).

The Government Services and Healthcare Services sectors, each represent 12% of Microsoft Exchange Server
deployments.



                                                                                     Financial Services
                                                                                     Education Services
                                                                                     Healthcare
                                                                                     Government
                                                                                     Legal & Professional Services
          Top Industry
                                                                                     Manufacturing
                                                                                     Other
                                                                                     Utilities
                                                                                     Telecom
                                                                                     Retail & Hospitality
                         0%          5%   10%        15%           20%       25%

                                                                Figure 22.



5.11.1. Microsoft Exchange vs. Competitors
Currently Microsoft Exchange Server leads the on-premises Email and Collaboration market with a 42% market
share. Over the next four years, Microsoft’s market share is expected to increase to 48%.


                              2010                                                               2014


                                 42%
                                                                                                        48%
                                                                               52%
          58%                              Microsoft Exchange                                                 Microsoft Exchange
                                           Others                                                             Others




                                                                Figure 23.


Nevertheless, Microsoft faces a number of competitors in the on-premises market.
The top competitors are:

•   IBM Lotus Software: IBM Lotus Notes/Domino is the primary competitor to Microsoft‟s Exchange Server. The
    company is currently ranked second behind Microsoft Exchange Server in terms of both installed base and
    revenue market share.

•   Novell: Novell has positioned itself as a top player in the corporate email market with its flagship Novell
    GroupWise email platform. In recent years, the company has shifted its focus towards the emerging corpo-
    rate Linux market. Novell trails both Microsoft and IBM Lotus Software in the corporate email software space.

•   Niche Email Vendors: The On-Premises Email and Collaboration market is crowded by a host of small mes-
    saging software vendors that target niche markets and SMBs. These vendors are increasingly gaining pen-
    etration into the SMB space, as they provide secure, feature-rich messaging and collaboration platforms for
    businesses at attractive price points. Some notable companies in this space include: Alt-N Technologies,
    CommuniGate Systems, Ipswitch, Gordano, Zimbra, and others.


                                                                                                                        Page 163
Enterprise Sales Compendium


To mention just some of Microsoft’s competitors and to close the picture, the list below lists those competitors.


Vendor                                                   Solutions

Alt-N Technologies                                       Mdaemon
CommuniGate Systems                                      MessagePlus, VoicePlus
Gecad Technologies                                       AXIGEN
Gordano                                                  Gordano Messaging Suite
IBM                                                      IBM Lotus Notes
IceWarp                                                  IceWarp Server
Ipswitch                                                 IMail Server
Kerio Technologies                                       Kerio MailServer
MailSite Software                                        MailSite Fusion
Mirapoint                                                Mirapoint Messaging Server
Novell                                                   GroupWise
Open-Xchange                                             Open-Xchange
Sun Microsystems                                         Sun Java Communication Suite
Zimbra (VMWare)                                          Zimbra Collaboration Suite



5.11.1.1. Microsoft Exchange market shares by region and sector

Kaspersky addresses with the Mail Protection Suite the global market and based on Radicati numbers in 2010,
Asia/Pacific leads all regions with 36% of worldwide On-Premises Microsoft Exchange Server mailboxes. This
figure is expected to increase to 38%, by 2014, due to the fast growth in this region.

North America follows the Asia/Pacific region, with 27% of worldwide On-Premises Microsoft Exchange Server
mailboxes in 2010. Due to the relative market saturation in this region, North America’s market share is expected
to account for only 24% over the next four years.

Europe accounts for 25% of worldwide On-Premises Microsoft Exchange mailboxes in 2010. However, this figure
is expected to represent a 23% market share by 2014.

Rest of the World has a relative market share of 11% in 2010. By 2014, this figure is expected to represent to 15%
of worldwide On-Premises Microsoft Exchange mailboxes.




Page 164
Messaging, Web, Infrastructure & Endpoint Products


                                               Microsoft Exchange by Region 2010‐2014
                                     140

                                     120

                                     100
          Installed Bases




                                       80

                                       60

                                       40

                                       20

                                           0
                                                  2010     2011                2012   2013   2014
                            North America          63       67                  71     75     81
                            Europe                58        62                 67     72     78
                            Asia/Pacific          83        93                 106    117    129
                            Rest of World         26        30                 36     41     49

                                                                  Figure 24.


Based on the results of Microsoft Exchange usage by region, the distribution by business size shows also clearly
that large enterprise companies are growing much faster than small companies.

Radicati Group defines business size according to the following scale:
• Small (1 - 100 Employees)
• Medium (101 - 1,000 Employees)
• Large (1,001 - 10,000 Employees)
• Very Large (Over 10,000 Employees)

In 2010, Large businesses lead all businesses sizes, accounting for 33% of on-premises Microsoft Exchange
mailboxes. This figure will increase to 37% over the next four years.

Medium-sized businesses will trail Large businesses, accounting for 30% of on-premises Microsoft Exchange
Server mailboxes in 2010. By 2014, Medium-sized businesses will represent a 25% market share. As cloud com-
puting matures, we expect many Medium-sized businesses to move from an on-premises messaging platforms
to a hosted solution.

Very Large businesses will account for a 24% of On-Premises Microsoft Exchange Server mailboxes in 2010. Very
Large businesses tend to have highly complex IT infrastructures that require on-premises messaging platforms.
In the future, Very Large businesses will continue to retain most of their messaging services on-premises. By
2014, Very Large businesses will account for 25% of On-Premises Microsoft Exchange Server mailboxes in 2014.




                                                                                                      Page 165
Enterprise Sales Compendium

Small businesses have the smallest portion of on-premises Microsoft Exchange Server mailboxes in 2010,
accounting for only 13% of on-premises Microsoft Exchange mailboxes. This figure is expected to fall to 12% by
2014, due to the growing number of Small businesses migrating to Microsoft Hosted Exchange services as a
cost-effective alternative to deploying Microsoft Exchange Server in-house.


                                               On‐Premises Exchange by 
                                                    Business Size
                     400
                     350
                     300                                                              On‐Premises Mailboxes
                     250
           Million




                                                                                      Medium (101‐1.000 Employees)
                     200
                     150                                                              Large (1.001‐10.000 Employees)
                     100
                     50                                                               Very Large (10.001+ Employees)

                      0
                               2010     2011      2012    2013          2014

                                                           Figure 25.


Besides the increasing number of mailboxes the shares by business size are shifting. The large enterprise market
will grow faster while the medium enterprise market share will decrease.



                                             On‐Premises Exchange by
                                               Business Size Shares
                              40%
                              35%
                              30%
                              25%                                                                % Small
                      Share




                              20%                                                                % Medium
                              15%                                                                % Large
                              10%                                                                % Very Large
                              5%
                              0%
                                      2010      2011     2012      2013        2014


                                                           Figure 26.


Besides the forecast of the world wide market development, the different regions develop differently.




Page 166
Messaging, Web, Infrastructure & Endpoint Products

North American Microsoft Exchange Server mailboxes by business size.



                                         North American Exchange by 
                                                Business Size
                         35
                         30
                                                                       Small (1‐100 Employees)
                         25
                         20
               Million




                                                                       Medium (101‐1.000 Employees)
                         15
                         10                                            Large (1.001‐10.000 Employees)

                         5
                                                                       Very Large (10.001+ Employees)
                         0
                               2010   2011    2012   2013    2014

                                                        Figure 27.


North American Microsoft Exchange Server mailboxes by business size shares.



                                      North American Exchange by
                                          Business Size Shares
                         40%
                         35%
                         30%
                                                                                        % Small
                         25%
               Shares




                         20%                                                            % Medium
                         15%                                                            % Large
                         10%                                                            % Very Large
                          5%
                          0%
                                  2010       2011    2012       2013   2014

                                                        Figure 28.


European Exchange Server mailboxes by business size.



                                              European Exchange by 
                                                  Business Size
                         35
                         30
                                                                       Small (1‐100 Employees)
                         25
                         20
               Million




                                                                       Medium (101‐1.000 Employees)
                         15
                         10                                            Large (1.001‐10.000 Employees)

                          5
                                                                       Very Large (10.001+ Employees)
                          0
                               2010   2011    2012   2013    2014

                                                        Figure 29.




                                                                                                        Page 167
Enterprise Sales Compendium

European Microsoft Exchange Server mailboxes by business size shares.



                                             European Exchange by
                                              Business Size Shares
                         40%
                         35%
                         30%
                                                                                        % Small
                         25%
               Shares




                         20%                                                            % Medium
                         15%                                                            % Large
                         10%                                                            % Very Large
                          5%
                          0%
                                  2010       2011    2012       2013   2014

                                                        Figure 30.


Asia/Pacific Exchange Server mailboxes by business size.



                                             Asia/Pacific Exchange by 
                                                  Business Size
                         60

                         50                                            Small (1‐100 Employees)
                         40
               Million




                                                                       Medium (101‐1.000 Employees)
                         30

                         20                                            Large (1.001‐10.000 Employees)
                         10
                                                                       Very Large (10.001+ Employees)
                         0
                               2010   2011    2012   2013    2014

                                                        Figure 31.




Page 168
Messaging, Web, Infrastructure & Endpoint Products

Asia/Pacific Microsoft Exchange Server mailboxes by business size shares.



                                         Asia/Pacific Exchange by
                                           Business Size Shares
                         50%

                         40%
                                                                                         % Small
                         30%
               Shares




                                                                                         % Medium
                         20%                                                             % Large
                         10%                                                             % Very Large

                          0%
                                  2010       2011     2012       2013   2014

                                                         Figure 32.


Rest of World Exchange Server mailboxes by business size.



                                             Rest of World Exchange by 
                                                    Business Size
                         20

                                                                        Small (1‐100 Employees)
                         15
               Million




                                                                        Medium (101‐1.000 Employees)
                         10

                                                                        Large (1.001‐10.000 Employees)
                         5
                                                                        Very Large (10.001+ Employees)
                         0
                               2010   2011     2012   2013    2014

                                                         Figure 33.


Rest of World Microsoft Exchange Server mailboxes by business size shares.



                                         Rest of World Exchange by
                                            Business Size Shares
                         35%
                         30%
                         25%
                                                                                         % Small
                         20%
               Shares




                                                                                         % Medium
                         15%
                                                                                         % Large
                         10%
                                                                                         % Very Large
                          5%
                          0%
                                  2010       2011     2012       2013   2014

                                                         Figure 34.




                                                                                                         Page 169
Enterprise Sales Compendium

5.11.1.2. Microsoft Exchange market share by version

In the migration phase within the different version of Microsoft Exchange Server, Radicati Group forecasts that
the in 2014 Microsoft Exchange 2010 will have a market share of 57%.

Released in November 2009, Microsoft Exchange Server 2010 builds on top of the high availability and unified
messaging components of Microsoft Exchange Server 2007, and also introduces out-of-the-box archiving capa-
bilities. Only organizations currently on Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007
can transition directly to Microsoft Exchange Server 2010. By 2014, we expect uptake of Microsoft Exchange
Server 2010 to reach 192 million mailboxes, accounting for 57% of total Exchange deployments. However, initial
uptake of Microsoft Exchange Server 2010 will be slow, due mainly to the current economic situation and the
general inertia with which organizations adopt new solutions.



                                             Worldwide Exchange Server
                                              installed base by Version
                         400
                         350                                                    Exchange Server 2000 (&
                         300                                                    Earlier)
                         250                                                    Exchange Server 2003
               Million




                         200
                         150                                                    Exchange Server 2007
                         100
                          50                                                    Exchange Server 2010
                          0
                                2010      2011     2012    2013       2014      On‐Premises Mailboxes

                                                                 Figure 35.




                                         Worldwide Exchange Server
                                       installed base by version / share
                          60%
                          50%
                          40%                                                                 % Exchange 2000
                 Shares




                          30%                                                                 % Exchange 2003

                          20%                                                                 % Exchange 2007
                                                                                              % Exchange 2010
                          10%
                           0%
                                   2010          2011     2012        2013    2014

                                                                 Figure 36.




Page 170
Messaging, Web, Infrastructure & Endpoint Products


5.12. IBM Lotus Notes Domino Market Overview
5.12.1. General Overview
IBM Corporation is a leading global developer of enterprise technologies, including computer and storage sys-
tems, software, and microelectronics. The company was founded in 1910, and today employs approximately
400,000 workers worldwide. IBM Lotus Software was founded in 1982 as Lotus Development Corporation, and
originally focused on productivity software for enterprise users. The company initially found success with its Lotus
1-2-3 spreadsheet application. Lotus Software entered the corporate email market in 1989, with the release of
Lotus Notes, the precursor to IBM‟s Lotus Domino/Notes platform. In 1995, IBM acquired Lotus Software and
renamed it to IBM Lotus. Today, IBM Lotus is an integral part of IBM‟s Software division, which also includes Ra-
tional Software, Tivoli Software, WebSphere, and Information Management Software.

IBM Lotus Domino is IBM Lotus‟ premier corporate messaging platform. The platform supports multiple operating
systems, including Microsoft Windows (up to Windows 7), IBM AIX, Apple OS X (up to Snow Leopard), Sun Solaris,
as well as multiple Linux distributions, such as Red Hat and Novell SUSE Enterprise, and IBM‟s proprietary Sys-
tem i5/OS and System z/OS. IBM Lotus Domino 8.5 is the last major release of Lotus Domino. The main focus
of this release was to prolong server life and as well as numerous optimization and performance improvements
focused on increasing storage space, reducing I/O loads on hard drives, and maximizing CPU usage. These im-
provements help drive down Total Cost of Ownership (TCO). Lotus Domino 8.5 also came with the Domino Con-
figuration Tuner, which analyses a Lotus Domino deployment, and suggests multiple configurations to optimise
the performance of the server. Finally, Lotus Domino 8.5 offers Domino Designer on a non-production basis for
free, allowing developers to experiment with Domino Designer at no additional cost. The most recent release,
IBM Lotus Domino 8.5.1, includes upgrades to XPages and Domino Designer. This makes it easier for designers
to modify and streamline the Domino client through integrated widgets and applications. Another major update
was greater capacity to access the Domino server through off-premise portals, such as Web browsers and mobile
apps. IBM Lotus Domino is primarily used by Large and Very Large businesses, as its depth of functionality make
it a better fit for large enterprises.

5.12.2. Messaging
Since Lotus Domino 8.5, IBM has utilized tools such as the Lotus Domino Attachment and Object Service (DAOS),
which gets rid of redundant attachments and sources all inquiries into a single copy of an attachment. This saves
disk space and reduces CPU usage for specified tasks. IBM Lotus Domino also boasts a multitude of file com-
pression services in order to optimise storage space and reduce I/O. IBM has also upgraded the speed of email
delivery and optimised its routing systems in order to make the messaging server more efficient.

5.12.3. Administration
Lotus Domino 8.5 introduced a lot of system optimization features and administrative tools. One such tool is the
Domino Configuration Tuner (DCT), which can detect problems within the server and suggest optimal configura-
tions for running the server. The DCT prolongs server life by protecting it from preventable issues, and it maxi-
mizes the efficiency of the server by ensuring the configurations optimize the server‟s capacity. Lotus Domino 8.5
also introduced the Lotus Notes ID Vault feature, which allows Lotus Notes users to pull their ID files individually,
and makes it easier for administrators to reset passwords for Notes users. A Notes account‟s ID file contains
passwords and authentication information needed to access the account. This creates greater efficiency in the IT
network by giving users reasonable access to retrieve their ID files on their own. Lotus Domino 8.5.1 also updates
the Lotus Notes ID Vault feature, which can now synchronize Notes IDs onto mobile clients easier. Mobile users
can synchronize their Notes IDs into the Lotus Notes ID Vaults from Lotus iNotes, Lotus Notes Traveller, or other
third-party providers such as RIM‟s BlackBerry. In Lotus Domino 8.5.1, IBM has implemented system fixes and
upgrades to maximize administration efficiency. This includes the deployment of new Lotus features as well as
plug-ins using a streamlined widget deployment system. Another updated feature is the ability of the Lotus Notes
workspace to roam freely. This is also a part of IBM‟s mission to allow greater accessibility to the Domino server
from both within and outside the workplace. The licensing is also controlled and automated through the Domino
client, allowing administrators to grant or revoke roaming privileges appropriately.




                                                                                                           Page 171
Enterprise Sales Compendium

5.12.3.1. IBM Lotus Domino Designer

In Lotus Domino 8.5.1, the Domino Designer tool became accessible in a non-production capacity for Domino‟s
developer community for free. XPages was also improved with the introduction of the updated Dojo toolkit. Dom-
ino Designer also boasts LotusScript and Java languages that plug in directly into the Eclipse framework. This
gives developers more powerful and usable tools to create widgets and apps for the Notes client. In addition,
Domino Designer boasts full command of the HTML script and situational command of JavaScript and CSS.
XPages is also supported for Lotus Quickr and Lotus iNotes.

5.12.3.2. IBM Lotus Domino Strength (based on Radicati Group Research)

•   Lotus Domino boasts greater platform interoperability than any of its major competitors. Lotus Domino sup-
    ports Microsoft Windows, AIX, Linux, Solaris, as well as IBM‟s proprietary System i5/OS and System z/OS.
•   IBM also has connectors that can work with Microsoft Outlook and other messaging platforms.
•   Lotus Domino can run on both 32-bit and 64-bit server infrastructures, giving universal access to Lotus
    Domino on both older and updated systems.
•   Lotus Domino also comes with the Domino Designer tool free for IBM‟s development community.
•   IBM has implemented major server optimization in Lotus Domino. For instance, DAOS saves a single copy of
    an attachment, saving disk space and I/O by eliminating redundant attachments in the server.
•   The Domino Configuration Tuner detects server issues and suggests the optimal configuration for the server,
    which reduces CPU usage. These server optimization help prolong server life, drive down TCO, and promote
    a clean IT network.

5.12.3.3. IBM Lotus Domino Weaknesses (based on Radicati Group Research)

•   Lotus Domino remains a high-end enterprise solution that is not well suited for mid size and SMB customers.
•   Although IBM Lotus Domino can connect to the Microsoft Outlook client, Microsoft Outlook does not retain
    features that are not supported by the Domino server.
•   Although Domino Designer, Lotus Symphony, and Lotus Quickr come packaged with Domino free of charge,
    all three require separate licenses to attain full functionality.
•   While IBM markets its ability to drive down TCO, Lotus Domino remains the most expensive list pricing plat-
    form relative to its immediate market competitors, which still makes it unattractive for cost-sensitive enter-
    prises.

5.12.3.4. IBM Lotus Notes (Client)

IBM Lotus Notes is IBM‟s premier email client designed specifically to work with the Domino email server. The
desktop email client has advanced address book, calendaring, and email capabilities. In the Lotus Notes/Dom-
ino upgrade from version 7 to version 8, IBM focused its efforts on completely renovating the Notes client by
implementing the Eclipse framework. Version 8 gives the client a new aesthetic while allowing developers to
integrate cross-platform plug-ins within the Notes client. The Eclipse framework also allows for greater feature
parity across all operating systems. IBM Lotus Notes also works with other Lotus applications including: Lotus
Sametime for instant messaging and conferencing, Lotus Quickr for enterprise content management and project
collaboration, Lotus Symphony for productivity software, Lotus Connections for business social networking, and
Lotus Traveller Notes for mobile push email. In the release of Lotus Notes 8.5, IBM has opened up the client to a
multitude of development possibilities. The client itself has added new features to help optimise work flow and
collaboration within the workspace. Users can share documents in the same way they can share bookmarks, and
contacts are saved in vCard formats to allow easier exchange of business information. Lotus Notes 8.5 also pro-
vides broader support for roaming usage; users can bring their applications, email, settings, and preferences be-
tween different Lotus Notes 8.5 clients, providing a uniform experience across clients. With the release of Lotus
Notes 8.5, IBM Lotus Notes is supported on: Apple Mac OS X v10.5 Snow Leopard, Canonical Ubuntu, RHEL (Red
Hat Enterprise Linux), SLED (SUSE Linux Enterprise Desktop), and Windows Vista. IBM plans to add Windows 7
compatibility with Lotus Notes 8.5.2.




Page 172
Messaging, Web, Infrastructure & Endpoint Products

5.12.4. IBM Lotus Domino Market Shares
The Radicati group report analyses the penetration of IBM‟s messaging server platform Lotus Domino, and IBM’s
email client Lotus Notes within both the On-Premises and the Hosted Email and Collaboration markets.

IBM Lotus Notes/Domino 8.5 is the latest release of IBM Lotus Notes/Domino, with version 8.5.1 its latest up-
date, and version 8.5.2 slated for release later this year.

IBM Lotus Domino 8.x has shown good uptake thus far and will continue to do so as companies are finding more
incentive to upgrade from earlier versions. However, most enterprises waited until version 8.5 to upgrade their
platforms and clients. Lotus Domino 8.5 optimizes performance by increasing storage space, reducing I/O hard
drive loads, and minimizing CPU usage. All of these new features prolong the life of the server and help drive
down TCO (Total Cost of Ownership).

With Lotus Notes/Domino 8.5.1 and 8.5.2, IBM is working towards rejuvenating the Lotus Notes application
development community, while making strides to allow for more third-party innovation and improvement. For in-
stance, IBM is releasing Domino Designer on a non-production basis for free, and XPages is constantly updated
to give more power and freedom to developers. The new version also comes with a new licensing scheme, as IBM
has consolidated their licensing structures into two main bundles: the Messaging CAL and the Enterprise CAL.
Another major point for these updates is adding mobile access to Lotus Notes/Domino.

In 2010, IBM Lotus Domino will have an installed base of 192 million mailboxes, and is expected to grow to 266
million by 2014. This represents an average annual growth rate of 8%.

On-Premises Lotus Domino mailboxes account for the vast majority of the Lotus Domino mailboxes worldwide.
In 2010, On-Premises Lotus Domino mailboxes will account for 89% of the Lotus Domino mailboxes worldwide.

Traditionally, IBM Lotus Notes/Domino has found most of its traction amongst Large and Very Large businesses,
as larger organizations often require the powerful, advanced collaboration features offered by IBM.


                         2010                                                        2014

         4%                                                              5%
                 7%                                                           8%
                                       On‐Premises Domino                                       On‐Premises Domino
                                       Mailboxes                                                Mailboxes
                                       Hostes Notes Mailboxes                                   Hostes Notes Mailboxes

                       89%             Managed Domino                              87%          Managed Domino
                                       Mailboxes                                                Mailboxes




                                                            Figure 37.


Additionally, Radicati Group had a closer look to the industries using Domino environments. The Financial Service
and the Legal and Professional Service sectors deploy IBM Lotus Domino the most with 16% penetration each.
Both the Financial Service and Legal and Professional Service markets adopted IBM Lotus in the past due to
its ability to multi-thread and cross reference emails before competitors had implemented such functions. IBM
Lotus Domino‟s ability to integrate applications to supplement the needs of these enterprises has also been a
major driver.




                                                                                                           Page 173
Enterprise Sales Compendium

The Government sector accounts for 14% of IBM Lotus Domino deployments. Government agencies at all levels
and on a worldwide basis have a long history of using IBM‟s messaging and collaboration solutions to fit their
needs.



                                                                                    Financial Services
                                                                                    Legal & Professional Services
                                                                                    Government
                                                                                    Healthcare
                                                                                    Manufacturing
  Top Industry
                                                                                    Other
                                                                                    Education Services
                                                                                    Utilities
                                                                                    Transportation
                                                                                    Telecom
                       0%           5%          10%     15%             20%

                                                        Figure 38.


Since our Security for Mail Servers is targeted to medium and large companies, it is also interesting to know the
allocation of Domino by company size. Radicati Group analysed the allocation of Domino by company size.

Radicati Group defines business sizes by the number of employees, as follows:
• Small: 1 - 100 Employees
• Medium: 101 - 1,000 Employees
• Large: 1,001 - 10,000 Employees
• Very Large: Over 10,000 Employees

Large and Very Large Businesses are the core markets for On-Premises IBM Lotus Domino, and make up the
majority of On-Premises IBM Lotus Domino deployments. These segments account for 66% of the On-Premises
IBM Lotus Domino seats in 2010.

In 2010, Medium Businesses account for 32% of On-Premises IBM Lotus Domino seats, while Small Businesses
make up only 1% of On-Premises IBM Lotus Domino mailboxes.



                                          On‐Premises Lotus Domino by 
                                                 Business Size
                       120

                       100
                                                                              Medium (101‐1.000 Employees)
                       80                                                     Large (1.001‐10.000 Employees)
             Million




                                                                              Very Large (10.001+ Employees)
                       60
                                                                              Small (1‐100 Employees)
                       40

                       20

                        0
                             2010        2011    2012   2013         2014

                                                        Figure 39.




Page 174
Messaging, Web, Infrastructure & Endpoint Products

The next figure shows the allocation in procent.


                                                 On‐Premises Lotus Domino by
                                                     Business Size Shares
                                    50%
                                    45%
                                    40%
                                    35%
                                                                                                           % Small
                                    30%
                            Share




                                    25%                                                                    % Medium
                                    20%                                                                    % Large
                                    15%
                                                                                                           % Very Large
                                    10%
                                     5%
                                     0%
                                               2010        2011     2012          2013       2014
                                                                         Figure 40.


However, Lotus Domino is growing in the market Radicati Group has analysed that Microsoft: Microsoft‟s Ex-
change Server is the leading enterprise email platform in this market, and the primary competitor to IBM Lotus
Domino. Similarly to IBM, Microsoft is building a unified communications suite of applications around its flagship
corporate email platform. Additionally, other compatitors are in the market and gather market shares. Novell has
positioned itself as a top player in the Messaging and Collaboration Market with its flagship Novell GroupWise
email platform. Novell is the third major competitor in the corporate email software space, and has shifted its

focus towards the emerging corporate Linux market.
The majority of IBM Lotus Domino mailboxes are located within the Asia/Pacific and European regions. In 2010,
Asia/Pacific accounts for 49% of worldwide IBM Lotus Domino deployments, while Europe accounts for 26%.

IBM‟s success in maintaining a stronghold in Asia/Pacific and European markets is due to its widespread adop-
tion with Government and Very Large enterprise accounts in these regions. These organizations have been en-
trenched IBM customers for many years, and continue to be loyal to IBM products.

North America, on the other hand, makes up a smaller portion of IBM Lotus Domino installed base, as the region
finds much more prevalent adoption of other enterprise messaging solutions, such as Microsoft Exchange Server.

                                               IBM Lotus Domino by Region 2010‐2014
                                      140

                                      120

                                      100
          Installed Bases




                                          80

                                          60

                                          40

                                          20

                                           0
                                                  2010            2011                2012          2013     2014
                            North America          25              26                  26            27       27
                            Europe                    45          47                  48            49        49
                            Asia/Pacific              84          95                  104           117       128
                            Rest of World             16          19                  22            25        28

                                                                         Figure 41.

                                                                                                                          Page 175
Enterprise Sales Compendium


North American IBM Lotus Domino mailboxes by business size.

                                      North American Lotus Domino by 
                                              Business Size
                         14
                         12
                                                                       Small (1‐100 Employees)
                         10
                         8
               Million




                                                                       Medium (101‐1.000 Employees)
                         6
                         4                                             Large (1.001‐10.000 Employees)

                         2
                                                                       Very Large (10.001+ Employees)
                         0
                               2010   2011    2012   2013    2014

                                                        Figure 42.


North American IBM Lotus Domino mailboxes by business size shares.



                                  North American Lotus Domino by
                                        Business Size Shares
                         50%

                         40%
                                                                                        % Small
                         30%
              Shares




                                                                                        % Medium
                         20%                                                            % Large
                         10%                                                            % Very Large

                          0%
                                  2010       2011    2012       2013   2014

                                                        Figure 43.


European IBM Lotus Domino mailboxes by business size.



                                         European Lotus Domino by 
                                               Business Size
                         25

                         20                                            Small (1‐100 Employees)

                         15
               Million




                                                                       Medium (101‐1.000 Employees)
                         10
                                                                       Large (1.001‐10.000 Employees)
                         5
                                                                       Very Large (10.001+ Employees)
                         0
                               2010   2011    2012   2013    2014

                                                        Figure 44.




Page 176
Messaging, Web, Infrastructure & Endpoint Products

European IBM Lotus Domino mailboxes by business size shares.



                                         European Lotus Domino by
                                            Business Size Shares
                         50%

                         40%
                                                                                        % Small
                         30%
               Shares




                                                                                        % Medium
                         20%                                                            % Large
                         10%                                                            % Very Large

                          0%
                                  2010       2011    2012       2013   2014

                                                        Figure 45.


Asia/Pacific Lotus Domino mailboxes by business size.



                                         Asia/Pacific Lotus Domino by 
                                                Business Size
                         70
                         60
                                                                       Small (1‐100 Employees)
                         50
                         40
               Million




                                                                       Medium (101‐1.000 Employees)
                         30
                         20                                            Large (1.001‐10.000 Employees)

                         10
                                                                       Very Large (10.001+ Employees)
                         0
                               2010   2011    2012   2013    2014

                                                        Figure 46.


Asia/Pacific Lotus Domino mailboxes by business size shares.



                                      Asia/Pacific Lotus Domino by
                                          Business Size Shares
                         60%
                         50%
                         40%                                                            % Small
               Shares




                         30%                                                            % Medium

                         20%                                                            % Large
                                                                                        % Very Large
                         10%
                          0%
                                  2010       2011    2012       2013   2014

                                                        Figure 47.




                                                                                                        Page 177
Enterprise Sales Compendium

Rest of World Lotus Domino mailboxes by business size.



                                         Rest of World Lotus Domino by 
                                                  Business Size
                         14
                         12
                                                                        Small (1‐100 Employees)
                         10
                         8
               Million




                                                                        Medium (101‐1.000 Employees)
                         6
                         4                                              Large (1.001‐10.000 Employees)

                         2
                                                                        Very Large (10.001+ Employees)
                         0
                               2010    2011    2012   2013    2014

                                                         Figure 48.


Rest of World Lotus Domino mailboxes by business size shares.



                                      Rest of World Lotus Domino by
                                           Business Size Shares
                         60%
                         50%
                         40%                                                             % Small
               Shares




                         30%                                                             % Medium

                         20%                                                             % Large
                                                                                         % Very Large
                         10%
                          0%
                                  2010        2011    2012       2013   2014

                                                         Figure 49.




Page 178
Application




Kaspersky Security for Exchange Servers
Enterprise Sales Compendium




Page 180
Messaging, Web, Infrastructure & Endpoint Products


5.13. Application: Kaspersky Security
for Microsoft Exchange Servers
Kaspersky Security for Microsoft Exchange Servers
2007/2010 provides anti-malware and anti-spam
protection for mail traffic on corporate networks.

This product has been developed specifically for enterprise
with a complex email architecture to provide maximum security.




5.13.1. Exchange Server security
Microsoft Exchange Server, the cornerstone of the Microsoft Unified Communications solution, has long been the
choice of organizations like yours to enable rich and productive collaboration among its users. This architecture
provides a role based infrastructure to provide unified communications throughout the company and to external
partners and customers. Since those messages are the main technology to infiltrate companies with malware, it
is very important to protect those servers to ensure the infected messages are not delivered to the users worksta-
tion or mobile device. Kaspersky Security for Microsoft Exchange provides that functionalities including Antivirus
and Anti-Spam components.


5.13.2. Definition

5.13.2.1. Main Features

•   Intelligent detection and effective anti-spam protection
•   Real-time antivirus protection
•   Classification of incoming messages
•   On-demand scan
•   Creation of backup copies
•   Flexible scan configuration
•   Scalable and fault tolerant
•   Regular updates of anti-spam and antivirus databases
•   Support for server clusters
•   Administration via the Microsoft Management Console (MMC)

5.13.2.2. Advanced Features

•   Notification system
•   Logging system
•   Detailed reports

5.13.2.3. New Features compared to KSE 6.0

•   Anti-Spam protection (compared to the Kaspersky Security for Microsoft Exchange Server 2007 version)
•   Support for Microsoft Exchange Server 2010
•   Support for Microsoft Windows 2008 R2
•   Optimal utilization of system resources
•   Treatment of archived files
•   Detection spam for different languages




                                                                                                        Page 181
Enterprise Sales Compendium

5.13.3. Anti-Spam protection
Anti-Spam protection is available in this version, but was not available in Kaspersky Security for Microsoft
Exchange Server 2007. However, an anti-spam module was integrated into Kaspersky Security for Microsoft
Exchange Server 2003.


Features                        Description

Spam detection                  (New!)
Improved!                       Includes the all-new, fourth generation anti-spam engine:
                                • Enhanced productivity and performance stability;
                                • Low RAM usage;
                                • Low Internet traffic volumes (Kaspersky anti-spam database update).

                                The technologies that make the application so highly effective at detecting
                                spam include:

                                Heuristic analyser. This feature identifies spam based on such typical
                                characteristics as anomalies in the sender’s address, the absence of the
                                sender’s IP address [DNS] and an excessive number of intended recipients,
                                or hidden addresses. The size and format of messages are also taken into
                                consideration.

                                Linguistic analyser. This feature analyses the format and linguistic composi-
                                tion of the text, scans messages for words and phrases that are typical of
                                spam messages and compares them to the samples in the lexical signature
                                databases. Both the content of the message itself and any attachments are
                                analysed.

                                Graphical signature analyser. This is a database of graphical spam signa-
                                tures that allows the program to block messages containing spam images as
                                opposed to text.

                                Real-time UDS requests. The Urgent Detection System is updated with infor-
                                mation about spam messages literally seconds after they first appear on the
                                Internet. Messages that could not be assigned a definitive status (e.g. spam,
                                not spam) can be scanned using the UDS. Utilization of this technology al-
                                lows the response times for new spam mailings to be considerably reduced.

                                Advantage: the combination of these technologies allows over 99% of all
                                spam emails to be blocked.
List-based classification       (New!)
(New!)                          (Compared to KS for Microsoft Exchange Server 2003.)
                                This product version supports the creation of ‘white-’ and ‘blacklists’.
                                White- and blacklists are created based on a sender’s SMTP or IP address.
                                A whitelist can also be created based on a recipient’s e-mail address.
                                If the address is added to the whitelist, the email is delivered without going
                                through the scanning process. If it is added to the blacklist, the email is
                                marked with a special header and is processed according to the rules set by
                                the administrator.
                                Advantage: speeds up the incoming traffic scan, allows company-specific
                                business processes to be considered.
Scanning by DNSBL lists         (New!)(Compared to KS for Microsoft Exchange Server 2003.)
(New!)                          This product version checks sender IP addresses against blacklists of
                                spammers. The lists are maintained by Internet service providers and public
                                organizations (DNSBL-based Blackhole Lists). System administrators can
                                add the addresses of trusted correspondents to a whitelist, ensuring that
                                their messages are always delivered directly, bypassing all stages of the
                                scanning process.
                                Advantage: increases the speed and accuracy of scans.


Page 182
Messaging, Web, Infrastructure & Endpoint Products

SPF and SURBL technologies      (New!) (Compared to KS for Microsoft Exchange Server 2003.)
(New!)                          The scan process also involves verifying the legitimacy of senders by using
                                the Sender Policy Framework. Detection of spammer IP addresses using
                                DNSBL technology is supplemented by SURBL technology (Spam URI Real-
                                time Block List), that can identify spam URLs in a message body.

                                Advantage: more accurate and faster scanning of messages.
Anti-Spam intensity level       (New!) (Compared to KS for Microsoft Exchange Server 2003.)
settings                        Allows one of four anti-spam intensity levels to be selected depending upon
(New!)                          the peculiarities of mail traffic at a particular company. The optimal combina-
                                tion of productivity and protection is set by default.
                                Advantage: flexible settings allow for any specific characteristics that a
                                company’s mail traffic may contain.
Adding scan result markers to   If a system is configured to allow the delivery of suspicious messages to the
a message’s subject line and    user, system administrators can add a marker to the message’s subject line
x-header                        informing the user of its scan results. Markers can be added to any message
Improved!                       and take the form of: ‘Spam’, ‘Potential Spam’, Formal Notification’, ‘Not
                                Spam’ and ‘Blacklisted’.

                                (New!) (Compared to KS for Microsoft Exchange Server 2003.)
                                This application version adds a marker to a message’s technical x-header.
                                A marker attached to a message’s x-header includes information about the
                                message’s scan results and its category. Depending on the settings, this
                                information is either read by Microsoft Exchange or another mail client and
                                the message is then sent to the recipient’s Inbox or Junk email folder accord-
                                ingly.

                                Advantage: the flexible settings used to sort emails make processing a
                                user’s incoming traffic much easier.
Creation of backup copies       The application saves copies of messages to backup storage before they are
Improved!                       deleted, making it possible to restore important information if the message
                                was erroneously detected as “spam”. The storage period and the total size of
                                the objects in storage can be set by the user.

                                (New!) Unlike previous versions of the application, information about any
                                objects placed in backup storage is saved on Microsoft SQL Server (versions
                                2005 and 2008) or free versions of Microsoft SQL Server Express Edition.
                                The SQL server can be either local or remote.

                                Advantage: the option to save information to Microsoft SQL provides flexible
                                administration and scaling. It also increases the speed of processing storage
                                search requests when large volumes of data exist.
Trusted zones                   Messages from trusted sources (authorized by name and password or cer-
                                tificate) are not scanned by default, e.g. when exchanging traffic with partner
                                organizations or trusted mail providers.
                                Advantage: removing the need to scan messages from trusted sources al-
                                lows the mail server load to be reduced.
Spam detection for different    (New!) This feature allows messages written in any language to be scanned,
languages                       for example, messages in Asian languages.
(multibyte encoding)
(New!)                          Advantage: the detection of spam written in different languages is espe-
                                cially important for international companies because it protects users in the
                                company’s offices worldwide from receiving unwanted correspondence.




                                                                                                      Page 183
Enterprise Sales Compendium

5.13.4. Antivirus Protection

Features                         Description

New antivirus engine 8.0: pro-   The new antivirus engine provides the following advantages:
tection from viruses, worms
and trojans                      •   (New!) The combination of traditional signature-based and cutting-edge
Improved!                            heuristic technologies results in more effective detection
                                 •   (New!) The speed that incoming messages can be scanned for malware
                                     increases considerably
Real-time antivirus scanning     The application detects and deletes all types of viruses, worms, Trojans and
                                 other malware in mail traffic and attachments of practically any format. The
                                 engine can detect and delete both clearly malicious programs and poten-
                                 tially hazardous ones including adware, spyware, dialers and other programs
                                 commonly used by criminals for their own purposes.

                                 Advantage: highly accurate antivirus scanning
Background on-request or on-     The application provides background scanning of mailboxes and public
demand scanning                  folders stored on the server, ensuring that all objects are scanned using the
                                 latest antivirus database whilst minimizing server load. It also allows scan
                                 depth to be set by the user, for example, to check the messages that arrived
                                 in the last 3 days. Additionally, it is possible to set on-schedule scanning in
                                 order to spread out the execution of scanning tasks, for example, backup
                                 processes.

                                 Advantage: adjustable scan depth and on-schedule scanning allow optimi-
                                 zation of the mail server load.
Creation of backup copies        The application saves copies of messages to backup storage; allowing
Improved!                        important information to be restored in the event of problems. In order to
                                 make searching for an object located in storage easier, the application offers
                                 a wide choice of search filters.

                                 (New) Unlike previous versions of the program, information about any ob-
                                 jects placed in backup storage is saved on Microsoft SQL Server (versions
                                 2005 and 2008) or free versions of Microsoft SQL Server Express Edition.
                                 The SQL server can be either local or remote.

                                 Advantage: the option to save information to Microsoft SQL provides flexible
                                 administration and scaling. It also increases the speed of processing storage
                                 search requests when large volumes of data exist.
Configurable                     The application provides the flexibility for a user to set scanning exceptions:
scanning exceptions              • (New!) If a need to receive unscanned messages exists within a com-
Improved!                            pany, for example, in a Marketing, Sales or Support department, an
                                     administrator can create a whitelist of email addresses that will receive
                                     unscanned mail
                                 • By file masks
                                 • For certain mailbox databases or public folder databases
                                 • For archives

                                 Advantage: ability to provide flexible management of the company’s busi-
                                 ness processes
One-time scanning                The application does not scan any messages residing on a company’s mail
                                 server if they have already been scanned.

                                 Advantage: helps to reduce server load




Page 184
Messaging, Web, Infrastructure & Endpoint Products

Treatment of archived files   (New!) The new version of the application provides treatment of archived
(New!)                        files, while the previous version of the product could only identify and delete
                              infected archives.

                              Advantage: treatment of infected archive files reduces the risk of data loss
                              and increases the effectiveness of the application’s performance.



5.13.5. Administration and Notifications

Features                      Description

Flexible settings             An administrator can configure the application depending on the company’s
Improved!                     security policy and hardware capabilities, for example, an administrator can:
                              Set the product to scan only potentially dangerous objects, excludeing cer-
                              tain files from being scanned

                              •   (New!) Configure dedicated operations (ignore or delete) for password-
                                  protected or damaged objects, for example, an archive with a corrupt
                                  header
                              •   Set the level of anti-spam intensity (see anti-spam protection)
                              •   (New!) Restrict anti-spam scanning according to message size, allowing
                                  messages that exceed a set limit to pass unscanned
                              •   Set the nesting level for archives and container files (up to 32)
                              •   (New!) Exclude any messages sent to whitelisted addresses from being
                                  scanned (for anti-spam) and deliver any blacklisted messages to the
                                  Junk email folder.
                              •   (New!) Manage trusted connection scanning. The new version allows
                                  trusted connections to be included in scanning if mail is coming from an
                                  external connection, e.g. from a partner
                              •   Make a wide range of adjustments to the anti-spam module
                              •   (New!) Place trusted recipients on whitelists (for antivirus) so that their
                                  mail bypasses the scanning process

                              Advantage: flexible settings allow for company-specific traffic anomalies,
                              mail server load optimization and automation of the application’s perfor-
                              mance.
Management via MMC            Configuration and administration of the application is performed via a single
Improved!                     management console integrated into the Microsoft Management Console
                              (MMC), which will be familiar to system administrators everywhere.

                              Applications installed on more than one server or on Microsoft Exchange
                              2007 clusters can be managed centrally using the console.

                              (New!) The graphical user interface has been greatly improved compared to
                              the previous version of the application.
                              Advantage: simple management reduces the time that system administra-
                              tors spend working with and maintaining the application.




                                                                                                     Page 185
Enterprise Sales Compendium

Notification system   The application has a built-in system for notifying system administrators
Improved!             about its functioning. Notifications can be configured to be received via
                      email or viewed in the Windows Event Log, which allows system administra-
                      tors to see messages about the application along with messages for other
                      Windows applications.
                      Notifications can be configured so that the sender and recipient receive
                      them as well as the system administrators.

                      (New!) The text in notification messages sent to the system administrators,
                      the sender and the recipient differs in order to maintain confidentiality.

                      (New!) In the new version of the application it is now possible to receive mes-
                      sages about the status of the antivirus databases.

                      Advantage: the notification system saves time and makes it easier for sys-
                      tem administrators to work with the application.
Logging system        The application records all operations in a text file, allowing it to be moni-
Improved!             tored at any time.

                      (New!) Older logs are automatically archived so that they take up less space.

                      (New!) This version contains more options that can be configured by the
                      system administrator.

                      Advantage: the logging system makes the system administrators’ job easier
                      and reduces reaction time in the event of a system error.
Detailed reports      The system administrators can control the state of antivirus and anti-spam
                      protection using HTML reports. The frequency at which reports are generated
                      and their contents can be set by the system administrators. Reports can be
                      saved to a disk or sent via email. Additionally, reports covering a specified
                      period of time can be compiled very quickly.

                      Advantage: detailed reports offer system administrators maximum control
                      over the application’s functioning.




Page 186
Messaging, Web, Infrastructure & Endpoint Products

5.13.6. Performance

Features                         Description

Regular database updates         Database updates can be received from Kaspersky Lab’s servers upon
Improved!                        request or automatically. The application automatically selects the least
                                 loaded update server. The application can also update from a local folder,
                                 reducing the amount of traffic required to update more than one server.
                                 The update schedules for antivirus and anti-spam databases can be set
                                 separately.

                                 (New!) The frequency of anti-spam database updates has increased signifi-
                                 cantly, making the application even more effective.

                                 Advantage: the optimised updating procedures save time for the system
                                 administrators.

Automatic scalability            (New!) The application automatically modifies the number of scanning
(New!)                           threads depending on the volume of traffic.

                                 Advantage: the scalability of the application makes it possible to enhance
                                 scanning performance and optimise mail server load.
Flexible adjustment of server    The application includes different settings that allow the message process-
load                             ing speed to be adjusted, e.g. restrictions on message size, settings for the
                                 level of file nesting and the level of anti-spam intensity.

                                 Advantage: flexible settings allow system administrators to adjust the load-
                                 ing of servers.
Optimal use of system re-        (New!) The new version of the application uses much less memory. In the
sources                          previous version a separate process with its own copy of the antivirus
(New!)                           databases was launched for each antivirus engine. In the latest product the
                                 antivirus engines share one version of the antivirus databases, reducing the
                                 amount of server RAM required.

                                 Advantage: the application reduces demand on the server’s RAM and sub-
                                 sequently uses the minimum of system resources.
Uninterrupted operation of the   The application includes settings that support the uninterrupted operation of
mail server (the application     the mail server:
does not affect the normal
running of the server)           •   The anti-spam settings allow an upper time limit to be set on the scan-
Improved!                            ning of incoming mail which means that messages exceeding the set
                                     scanning time limit are allowed to pass and incoming traffic is not af-
                                     fected
                                 •   The antivirus settings also allow a time to be set for messages to be
                                     scanned. If scanning takes longer than the set time, the message is al-
                                     lowed to pass unchecked, but is marked accordingly
                                 •   (New!) The fault tolerance of the application has increased due to its
                                     optimised architecture

                                 Advantage: the application’s high level of reliability makes the system ad-
                                 ministrators’ job more straightforward.




                                                                                                       Page 187
Enterprise Sales Compendium

5.13.7. Server Architecture

Features                     Description

Support for main Microsoft   Supports Edge, Hub transport and Mailbox
Exchange Server roles        (receiving, sending and storing mail) roles.

                             Supports the selection of functionality depending upon the specific role of
                             the Microsoft Exchange server.
Cluster support              The application supports Cluster Continuous Replication (CCR) and Single
                             Copy Cluster (SCC) in Microsoft Exchange Server 2007.

                             Advantage: the application is suited for use on complex server clusters that
                             are often used in larger companies.
Compatibility with DAG in    The application is compatible with Database Availability Group (DAG)
Microsoft Exchange 2010      architecture.
(New!)


5.13.8. Supported Platforms

Features                     Description

Support for Microsoft Ex-    The application supports the latest version of Microsoft Exchange.
change 2010
(New!)                       Advantage: provides high levels of antivirus and anti-spam protection for
                             the very latest mail systems.
MS Windows Server 2008 R2    The application supports the widely used Windows Server 2008 R2.
(New!)
MS Exchange 2007             The application supports the widely used Microsoft Exchange 2007 with
                             SP3.




Page 188
Messaging, Web, Infrastructure & Endpoint Products


5.14. Application Environment

5.14.1. Microsoft Exchange Overview

5.14.1.1. Microsoft Exchange 2007

KSE had been developed to protect Microsoft Exchange Server 2007 and 2010.

Microsoft Exchange Server 2007 is available in two editions: Standard and Enterprise. These two editions differ
in storage group and database support size, mail transport connectors, and clustering capabilities. Microsoft
targets businesses of all sizes; however, the company’s core market are Medium to Large-sized businesses.
Microsoft Exchange Server 2007 was designed to integrate tightly with Microsoft Outlook 2007 to unlock the
full functionality of this popular email client in businesses today. Microsoft Outlook easily detects and configures
an existing local Microsoft Exchange Server, using an auto-discover that only requires inputting a user’s email
address and password. In addition to integrating with Microsoft Outlook 2007, Microsoft Exchange Server 2007
also integrates with Microsoft Windows SharePoint Services, Office Communications Server 2007, Microsoft Of-
fice 2007 applications, as well as other third-party systems and devices.

Released in November 2009, Microsoft Exchange Server 2010 is the next evolution for Microsoft‟s flagship mes-
saging and collaboration platform. In addition to email, the messaging server offers sophisticated groupware
capabilities, (shared calendaring, shared contacts, shared tasks, and resource scheduling), mobile support, and
unified messaging.


5.14.1.2. Microsoft Exchange 2007 - Unified Messaging

One of the most notable additions to Microsoft Exchange Server 2007 is Unified Messaging (UM) technology,
which is offered out-of-the-box via Microsoft Exchange Server 2007‟s Unified Messaging server role. The Unified
Messaging server role creates a single infrastructure where e-mail, voice messages, and faxes are all delivered
in a single mailbox, unifying multiple forms of digital communications. To enable UM capabilities, the Microsoft
Exchange Server 2007 Unified Messaging server role must be connected to an organization‟s telephony sys-
tem. Microsoft Exchange Server 2007 is compatible with most IP PBX platforms, and supports traditional PBXs
through an IM gateway. Once the UM server role is set up, users can receive faxes and voice mail messages in
their inbox, consolidating multiple communications infrastructures. Incoming faxes arrive as messages with the
fax message attached as a .tff file format. Voice mail also arrives as messages, and can be played with an em-
bedded player or routed to a phone for private playback. Another interesting aspect of the UM server role is the
Outlook Voice Access (OVA). OVA allows users to access their email messages and manage their calendars using
via any phone. OVA is a voice-based interface, featuring an automated attendant, that acts like a virtual opera-
tor. Users can interact with the automated attendant through either touch tone menus or voice commands using
Microsoft‟s automated speech recognition (ASR) technology. In addition, email messages, calendar items, and
contact information can be read over the phone using Microsoft‟s Text-To-Speech (TTS) technology. With the re-
lease of SP1, Microsoft Office Communications Server 2007 can now be integrated with the Microsoft Exchange
Server Unified Messaging server role for a full Unified Communications system.




                                                                                                         Page 189
Enterprise Sales Compendium

5.14.1.3. Microsoft Exchange 2010

Microsoft Exchange Server 2010 must be deployed on 64-bit hardware, and requires the Microsoft Windows
Server 2008 SP2 or Windows Server 2008 R2 operating system. For the first time, the messaging server was
developed as both an on-premises platform, as well as a platform for hosted service delivery. Organizations can
choose to deploy Microsoft Exchange Server 2010 as an on-premises solution, a hosted service, or a hybrid con-
sisting of both on-premises and hosted services.
The latest version of Microsoft Exchange Server also expands on much of the functionality already included in
Microsoft Exchange Server 2007. Key features of Microsoft Exchange Server 2010 include:

•   Hosting capabilities
•   Enhanced large mailbox and storage support
•   High Availability (HA) and Disaster Recovery (DR)
•   Simplified Administration
•   Archiving and Compliance
•   Anywhere Access
•   Unified Messaging (UM)

Microsoft Exchange Server 2010 was designed to integrate tightly with Microsoft Outlook 2010. When Microsoft
Exchange Server 2010 is combined with Microsoft Outlook 2010, the full power of the mail server is unlocked.
Microsoft Exchange Server 2010 will also fully support all the features of Microsoft Outlook 2003 and 2007.
However, Microsoft will not fully support any Outlook versions prior to Microsoft Outlook 2003.

However, Microsoft Exchange Server 2007 or 2010 utilizes a role-based architecture, enabling administrators to
select up to five distinctive server roles when deploying the server.

EDGE Transport Role
This server role sits at the network perimeter or DMZ (Demilitarized Zone) and is responsible for all incoming and
outgoing email messages. The Edge Transport protects against virus and spam through a variety of filtering tech-
niques, including connection filtering, content filtering, and recipient filtering. It also defends against Denial of
Server and Direct Harvest Attacks. Edge Transport Rules Agent can also be applied for additional email hygiene.
These rules scan SMTP and MIME addresses, as well as key words located in the subject or body of an email
message.

HUB Transport Role
This server role is responsible for the transport of internal email traffic flow throughout the messaging infra-
structure. Incoming messages are passed from the Edge Transport server to the Hub Transport server, and then
eventually to the mailboxes of end-users. Outgoing messages also flow through the Hub Transport server before
reaching the Edge Transport server. Hub Transport Rules Agent can also be applied to enforce company policy
and regulatory compliance.

Client Access Role
This server role enables end-users to connect to the Microsoft Exchange Server platform through either Post Of-
fice Protocol 3 (POP3), Internet Message Access Protocol 4 (IMAP4), Secure Hypertext Transfer Protocol (HTTPS),
Outlook Anywhere, Availability service, and Autodiscover service. The Client Access Server also hosts Web ser-
vices.

Mailbox Role
This server sole contains Microsoft Exchange Server databases, and is home to end-users‟ mailboxes and public
folders.

Unified Messaging Role
This server role introduces integrated unified messaging (UM) capabilities to Microsoft Exchange Server 2007,
combining voice mail, faxes, and email into one inbox. Microsoft Exchange users can access their inbox outside
of their office from another computer, or from a phone using Outlook Voice Access (OVA).




Page 190
Messaging, Web, Infrastructure & Endpoint Products

5.14.1.4. Microsoft Exchange 2010 - Unified Messaging

Microsoft Exchange Server 2010 improves on the unified messaging (UM) features that were first introduced in
Microsoft Exchange Server 2007. Now, when users phone into Microsoft Outlook Voice Access (OVA), they can
choose from a total of 26 different languages. Prior versions only offered English support. New options for OVA
allow individuals to better customize their voice mail system. Individuals can tailor their auto attendant, as well as
create new call answering and routing rules for handling incoming calls. One of the most intriguing unified mes-
saging features is the text-based voice mail message preview. New voice mail messages that enter the inbox will
now be transcribed to a text-based file through speech-to-text technology, which will allow recipients to read the
voice mail message in addition to the ability to listen to the message.

5.14.2. Microsoft Exchange Roles in Detail
To understand the purpose of the different roles in Exchange Server Platform, the following image shows in detail
the dependencies and access ways from clients to the different Exchange roles.

                                                       Company Network
                         Routing
                                        DMZ                                   Exchange Organization
                                                                    Routing
                                                                     Rules



                                                                                                       Mailbox
                                                                                                     Public Folder

                                     Exchange
                                   Edge Transport                     Exchange
                                                                     Hub Transport
                                                                                      Exchange
                                                                                   Maiboxl Transport




       C
                                                                   OWA, Active
                                                                   Sync, RPC,
      Clients                                                        HTTP
                                                                                              Fax
                                                                                             Voice



                                            C


                                                                    Exchange               Exchange
                                           Clients                 Client Access      Unified Messaging




                                                                                                      SIP Gateway
                                                                                                          PBX

                                                      Figure 50.


As illustrated incoming and outgoing mails are routed through the Exchange Edge Transport Server which is the
first instance to establish mail security technologies. The messages are forward to the Hub Transport Role Server,
which knows where the Mailbox Transport Server, which holds the public folders, is located. This particular role
allows the share of mail traffic trough the network. All clients like laptop’s or mobile devices using Outlook Web
Access (OWA) or Active Sync connecting directly to the Exchange Client Access Server.


                                                                                                                 Page 191
Enterprise Sales Compendium

5.14.3. Failover and High Availability
Since most large enterprise companies using thier mail system in a cluster, we need to mention here that with
Microsoft Exchange 2010 all cluster modes (SCC, SCR, CCR, LCR) are replaces with the new Database Availability
Group (DAG) functions.

SCC (Single Copy Cluster) was a traditional Exchange cluster shared storage which used to host the Exchange
database.


                                                            Single Copy Cluster

                                                                     Private Network



                                                                     Public Network
                                         Sto                                                                  t
                                             ra   ge                                                     ec
                        Active Node                                                                 nn            Passive Node
                                                     Co
                                                        nn                                    e   Co
                       Mailbox server                      e   ct                          rag                    Mailbox server
                                                                                       Sto

                                                                    Shared Storage Array




                                                     Logs                                                              DB

                                                                                    Quorum




                                                                       Figure 51.


LCR (Local Continuous Replication) was used for small business who wanted to replicate their Exchange data-
base to another disk on the same server.


                                                    Local Continuous Replication




                                                                    Exchange Server
                       Storage Controller                                                                 Storage Controller




                        Active copy of                                                                        Passive copy of
                        Storage Group                                                                         Storage Group



                        Logs                       DB                                                         Logs                 DB




                                    Replication of Log files




                                                                       Figure 52.




Page 192
Messaging, Web, Infrastructure & Endpoint Products

CCR (Cluster Continuous Replication) was used to replicate Exchange database information between two
Exchange server and storage hardware allowing for redundancy but was limited to one active node and one pas-
sive node.

                                             Cluster Continuous Replication




                                                 Hub Transport Server
                                                  Witness File Share




             Domain Controller
              Global Catalog                                                                     Clients




                                                      Public Network


                                                     Private Network


                        Mailbox Server                                                Mailbox Server
                         Active Node                                                  Passive Node


                         Exchange CCR
                  Active copy of Storage Group                                    Passive copy of Storage Group


                       Logs                DB                                             Logs                      DB



                                                           Figure 53.


SCR (Standby Continuous Replication) was introduced in Exchange 2007 SP1 to provide the ability to replicate
Exchange database on a disaster recovery location.

                                                 Standby Continuous Replication
                   DataCenter Site                                                               DataCenter Site

                                                  Active Directory Logical Site




                      CCR Source                                                                  SCR Traget - 01
                    Storage Group                                       ion                       Storage Group
                                                                     cat
                                                               Repli
                                                         SCR




                                                         SCR Replication



                    Storage Group                                                                SCR Traget – 02
                                                                                                 Storage Group



                                                         WAN Connection



                                                           Figure 54.

                                                                                                                         Page 193
Enterprise Sales Compendium

5.14.4. Database Availability Group (DAG)
Exchange 2007 used LCR, SCC, CCR and SCR for high availability and site resilience of the mailbox databases. In
LCR, the database is replicated to another disk on the same server. If any hardware failure occurs, the mailboxes
will not be available, as the replica of the mail databases are stored in the same hardware but different drives.
SCC is a clustered mailbox server configuration in which the mail databases are stored in shared drives. Since
SCC uses shared drives to store the mailbox database; the failure of the server will ensure that mailboxes are
available as the other node of the cluster is still available. If any failure of the shared drive occurs, the mailbox
availability will be affected. CCR is a clustered mailbox configuration which allows for hardware as well as storage
redundancy. The limitation of CCR is that the cluster can contain only two members, one active and one passive
node. Exchange 2007 SP1 introduced a new feature called SCR by which the databases from the primary site can
be replicated to disaster recovery sites and achieve site resilience.

                                                      Database Availability Group

                                                                                     DataCenter Site

                                                                                                        DAG Group




                              C
                                                                                      Exchange
                                                                                     Mail Server 04
                              Clients
                                                                                          DB1


                                                                                          DB2


                                              Exchange Client Access                      DB3


                                                                                          DB4



                             DataCenter Site                                         DataCenter Site

                                                      DAG Group of Exchange Server




                        Exchange           Exchange                                   Exchange
                       Mail Server 01     Mail Server 02                             Mail Server 03



                            DB1                 DB1                                        DB1


                            DB2                 DB2                                        DB2


                            DB3                 DB3                                        DB3


                            DB4                 DB4                                        DB4




                            Active Database                                              Database Replication




                                                              Figure 55.


Database availability group (DAG) is the most significant feature that has made available in Exchange 2010 which
addresses many of the limitations of the high availability features that were available with previous versions of
Exchange. The CCR which is used for onsite replication and SCR used for offsite replication has been combined
together to form DAG in Exchange 2010. All the high availability features which were available in the earlier ver-
sions has been replaced by DAG. Microsoft defines DAG as a group of up to 16 Mailbox servers that host a set
of databases and provide automatic database-level recovery from failures that affect individual databases. Any

Page 194
Messaging, Web, Infrastructure & Endpoint Products

server in this group can host mailbox databases from any other servers which are in the same
database availability group. This ensures the availability of the mailbox database in case of hardware failure of a
server or a storage failure.

DAG High Availability
Unlike Exchange 2007, where windows failover clustering has to be created for setting up CCRs or SCCs, the
failover cluster is created when the first server is added to DAG. DAG uses subset of windows failover cluster
namely cluster heartbeat ,cluster network and cluster database. The fail over between the members servers of
DAG is managed by a process called “Active manager” which runs on every member server in DAG. The servers
from different subnets can also be added to the DAG .This enables the servers from datacenters of different sites
being members of the DAG. The site resilience which was achieved by using SCRs in Exchange 2007 Sp1 can
easily be accomplished by using this feature. The public folder databases cannot use the DAG.

All MAPI clients connecting to Exchange 2010 mailbox server connects through the Client Access Server (CAS).
A new service called Exchange RPC service in CAS servers handles all MAPI connections .The Client Access role
determines which server currently hosts the active copy of a mailbox by reference to the DAG information, which
is held in Active Directory, and redirect clients when a database has been switched.




                                                                                                        Page 195
Enterprise Sales Compendium


5.15. Application Solutions
Microsoft Exchange 2007 and 2010 have introduced a role based installation which impacts the network layout
and the installation of security components for Anti-Spam and Antivirus like Kaspersky Security for Exchange.


5.15.1. All-in-One Exchange Server Architecture
Using the all-in-one architecture means, to install the Mailbox, Hub and Client Access Role on one Exchange
Server. This is often done in small-medium sized companies which do not have the need of different roles or do
not have multiple office throughout the country which does required the use of Hub or Edge Role based Exchange
Servers.

KSE 8.0 provides Anti-Spam and Anti-Virus protection for this Exchange server and check mailboxes and mail
traffic within the organization.


                                             Exchange Organization



                       Mail flow to and                                          Check mailbox,   C
                     from the company                                            messages send

                                                     Microsoft Exchange Roles:
                                                                                                  Clients
                                                     Mailbox
                                                     Hub
                                                     Client Access

                                   KSE 8.0

                                   Anti-Spam
                                   Anti-Virus

                                                    Figure 56.




Page 196
Messaging, Web, Infrastructure & Endpoint Products

5.15.2. Distributed Exchange Server Architecture
Using the distributed architecture means, to install each role on a specific server, while the Edge role is located in
the secure area in the DMZ, and the Hub and Mailbox, Client Access role are located in the organization
premisses.

KSE 8.0 provides Anti-Spam and Anti-Virus protection for this Exchange Server with the role Edge and Hub but
only provides Anti-Virus protection for the Mailbox role if no other role is installed on that exchange server.


                                                        Exchange Organization


                                                                                        Microsoft Exchange
                                 Microsoft Exchange         Microsoft Exchange          Roles:
                                 Roles:                     Roles:
                                                                                        Mailbox
                                 Edge                       Hub                         Client Access




                      Mail flow to and                 Mailflow                  Mailflow
                    from the company




                                         KSE 8.0                   KSE 8.0                   KSE 8.0 !

                                         Anti-Spam                 Anti-Spam                 Anti-Virus
                                         Anti-Virus                Anti-Virus




                                                                                                    Check mailbox,
                                                                                                    messages send
                                                                                    C


                                                                                   Clients
                                                      Figure 57.




                                                                                                            Page 197
Enterprise Sales Compendium

5.15.3. Clustered Exchange Server Architecture
Using the clustered architecture means, to install the mailbox role on a cluster based operation system to provide
high availability or redundancy if needed. Each note in the cluster must be installed with KSE 8.0 to protect the
exchange server.

The configuration of the KSE 8.0 application installed on the cluster notes is shared though the cluster and all
application settings are stored in the Active Directory.


                                 Exchange Organization                                       Microsoft Exchange
                                                                                             Roles:

                                                                                             Mailbox
                                                                                             Client Access
                                Microsoft Exchange                 Microsoft Exchange
                                                                                                 Exchange
                                Roles:                             Roles:
                                                                                                 Cluster
                                Edge                               Hub




                     Mail flow to and                        Mailflow                     Mailflow
                   from the company




                                        KSE 8.0                             KSE 8.0
                                                                                                             KSE 8.0 !
                                        Anti-Spam                           Anti-Spam
                                        Anti-Virus                          Anti-Virus                       Anti-Virus



                                                                         Check mailbox,
                                                                         messages send
                                                   C


                                                  Clients
                                                            Figure 58.




Page 198
Messaging, Web, Infrastructure & Endpoint Products

5.15.4. Database Availability Group (DAG) based Exchange Server Architecture
Using a DAG grouped Exchange architecture means, to utilize the new Exchange Server feature DAG, which re-
places all other cluster concepts of former Exchange products. The databases used by the different Exchange
servers are replicated to all other Exchange servers to provide fault tolerance. In case of an outage of the Hub role
server, the mailbox role server will take over this role and uses the same database than the old Hub role server.
This ensures seamless handover if a clients connect to the mail infrastructure. The Client Access role knows
which Exchanger Server is holding which active role in the network.

The Exchange Server has its own configuration of the KSE 8.0 application and in comparison to the installation
on cluster environment, this configuration is NOT stored in the Active Directory.



                                  Exchange Organization
                                                                                            Microsoft Exchange
                                                                                            Roles:
                                                                 Exchange DAG
                                                                                            Mailbox
                                 Microsoft Exchange               Microsoft Exchange        Client Access
                                 Roles:                           Roles:

                                 Edge                             Hub




                      Mail flow to and                       Mailflow                    Mailflow
                    from the company




                                         KSE 8.0                           KSE 8.0
                                                                                                            KSE 8.0 !
                                         Anti-Spam                         Anti-Spam
                                         Anti-Virus                        Anti-Virus
                                                                                                            Anti-Virus



                                                                        Check mailbox,
                                                                        messages send
                                                    C


                                                   Clients
                                                         Figure 59.




                                                                                                                 Page 199
Enterprise Sales Compendium




Page 200
Application




Kaspersky Anti-Virus for Linux Mail Servers
Enterprise Sales Compendium




Page 202
Messaging, Web, Infrastructure & Endpoint Products


5.16. Application: Kaspersky Anti-Virus
for Linux Mail Server
Kaspersky Anti-Virus for Linux Mail Server provides effective antivirus
protection for corporate mail traffic. The application is integrated as an
additional module into the existing mail system and provides real-time
scanning of SMTP mail traffic for malicious code.

Kaspersky Anti-Virus for Linux Mail Server scans the server’s file sys-
tems on demand, and supports the most widely-used email solutions,
namely Postfix, Sendmail, Qmail and Exim.



5.16.1. Linux Mail Server Security
The linux based mail server environment is still interesting in the market and most internet providers, universities
are using it. The survey done by SecuritySpace.com shows how the linux mail server market had been developed
in the last three years.

For each domain in our conventional web server survey, we also determine the list of mail servers that provide
inbound mail services (via MX record lookups). Each unique mail server is connected to once each month, where
we wait for the server’s “220 “ message which usually accompanies a banner revealing the server software being
used. In the current survey

In 2007, 1.752.365 million servers where queried,
only 914.933 servers responded with a banner that allows us to identify the software being used.
In 2008, 1.898.228 million servers where queried,
only 921.330 servers responded with a banner that allows us to identify the software being used.
In 2009, 1.822.275 million servers where queried,
only 858.606 servers responded with a banner that allows us to identify the software being used.


                       300000

                       250000

                       200000
                                                                                                Sendmail
              Server




                       150000                                                                   Exim
                                                                                                Postfix
                       100000
                                                                                                Microsoft
                       50000                                                                    Other

                           0
                                   2007                2008               2009
                                                       Year

                                                       Figure 60.


It is clear to see that the linux mail server market is still growing and different mail transfer agents (MTS) are fight-
ing for the top position. Kaspersky offers for most of those MTA’s the appropriate protection component including
Antivirus and Anti-Spam.




                                                                                                              Page 203
Enterprise Sales Compendium

5.16.2. Definition

5.16.2.1. Main Features

•   Antivirus scanning
•   Customizable notifications
•   Quarantine
•   Backup copies
•   File server scanning


5.16.2.2. Advanced Features

•   Remote administration
•   Configuration of updates


5.17. General Application Description

Features                         Description

Antivirus scanning               All elements of email messages are scanned for malicious code. The ap-
                                 plication scans for and removes all types of viruses, Trojans, spyware, mali-
                                 cious and potentially hostile programs from incoming and outgoing mail
                                 messages and attachments in most formats.
Customizable notifications       When a suspicious or infected object is detected, the system administra-
                                 tor, sender and recipient of the message receive a message, the contents
                                 and format of which are defined by the system administrator. System mes-
                                 sages can be sent in any language.
Quarantine                       Infected, suspicious and damaged objects detected in a server’s file sys-
                                 tem or in email traffic can be moved to the quarantine folder, where they
                                 will be disinfected, deleted or stored according to predefined settings.
Backup copies                    Backup storage can be created to store copies of infected objects before
                                 they are treated, making it possible to restore if necessary.
File server scanning             In addition to scanning mail traffic, Kaspersky Anti-Virus for Linux Mail
                                 Servers offers on demand scanning of the server’s file systems. The scan-
                                 ning is performed with the help of iChecker, a check-summing technology
                                 which significantly reduces the amount of time required for additional
                                 scans of each object.
Filtering by attachment type     The application can be configured to filter mail traffic by attachment name
                                 and file type and to apply specified processing rules for each category.
Filtering by user group          Administrators can create user groups, assign individual message pro-
                                 cessing rules to each group and define user privileges for each group.




Page 204
Messaging, Web, Infrastructure & Endpoint Products

5.17.1. Administration and Notification


Features                   Description

Remote administration      Kaspersky Anti-Virus for Linux Mail Server can be configured either
                           traditionally, via the application’s configuration file, or using the Web
                           interface.
Configuration of updates   Antivirus databases can be updated from Kaspersky Lab’s servers via
                           the Internet or from local update servers on demand or on schedule.
                           Administrators can choose the type of antivirus databases to be used:
                           standard (detection of true malware only) or extended (databases used
                           to detect potentially hostile software – spyware, adware and more).
                           Kaspersky Lab antivirus databases are updated hourly.



5.17.2. Certifications

Title                      Details

                           Novell Ready Status shows that Kaspersky Anti-Virus 5.6 for Linux Mail
                           Servers has been tested and runs well on Novell SUSE Linux Enterprise
                           Server 10 platform.




Novel Ready Status
                           This status attests to the fact that Kaspersky Anti-Virus 5.6 for Linux Mail
                           Servers is optimised for Red Hat Enterprise Linux platforms.



Redhat Ready Status




                                                                                               Page 205
Enterprise Sales Compendium


5.18. Application Environment

5.18.1. Linux Mail Architecture
The linux mail architecture differs from the Microsoft based email architecture. The core component, the Mail
Transfer Agent (MTA) receives the mails from either another MTA, a Mail Submission Agent (MSA), or a Mail User
Agent (MUA). The MTA works in the background, while the user interacts with the MUA. The final delivery of emails
to a recipient mailbox is the task of the Message Delivery Agent (MDA).



                                  Company Premises




                      Mail flow to and
                    from the company
                                                          Kaspersky Anti-Virus
                                                          for Linux Mail Servers
                                                                                     Kaspersky Anti-Virus for
                                     Mail Server                                     Linux Mail Servers
                                                                                     Standalone
                                     Postfix
                                     Exim
                                     Sendmail
                                     qMail




                                                             Check mailbox,
                                                             messages send

                                           Client


                                                    Figure 61.


The main purpose of such MTA is usually to delivery emails to a recipient which uses an email client. This client
communicates with the MDA via two standard protocols, the Post Office Protocol (POP3) and the Internet Mes-
sage Access Protocol (IMAP).

To ensure that emails are not infected with Malware, the Kaspersky Anti-Virus for Linux Mail Server can be used
to check the mailbox on the MTA and the outgoing/incoming emails.

KAV4LMS supports the following MTA’s:
• Postfix
• EXIM
• SendMail
• qMail

KAV4LMS consists of three filter which allows to connect to the MTA:
• kav4lms-milter - Milter service for connection with SendMail / Postfix MTA via Milter API
• kav4lms-filter - SMTP service for connection with Postfix and Exim MTA
• kav4lms-qmail - Mail queue handler for qmail




Page 206
Messaging, Web, Infrastructure & Endpoint Products

5.18.1.1. Postfix

Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail. It is intended
as a fast, easier-to-administer, and secure alternative to the widely-used Sendmail MTA.

It is released under the IBM Public License 1.0 which is a free software licence.

Originally written in 1997 by Wietse Venema at the IBM Thomas J. Watson Research Center and first released in
December 1998, Postfix continues as of 2010 to be actively developed by its creator and other contributors The
software is also known by its former names VMailer and IBM Secure Mailer.

Features:
• Transport Layer Security
• delegation of SMTP policies to an external process (this allows greylisting) and advanced filtering
    (e.g. using policyd-weight, Postfix can check the E-mail meta-information (sender, recipient, client, helo)
    against various DNSBLs and for RFC compliance, and reject near-certain spam ahead of receiving the body
    of the messages, lessening server load)
• delegation of the delivery to an external process (this allows inspection of the header and body of an email)
• different databases for maps: Berkeley DB, CDB, DBM, LDAP, MySQL, SQLite and PostgreSQL
• Mbox-style mailboxes, Maildir-style mailboxes, and virtual domains
• Address rewriting (envelope and header), VERP, SMTP-AUTH via SASL
• milter support compatible with Sendmail milters
• compilable on AIX, BSD, HP-UX, IRIX, GNU/Linux, Mac OS X, Solaris, Tru64 UNIX and, generally
    speaking, on every Unix-like operating system that ships with a C compiler and which delivers a standard
    POSIX development environment. It is the default MTA on NetBSD.

Postfix has a particular resilience against buffer overflows and can handle large amounts of e-mail. A Postfix
system implements a cooperating network of different daemons. Each daemon fulfills a single task using mini-
mum privileges. In this way, if a daemon is compromised, the impact remains limited to that daemon and cannot
spread throughout the entire system. Only one process has root privileges (master), and few processes actually
write to locations outside the queue directory (local, virtual) or invoke external programs (local, pipe).Most dae-
mons can be easily chrooted and communicate through named pipes or UNIX-domain sockets.

5.18.1.2. EXIM

Exim is a mail transfer agent (MTA) used on Unix-like operating systems. Exim is free software distributed under
the terms of the GNU General Public Licence, and it aims to be a general and flexible mailer with extensive facili-
ties for checking incoming e-mail.

Exim has been ported to most Unix-like systems, as well as to Microsoft Windows using the Cygwin emulation
layer. Exim 4 is currently the default MTA on Debian GNU/Linux systems.

A large number of Exim installations exist, especially within Internet service providers and universities in the UK.
Exim is also widely used with the GNU Mailman mailing list manager, and cPanel.

Exim is highly configurable, and therefore has features that are lacking in other MTAs. It has always had substan-
tial facilities for mail policy controls, providing facilities for the administrator to control who may send or relay mail
through the system. In version 4.x this has matured to an Access Control List based system allowing very detailed
and flexible controls. The integration of a framework for content scanning, which allowed for easier integration
of antivirus and anti-spam measures, happened in the 4.x releases. This made Exim very suitable for enforcing
diverse mail policies.

The configuration is done through one (or sometimes more) configuration files, which must include the main sec-
tion with generic settings and variables, as well as the following optional sections:

•   the access control list (ACL) section which defines behaviour during the SMTP sessions,
•   the routers section which includes a number of processing elements which operate on addresses
    (the delivery logic),
•   the transports section which includes processing elements which transmit actual messages to destinations,
•   the retry section where policy on retrying messages that fail to get delivered at the first attempt is defined,
•   the rewrite section, defining if and how the mail system will rewrite addresses on incoming e-mails
•   the authenticators section with settings for SMTP AUTH.


                                                                                                               Page 207
Enterprise Sales Compendium

5.18.1.3. SendMail

Sendmail is a general purpose internet work email routing facility that supports many kinds of mail-transfer and
-delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet.

Allman had written the original ARPANET delivermail which shipped in 1979 with 4.0 and 4.1 BSD. He wrote
Sendmail as a derivative of delivermail early in the 1980s at UC Berkeley. It shipped with BSD 4.1c in 1983, the
first BSD version that included TCP/IP protocols. Sendmail used to be the most popular mail transfer agent (MTA)
on the Internet. Its popularity is due in part to its position as the standard MTA under most variants of the Unix
and other Unix-like operating system.

Allman designed Sendmail to incorporate great flexibility, but it can be daunting to configure for novices. Standard
configuration packages delivered with the source code distribution require the use of the M4 macro language
which hides much of the configuration complexity. The configuration defines the site-local mail delivery options
and their access parameters, the mechanism of forwarding mail to remote sites, as well as many application
tuning parameters.

Sendmail originated in the early days of the Internet, an era when considerations of security did not play a primary
role in the development of network software. Early versions of Sendmail suffered from a number of security vul-
nerabilities that have been corrected over the years.

Sendmail itself incorporated a certain amount of privilege separation in order to avoid exposure to security is-
sues. As of 2009, current versions of Sendmail, like other modern MTAs, incorporate a number of security im-
provements and optional features that can be configured to improve security and help prevent abuse.

Sendmail provides the Milter API to implement integration with custom filters. The mail traffic should be passed
from Sendmail to Kaspersky Anti-Virus and back using the Milter interface calls. Messages are transferred for
analysis before their addition to MTA queue (pre-queue integration). As a rule, in case of product integration with
Sendmail changes are made to the MTA configuration file in mc format, the cf file changes automatically. If such
functionality is not supported, then after modification of the appropriate mc file, the corresponding cf file should
be modified, too.

5.18.1.4. qMail

qmail is a mail transfer agent (MTA) that runs on Unix. It was written, starting December 1995, by Daniel J. Bern-
stein as a more secure replacement for the popular Sendmail program. qmail’s source code is in the public do-
main, making qmail free software. When first published, qmail was the first security-aware mail transport agent;
since then, other security-aware MTAs have been published. The most popular predecessor to qmail, Sendmail,
was not designed with security as a goal, and as a result has been a perennial target for attackers. In contrast
to sendmail, qmail has a modular architecture composed of mutually untrusting components; for instance, the
SMTP listener component of qmail runs with different credentials than the queue manager, or the SMTP sender.
qmail was also implemented with a security-aware replacement to the C standard library, and as a result has not
been vulnerable to stack and heap overflows, format string attacks, or temporary file race conditions. When it
was released, qmail was significantly faster than Sendmail, particularly for bulk mail tasks such as mailing list
servers. qmail was originally designed as a way for managing large mailing lists.


qmail was not designed to replace Sendmail, and does not behave exactly as Sendmail did in all situations. In
some cases, these differences in behaviour have become grounds for criticism. For instance, qmail’s approach
to bounce messages (a format called QSBMF) differs from the standard format of delivery status notifications
specified by the IETF in RFC 1894, meanwhile advanced to draft standard as RFC 3464, and recommended in
the SMTP specification.

Furthermore, some qmail features have been criticized for introducing mail forwarding complications; for in-
stance, qmail’s “wildcard” delivery mechanism and security design prevents it from rejecting messages to nonex-
istent senders during SMTP transactions. In the past, these differences may have made qmail behave differently
when abused as a spam relay, though modern spam delivery techniques are less influenced by bounce behaviour.

The qmail MTA does not provide support for filtering extensions. Filtering is implemented by the /opt/kaspersky/
kav4lms/lib/bin/kav4lms-qmail (/usr/local/libexec/kaspersky/kav4lms/kav4lms-qmail for FreeBSD) binary,
provided with KAV4LMS, which replaces the original qmail-queue binary. The replacing file implements filtering
and passes the mail traffic to the original qmail-queue for delivery. Messages are transferred for analysis before
their addition to MTA queue (pre-queue filtration).

Page 208
Messaging, Web, Infrastructure & Endpoint Products

5.18.1.5. “A Mail Virus Scanner” AMaViS

AMaViS stands for “A Mail Virus Scanner”. However, it is not a virus scanner, but software that is used to integrate virus
scanner in the mail server. Recent AMaViS variants can also integrate SpamAssassin and other anti-spam software.
AMaViS is therefore understood as a complete e-mail filter framework. Computer viruses have existed before e-mail
reaches a significant proliferation. Similarly, there have antivirus programs before there was a e-mail viruses. As effec-
tive protection against email viruses these programs were not suitable, for e-mail viruses tend to use vulnerabilities of
e-mail client or the inexperience of the user and should be intercepted before they ever reach the recipient’s system.
Virus scanner work primarily at the file level: you scan a file and determine whether a Virus is contained.
E-mails are on the mail server before but not as a file, but only in memory and internal spool files. In addition, E-
mail are encoded by different complex mechanisms: attachments, zip archives, MIME, Base64, and more. While
modern virus scanners can often archives and scan certain coded forms, but not all. And it would be especially
when using several virus scanners more efficient if the decoding should happen only once. There are also dozens
of antivirus software Products and several MTA products, but no standardized interface between
both worlds. The primary task of AMaViS is, to build a bridge for the virus scanners to protect the users from
malware.

AMaViS receives an e-mail from the MTA via a standard interface, either through a pipe or through SMTP. Then
AMaViS divides the e-mail in their MIME parts, decodes and unpacks the contents of any archives. These items,
which are present now as files on the disk, are scanned by a virus scanner. If a virus is found, AMaViS decides de-
pending on its configuration if a email is rejected, an error occur or the MTA sends a message to the participant.

If the e-mail is already decoded and unpacked other checks can be started to ensure a secure and client email.
Newer versions of AMaViS allow to reject attachments with certain file types. You can also perform Spam detec-
tion with the help of SpamAssassin.

Although AMaViS works with different MTA’s, the combination with Postfix is the best-tested one. In the Postfix is
running AMaViS terminology as a “content filter” or in Postfix versions from version 2.1 to be more precise than
“after-queue content filter”. This content filter Speakers are any programs that SMTP and e-mails as they see fit
rewrite filter, or delete them.




                                                                                                               Page 209
Enterprise Sales Compendium

Although AMaViS works with different MTA’s, the Postfix MTA had been tested by the AMaViS development team
very well and ensures highest performance and best stability compared with the other MTA’s available. The next
figure displays the way of an email though Amavis and Postfix.

The integration of AMaViS with Exim is similar to the method of Postfix. Only the used ports must be configured
differently than with Postfix.



                                           Mail Environment

                                                Port 25
                                                           MTA 01


                                            Port 10025
                                                           MTA 02

                                                                    Port 10024
                                                           AMaViS




                                                                Recipient



                                                   Figure 62.


If you want to keep mails with malware, spam or other unwanted constant, AMaViS allows the administrator to
use the build in quarantine. Administrators and authorized used are able to copy the data from the quarantine to
the user space if needed.




Page 210
Messaging, Web, Infrastructure & Endpoint Products

5.18.2. Competitor Overview
The linux mail server market is divided in two segments, the commercial and non-commercial segment. Products
like ClamAV are open source besides KAV4LMS is a commercial product.

5.18.2.1. ClamAV

Clam AntiVirus is an open source (GPL) antivirus toolkit for UNIX, designed especially for e-mail scanning on mail
gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command
line scanner and advanced tool for automatic database updates. The core of the package is an antivirus engine
available in a form of shared library.

Key features:
• command-line scanner
• fast, multi-threaded daemon with support for on-access scanning
• milter interface for sendmail
• advanced database updater with support for scripted updates and digital signatures
• virus scanner C library
• on-access scanning (Linux and FreeBSD)
• virus database updated multiple times per day (see home page for total number of signatures)
• built-in support for various archive formats, including Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex,
   SIS and others
• built-in support for almost all mail file formats
• built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack,
   wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
• built-in support for popular document formats including MS Office and MacOffice files, HTML, RTF and PDF

If a company requires support for ClamAV a support contract with SourceFire must be signed. Subscribers to
Certified ClamAV support receive:
• 24x7 phone and email support
• Fast, expert response to customer inquiries
• Unlimited incident reports
• 1 hour response (phone requests)
• Access to Certified Binaries of ClamAV
     RHEL 5 (32 bit), Solaris 10 (SPARC), CentOS 5.0 (32 bit)

5.18.2.2. ESET Mail Security

ESET Mail Security provides Linux, BSD and Solaris mail servers with on-demand and on-access real-time protec-
tion from known and unknown viruses, worms, trojans, spyware and other Internet threats. ThreatSense® tech-
nology is the heart of ESET Mail Security. It proactively protects mission-critical file servers from zero-day threats
with minimal impact on system performance or resources. ThreatSense’s industry leading heuristic threat detec-
tion minimizes false positives while detecting new threats as soon as they emerge. With ESET, IT managers do
not have to choose between security and performance. And in most cases, there is zero latency between release
of a virus and protection.

Key Features:
• Antivirus & Antispyware scanning
• Spam filter
• Predefined Actions
• Transparent Scanning
• Multi-Processor Support
• Improved Deamon
• User specific configuration
• Web-Based configuration
• Support for Remote Administrator, ESET Remote Administrator
• ZMailer Support

ESET supports Linux distributions, FreeBSD, NetBSD and Sun Solaris. Additionally, 64bit systems are nativly sup-
ported.




                                                                                                           Page 211
Enterprise Sales Compendium

5.18.2.3. F-Prot Antivirus for Linux x86

F-PROT Antivirus for Linux x86 Mail Servers is a high speed virus protection that scans e-mail messages and at-
tachments and detects, disinfects and deletes malicious programs, such as mass-mailers, worms, macro viruses
and Trojan Horses.

It supports all popular mail servers running on Linux including Sendmail, Postfix and Qmail.

When an infected or suspicious object is found, the infection is removed. If this is not possible, then the message
or attachments are removed and an appropriate message is appended to the e-mail informing the recipient of the
action taken. In addition to this, F-Prot Antivirus also allows you to create backups of all incoming mail to ensure
the security of your data.

Main components
F-PROT Antivirus for Linux x86 Mail Servers provides the same best of breed features as found throughout the
F-PROT product line.

F-Prot Antivirus for Linux x86 Mail Servers includes:
• F-PROT Antivirus Command-Line Scanner
• F-PROT Antivirus Daemon Scanner
• F-PROT Antivirus Updater
• F-PROT Antivirus Mail Scanner
• F-PROT Antivirus Preloadable Library Call Wrapper
• Plug-ins for in-transit mail scanning with Sendmail, Postfix or Qmail systems

Key Features:
• Advanced antivirus protection with disinfection of viruses, worms and trojans.
• Automatic blocking of messages carrying mass-mailers.
• Automatic quarantine of all executable content, even when no infection is found.
• Automatic virus signature file updates.
• Safe removal of viruses without damaging the original file.
• Integrates with Sendmail, Postfix and Qmail.
• Fast and powerful Command-Line Scanner.
• Daemon Scanner providing superior performance.
• Preloadable Library Call Wrapper (real time antivirus protection).
• Backup system, easily accessible by system administrators.
• Customizable settings to perform scheduled tasks and reports.

5.18.2.4. Avira MailGate Suite

Avira AntiVir MailGate scans all incoming and outgoing emails (including attachments) on your UNIX mail server.
The software can operate on a variety of Mail Transport Agents (MTAs), such as Sendmail, Postfix, Exim, Qmail and
other programs. It effectively supports common distributions - Red Hat, SuSE, Debian etc...

Key Features:

Avira AntiVir MailGate supports a variety of configuration settings to ensure that you have control of the email
traffic on your system. The essential features of Avira AntiVir MailGate are:
• real-time scanning of incoming and outgoing emails;
• scanning for viruses and unwanted programs;
• configurable spam filter (available in Avira MailGate Suite);
• scanning of mailboxes;
• isolation of suspicious and infected files;
• configurable notification functions for the administrator and for the email sender and recipient;
• reporting statistics about AntiVir MailGate’s activity into a database;
• automatic Internet update for product, scanner, engine and VDFs;
• heuristic detection for macro viruses;
• recognition of all common archive types (with configurable recursion level for nested archives);
• optional: GUI support for integration with Avira Security Management Center.




Page 212
Messaging, Web, Infrastructure & Endpoint Products

5.18.2.5. Trend Micro Messaging Security Suite

InterScan™ Messaging Security Suite delivers the immediate protection you need at the messaging gateway with
Web Reputation and Email Reputation, powered by the Trend Micro™ Smart Protection Network™. These unique
cloud-based services stop new and evolving threats before they can enter your network. Plus multi-layered spam
protection blocks more unwanted mail, while award-winning malware protection stops the broad range of blend-
ed threats. The solution also offers flexible content filtering to preserve resources and productivity, while prevent-
ing data loss and compliance violations.

Key Features:
Integrated Web and Email Reputation
Layered Anti-Spam and phishing defense
Antivirus and Antispyware
Flexable content filtering

Trend Micro Messaging Security Suite is available as standalone application as well as virtual appliance or hosted
service.

Competitor Overview - Matrix

                                                                                                        Trend Micro
                                                                            F-Prot An-
                                                             ESET Mail                    Avira Mail-    Interscan
 Feature                          KAV4LMS        ClamAV                     tivirus for
                                                              Security                    Gate Suite    Messaging
                                                                            Linux x86
                                                                                                          Securtiy
 Support Sendmail                     V             X             V              V             V              V
 Support Exim                         V             X             V              X             V              X
 Support Postfix                      V             X             V              V             V              V
 Support qMail                        V             X             V              V             V              V
 Support ZMailer                      V             X             V              X             X              X
 Support CommuniGate Pro              X             X             V              X             X              X
 Management
                                      X             X             V              X             V              V
 Remote Administration
 Management
                                      V             X             V              X             X              V
 Web Interface
 Management
                                      V             V             V              V             V              V
 Console
 Milter Interface                     V             V             V              X             V              X
 Notification
 eMail                                V             X             X              X             X              V
 SNMP                                 V             X             X              X             V              V
                                                                                                          V (HTML,
 Statistics                      V (txt, xml)       ?             ?              ?             ?
                                                                                                            CSV)
 Support Linux                        V             V             V              V             V              V
 Support AMaviS Interface             X             V             V              X                            X
 Support Solaris SPARC/x86            X             V             V              V             V              V
 Support IBM AIX                      X             V             X              V             X              X
 Support IBM xSeries                  X             V             X              V             X              X
 FreeBSD                              X             V             V              V             X              X




                                                                                                           Page 213
Enterprise Sales Compendium




Page 214
Application




Kaspersky Mail Gateway
Enterprise Sales Compendium




Page 216
Messaging, Web, Infrastructure & Endpoint Products


5.19. Application: Kaspersky Mail Gateway

Kaspersky Mail Gateway is a versatile solution that provides full-scale
protection for mail system users against viruses and unsolicited emails
(e.g., spam).

Kaspersky Mail Gateway can be installed on a separate server and
does not require integration into the existing mail system. The solution
significantly increases the level of protection against today’s computer
threats, making it possible to combine different vendors’ antivirus solu-
tions on the same network.


5.19.1. Mail Gateway Security
In contrast to standard linux based mail servers, linux based mail gateway solutions combine the functionality
of a MTA with an Antivirus and Anti-Spam module. The MTA is hardened by the manufacture of the gateway to
provide maximum security.

A linux based mail server uses a MTA which is configured by the administrator and not hardened for security
issues so that it does not provide as much security as a gateway solutions. Besides, the mail server solutions
provide more flexibility for the company.


5.19.2. Definition

5.19.2.1. Main Features

•   Antivirus scanning
•   Spam filtering
•   User notification
•   Quarantine

5.19.2.2. Advanced Features

•   Remote administration
•   Configuration and optimization of the application
•   Graphical reports




                                                                                                    Page 217
Enterprise Sales Compendium


5.20. General Application Description

Feature                            Description

Antivirus scanning                 The program scans for and removes all types of viruses, and malicious
                                   and potentially hostile programs in all elements of incoming and outgoing
                                   email messages, including attachments.
Spam filtering                     The application scans mail traffic for spam based on formal attributes
                                   and analysis of message contents and their attachments using intelligent
                                   technologies, including special graphical signatures for detecting spam in
                                   the form of images.
User notification                  If a suspicious or infected object is detected, the system administrator,
                                   sender and recipient of the message receive a notice, the contents and
                                   format of which are defined by the system’s administrator. If a message
                                   is categorized as spam, it can be blocked, sent to a quarantine folder or
                                   delivered to the recipient with a special tag in the subject field.
Quarantine                         Infected and suspicious objects and messages identified as spam can be
                                   moved to a quarantine folder, where the administrator can view or delete
                                   them, or forward them to the end user.
Message Filtering by attachment The application can be configured to filter mail traffic by attachment name
type                            and file type, helping to immediately identify objects that are likely to con-
                                tain viruses.
Message Filtering by user group    The administrator can define separate message processing rules for each
                                   group of mail system users by defining limitations in accordance with the
                                   security policy and employee needs.


5.20.1. Administration and Notification

Feature                            Description

Remote administration              Kaspersky Mail Gateway can be managed remotely using a web interface,
                                   as well as traditionally, using the configuration file.
Configuration and optimization     Depending upon mail traffic volume and the stringency of the company’s
of the application                 security policy, the administrator can change the application’s operating
                                   parameters, from maximum system performance to maximum user protec-
                                   tion. The administrator can also configure various timeouts for sending
                                   and/or receiving messages, manage the application’s queue and limit the
                                   number of objects that can be scanned simultaneously in the background
                                   mode.
Configuration of updates           The antivirus database can be updated on demand or automatically
                                   according to a predefined schedule from Kaspersky Lab servers on the
                                   Internet or from local servers specified by the system administrator. Some
                                   modules of the antivirus engine and the linguistic analyser can be updat-
                                   ed, as well.
Graphical reports                  The program includes the capability of viewing virus activity for a given
                                   period of time in graphical form. Information regarding the types of viruses
                                   detected during antivirus scans can also be viewed. In addition, the ad-
                                   ministrator can receive detailed information on the program’s status and
                                   operation by using a broad range of reports with the desired level of detail.




Page 218
Messaging, Web, Infrastructure & Endpoint Products

5.20.2. Application Environment

5.20.2.1. Mail Gateway Infrastructure Overview

In contrast to the Linux Mail Server protection, the Mail Gateway is a all-in-one solution that provides a MTA and
the Kaspersky Anti-Spam and Antivirus components. The Mail Gateway can be installed on specific linux distribu-
tions to provide an additional protection layer in the network.


                  Company Premises                                                              Computer with
                                                                                                 Mail Client




                Mail flow to and                           Check
              from the company                            Message




                        Kaspersky Mail Gateway                         Check
                                                                      Message
                        Modified Postfix MTA

                        Kaspersky Antivirus
                        Kaspersky Antispam




                                                  Additional Mail Server

                                                  Linux based MTA
                                                  Microsoft Exchange Server
                                                  Domino Mail Server

                                                    Figure 63.


Customers do have the possibility to establish a multi-layer mail scanning architecture where the Kaspersky Mail
Gateway is the first instance in the company. The mail gateway either forwards the messages to another mail
transfer agent or deliver the mails directly to the users.

The first option is mostly used, since the mail gateway does not include a mail delivery agent, this must be in-
stalled additionally. Most companies forward the messages to additional mail server, like Microsoft Exchange
(Mailbox/Hub Role), Lotus Notes Domino, or another linux based mail server architecture.

Since Kaspersky do not provide a protection for Lotus Notes Domino, the Kaspersky Mail Gateway could be used,
to check the mail traffic before the Domino server, and forward them cleared from spam and malware.




                                                                                                        Page 219
Enterprise Sales Compendium




Page 220
Application




Kaspersky Anti-Spam
Enterprise Sales Compendium




Page 222
Messaging, Web, Infrastructure & Endpoint Products


5.21. Application: Kaspersky Anti-Spam

Kaspersky Anti-Spam 3.0 provides thorough and accurate protection
from spam for users of corporate mail systems and public email ser-
vices.




5.21.1. Anti-Spam Protection
Kaspersky Anti-Spam 3.0 is a software suite filtering e-mail in order to protect mail system users from unsolicited
mass mail (spam).

Kaspersky Anti-Spam filters incoming mail when received by SMTP-protocol, i.e. before the messages get into in-
box. Kaspersky Anti-Spam uses administrator-defined rules to process received messages accordingly. Namely,
it delivers a message without modifications, blocks it, generates a notification informing that a message could
not be received, adds or modifies message header and performs other actions specified by the administrator.

The application uses a new intellectual technology Spamtest to recognize unwanted mail. The technology in-
cludes integrated methods to recognize spam: a DNS-based real time black hole list (DNSBL), a check based on
SPF and SURBL, analysis of the formal message parameters, linguistic heuristics, signatures updated in real-
time and graphic spam recognition.




                                                                                                         Page 223
Enterprise Sales Compendium

5.21.2. Definition

5.21.2.1. Main Features

•   List-based filtration
•   SPF and SURBL technologies
•   Analysis of formal attributes
•   Signature analysis
•   Linguistic heuristics

5.21.2.2. Advanced Features

•   Flexible management
•   Management of user groups


5.22. General Application Description

Feature                             Description

List-based filtration               Sender IP addresses are checked against blacklists of spammers, which
                                    are maintained by Internet service providers and public organizations
                                    (DNS-based Blackhole Lists). System administrators can add addresses
                                    of trusted correspondents to a safe list, ensuring that their messages are
                                    always delivered without undergoing filtration.
SPF and SURBL technologies          The filtration process also involves verifying senders using the Sender
                                    Policy Framework. Detection of spammer IP addresses using DNSBL is
                                    supplemented by SURBL technology (Spam URI Real-time Block List),
                                    which can identify spam URLs in the message body.
Analysis of formal attributes       The program recognizes spam by such typical characteristics as distorted
                                    sender addresses or the absence of the sender’s IP address in DNS, an
                                    excessive number of intended recipients or hidden addresses. The size
                                    and format of messages are also taken into consideration.
Signature analysis                  Lexical signature databases are updated around the clock. Using spam
                                    signatures, the program can even recognize modified versions of spam
                                    messages that have been altered to evade spam filters.
Linguistic heuristics               The program scans messages for words and phrases that are typical of
                                    spam messages. Both the content of the message itself and any attach-
                                    ments are analysed.
Graphic spam                        A database of signatures for graphic spam equips the program to block
                                    messages containing spam images, a type of spam that has become
                                    increasingly common in recent years.
Real-time UDS requests              The Urgent Detection System is updated with information on spam mes-
                                    sages literally seconds after they first appear on the Internet. Messages
                                    that could not be assigned a definitive status (e.g., spam, no-spam) can be
                                    scanned using UDS.




Page 224
Messaging, Web, Infrastructure & Endpoint Products

5.22.1. Administration and Notification

Feature                         Description

Flexible management             Our web interface allows system administrators to manage the application
                                both locally and remotely. The filtration level is easily configurable, as are
                                blacklists and safe lists. It is also possible to disable/enable individual fil-
                                tration rules and automatically block mail encoded in Asian language sets.
Management of user groups       The administrator can create user groups either using lists of addresses or
                                domain masks (for example, XXX@domain.com) and apply individual set-
                                tings and filtration rules to each group.
Options for processing spam     The program can be configured to process spam by either automatically
                                deleting it, redirecting it to the quarantine folder with a note to the user or
                                sent for further filtration to the mail client.
Detailed reports                Administrators can easily monitor the application, the protection status
                                and license status, using HTML reports or alternatively, by viewing log files.
                                Data can be exported in CSV and Excel formats.
Updating databases on schedule Updates to antivirus databases can be downloaded on a schedule set
                               by the administrator (by default they update every 20 mins). When unde-
                               cided about the status of a suspicious message, the program also makes
                               requests to the UDS server.



5.22.2. Certifications

Title                           Details

                                This logotype confirms that Kaspersky Anti-Spam 3.0 is optimizied to run
                                on Red Hat Linux platforms.



Redhat Ready Certification
                                This certification proves that Kaspersky Anti-Spam 3.0 has passed ICSAL-
                                abs tests successfully. This certification attests that the product filters
                                minimum 95% of spam with less than 0,001% false positives. The anti-
                                spam application has also been certified from the point of view of adminis-
                                tration capabilities, efficiency capacity, security and logging levels.

ICSA Anti-Spam Certification
                                This logotype confirms that Kaspersky Anti-Spam 3.0 was tested and runs
                                fine on Novell SUSE Linux Enterprise Server 9.0 platform.




Novell Ready Certification




                                                                                                       Page 225
Enterprise Sales Compendium

                                     Kaspersky Anti-Spam 3.0 successfully passed three-level certification
                                     tests conducted by research center West Coast Labs, confirming a high
                                     quality of programming.

                                     Checkmark certification attests to the fact that software and hardware
                                     security systems meet stringent quality standards. The independent test
                                     laboratory of West Coast Labs, a British scientific research centre, deter-
 Checkmark Anti-Spam Premium         mines criteria and carries out testing.
 Certification
                                     Kaspersky Anti-Spam 3.0 has successfully passed Anti-Spam Premium
                                     and demonstrated high level of spam detection with minimum false
                                     alarms.



5.22.3. Competive Overview

5.22.3.1. Symantec Brightmail Message Filter

Symantec Brightmail Message Filter combines effective spam filtering, high accuracy rate and a flexible, high
throughput engine. Deployed at the email gateway, this easy-to-manage solution defends against spam, phishing,
viruses, and other unwanted email. With user selectable industry specific filtering capabilities it meets either ser-
vice providers or large enterprise security needs without imposing a significant administrative burden. Supported
by the extensive Symantec Global Intelligence Network, Brightmail Message Filter protects over 800 million mail-
boxes and over 200 service providers globally.

Key Features:
• Over 24 different proprietary signature, heuristics, reputation and embedded URL filters
• 97% anti-spam effectiveness
• Less than a 1 in a million false positive rate
• Support for numerous major commercial and open source MTA platforms
• Adjustable rules based on service provider and large enterprise needs to provide the best mix of performance
    and effectiveness in large scale deployments
• Automated spam filter updates backed by the world’s largest Global Intelligence Network
• Award-winning Symantec Antivirus protection scans and cleans messages infected with viruses and mass-
    mailing worms
• Language-based filters to block non–English language spam
• Web-based Brightmail Control Center provides centralized management of multiple servers, role-based ad-
    ministration, and system alerts
• Customized mail policies support flexible actions, such as message deletion, mark-up or quarantine for dif-
    ferent groups of users
• LDAP support for authentication and end user quarantine access
• Centralized reporting provides in-depth filtering statistics with visibility across all servers, providing key data
    on spam filtering performance and the latest spam trends

5.22.3.2. SpamAssassin

SpamAssassin is a mail filter to identify spam. It is an intelligent email filter which uses a diverse range of tests
to identify unsolicited bulk email, more commonly known as Spam. These tests are applied to email headers and
content to classify email using advanced statistical methods. In addition, SpamAssassin has a modular architec-
ture that allows other technologies to be quickly wielded against spam and is designed for easy integration into
virtually any email system.

SpamAssassin’s practical multi-technique approach, modularity, and extensibility continue to give it an advan-
tage over other anti-spam systems. Due to these advantages, SpamAssassin is widely used in all aspects of
email management. You can readily find SpamAssassin in use in both email clients and servers, on many dif-
ferent operating systems, filtering incoming as well as outgoing email, and implementing a very broad range of
policy actions. These installations include service providers, businesses, not-for-profit and educational organiza-
tions, and end-user systems. SpamAssassin also forms the basis for numerous commercial anti-spam products
available on the market today.



Page 226
Messaging, Web, Infrastructure & Endpoint Products

SpamAssassin uses a wide range of heuristic tests on mail headers and body text to identify “spam”, also known
as unsolicited commercial email. Once identified, the mail can then be optionally tagged as spam for
later filtering using the user’s own mail user-agent application. SpamAssassin typically differentiates success-
fully between spam and non-spam in between 95% and 100% of cases, depending on what kind of mail you
get and your training of its Bayesian filter. Specifically, SpamAssassin has been shown to produce around 1.5%
false negatives (spam that was missed) and around 0.06% false positives (ham incorrectly marked as spam).
See the rules/STATISTICS*.txt files for more information. SpamAssassin also includes plugins to support re-
porting spam messages automatically or manually to collaborative filtering databases such as Pyzor, DCC, and
Vipul’s Razor. The distribution provides “spamassassin”, a command line tool to perform filtering, along with the
“Mail::SpamAssassin” module set which allows SpamAssassin to be used in spam-protection proxy SMTP or
POP/IMAP server, or a variety of different spam-blocking scenarios. In addition, “spamd”, a daemonized version
of SpamAssassin which runs persistently, is available. Using its counterpart, “spamc”, a lightweight client writ-
ten in C, an MTA can process large volumes of mail through SpamAssassin without having to fork/exec a perl
interpreter for each message.




                                                                                                       Page 227
Enterprise Sales Compendium




Page 228
Application




Kaspersky Anti-Virus for
Lotus Notes Domino
Enterprise Sales Compendium




Page 230
Messaging, Web, Infrastructure & Endpoint Products


5.23. Application: Kaspersky Anti-Virus
for Lotus Notes Domino
Kaspersky Anti-Virus 8.0 for Lotus Domino provides effective anti-mal-
ware protection for IBM Lotus Domino servers used in large-scale cor-
porate networks with complex topology and heavy loads.




                                                                                        D   o m i n o




5.23.1. Lotus Notes Domino Security
KAV 8.0 for Lotus Domino provides anti-malware protection of messaging traffic, database files, their replications
and documents.

The new version supports the new platform (Lotus Domino 8.5.x) and also provides Linux support. As a minimum,
these features allow the product to be competitive based on its AV detection rate, tender flexibility and leverage
of our existing Endpoint distribution channels. Our solution for Lotus Domino is not an independent solution but
an add-on for that platform. So our customers are those that use that platform and who want to protect their
mail systems (incl. SMB and Enterprise) and our market share is a subset of the installed base of that platform.
If a customer already has a Lotus system installed, KAV will be a “door opener” for other Kaspersky Lab security
products. It’s a considerable opportunity for us.


5.23.2. Definition

5.23.2.1. Main Features

•   Permanent antivirus protection for documents
•   On-schedule scanning of emails, databases, documents and other objects
•   Backup copies (Quarantine)
•   Flexible configuration of protection parameters
•   Regular updates of antivirus databases
•   Scalable and fault tolerant
•   Administration via a web interface

5.23.2.2. Advanced Features

•   Scan result notification system
•   Logging system
•   Reporting system

5.23.2.3. New Capabilities

•   Group management of antivirus policies
•   Distributed management of server protection parameters
•   Simple mechanism for updating databases
•   Role-based administration
•   Message tagging and notification system




                                                                                                        Page 231
Enterprise Sales Compendium

5.23.3. Anti-Virus Protection

Features                          Description

Protection against viruses,       New antivirus engine provides the following advantages:
worms and Trojans - new antivi-
rus engine 8.0                    •   (New!) The use of new heuristic technologies combined with traditional
Improved!                             signatures makes detection of malicious objects more effective
                                  •   (New!) Antivirus scanning speed for messages have increased consid-
                                      erably
Real-time email scanning          The application scans messages, attachments (including packed and
                                  archived attachments) and OLE objects for viruses and other types of mal-
                                  ware (adware, spyware).

                                  Advantage: provides high-level protection for servers.
Scanning of databases, sending    The application performs antivirus scanning of email messages and other
documents and other objects       IBM Lotus Domino objects: documents in databases, OLE objects and
                                  documents sent between IBM Lotus Domino servers during replication
                                  (including cluster configurations).

                                  All documents stored in Lotus databases can be scanned on demand by
                                  the administrator.

                                  Advantage: a company’s entire system of business applications based on
                                  Lotus Domino can be protected by the application.
On-demand or on-schedule          The application performs background scanning of the documents stored
background scanning               on the server, ensuring that all objects are processed using the latest anti-
                                  virus databases without a noticeable increase of the server load. Addition-
                                  ally, scanning can be performed according to a schedule in order to spread
                                  out scanning tasks and, for example, system tasks.

                                  Advantage: adjustable scan depth and scheduled scanning allow server
                                  loads to be optimised.
Protection against malware        If the application detects several events of the same type during a defined
outbreaks                         time period – e.g. one and the same virus has been detected several times
                                  – the administrator is notified about the potential threat of a malware
                                  outbreak and can stop the receipt and sending of email messages.

                                  Advantage: full-scale protection against potential threats including tar-
                                  geted malware attacks.
Quarantine                        The application saves copies of infected, damaged and suspicious objects
                                  to backup storage, allowing important information to be restored in the
                                  event of an object becoming corrupted. A wide choice of search param-
                                  eters is offered to make searching for an object in backup storage more
                                  convenient.

                                  Advantage: the document workflow is not interrupted by any actions the
                                  antivirus program performs on objects.
Exclusions from scanning          The application offers flexible settings for scanning exclusions:
                                  • by file name
                                  • by the size of the scanned object
                                  • it is possible to disable scanning of attachments and OLE objects
                                  • it is also possible to disable scanning of message body in e-mail and
                                      text fields in case of replication and database scanning

                                  Advantage: highly flexible settings allow the specifics of a company’s busi-
                                  ness processes to be taken into account.




Page 232
Messaging, Web, Infrastructure & Endpoint Products

Scanning of attachments           The application offers flexible configuration for the scanning of attach-
                                  ments, including archives. Before an antivirus scan is launched, the at-
                                  tachments can be filtered by size and name as defined by the administra-
                                  tor and only then are they scanned for malicious objects.

                                  The attachments that are filtered out are processed according to the rules
                                  set by the administrator, e.g. they can be deleted or delivered without anti-
                                  virus scanning.

                                  Advantage: flexible settings for attachments increase the scanning speed.



5.23.4. Administration and Notification

Features                          Description

Centralized management of         The application allows different configuration profiles to be created and
server groups                     applied to all servers, without duplicating the settings on every server. If
(New!)                            necessary, several profiles can be created and managed centrally on all of
                                  the servers, or just selected ones.

                                  Advantage: easy management and monitoring of the protection status of
                                  any business applications installed on the company’s servers.
Distributed management of         The application supports the distributed storage of settings on all protect-
protection parameters             ed servers. This allows application settings to be saved in the event of the
(New!)                            failure of one or more servers.

                                  Advantage: easy management and high reliability.
Replication of application sta-   The application supports the distributed logging of events and the storage
tistics                           of statistics on all protected servers.
(New!)
                                  Advantage: easy management and high reliability.
Control of inserted parameters    The application controls the values of all inserted parameters in accord-
(New!)                            ance with business logic, e.g. the parameter ‘server administrator’ only
                                  allows the names of users or groups from the address book to be inserted.
                                  The registration of users with identical names is also impossible.

                                  Advantage: control of the parameters that are inserted helps prevent
                                  mistakes and simplifies the administrator’s job.
Defining administrators’ roles    The application is now capable of assigning different duties to the various
and management of access          administrators responsible for the operation of servers:
rights                            The three main administration roles are:
(New!)
                                  •   Security Administrator - has full access to all settings and defines ac-
                                      cess rights for administrators of lower levels; the security administra-
                                      tor will not usually manage settings themselves, they will take charge
                                      of initial system settings and change the access rights of more junior
                                      administrators if the need arises;
                                  •   Control Center Administrator - is authorized to create profiles, include
                                      any protected servers into a profile, appoint administrators for a given
                                      level of profile and correct any protection parameters for both the
                                      profile and the server;
                                  •   Restricted Administrator – may be responsible for the settings of a
                                      particular server or profile. The administrator of a profile can manage
                                      the protection parameters of all servers included in the profile.
                                  •   Advantage: the separation of administrators’ duties enables large
                                      companies to maintain different levels of internal security, including
                                      within the IT department.



                                                                                                      Page 233
Enterprise Sales Compendium

Installation and management       The application has a full web interface enabling the administrator to
via a web interface               remotely install applications and manage the solution.
Improved!
                                  (New!) The application can be installed and managed from most popular
                                  web browsers: Microsoft Internet Explorer 7 and 8, Mozilla Firefox 3, 3.5
                                  and Google Chrome 5.

                                  Advantage: the user-friendly, modern management interface saves the
                                  server administrator considerable amounts of time when working with the
                                  application.
Installation and management       The application can be managed via the standard Lotus Notes interface.
via the Lotus Notes Client
Improved!                         (New!) The application can now be installed via the Lotus Notes Client.

                                  (New!) Enhanced set of commands for the management of Kaspersky
                                  Antivirus via the Domino console.

                                  Advantage: the Lotus Notes interface management tool is already familiar
                                  to administrators.
Message tagging and notifica-     The application allows information about the results of an antivirus scan to
tion system                       be included into a message’s body. If a malicious object has been detected
(New!)                            in a message, the information regarding the type of threat detected the
                                  name of the malicious object and what actions have been performed is
                                  added.

                                  A note saying that a message has been scanned by Kaspersky can be
                                  added to message subject line, which enhances trust.
                                  The application allows the customization of scanning result notifications
                                  for the recipient, the sender and the administrator.

                                  Advantage: notifications sent to the administrator if an infected message
                                  is detected provide constant monitoring of the antivirus protection status,
                                  ensuring swift action is taken when necessary.
Logging system                    The application records all operations performed on a log file, allowing full
                                  control over its operation at any time.

                                  The application also saves statistic information and events into Lotus
                                  Notes/Domino database Worklog and Statistics. The administrator can
                                  browse this information using the application interface. The interface
                                  takes the filter and search system into consideration.

                                  Advantage: the convenient logging system simplifies the administrator’s
                                  work and reduces response times in the event of a system failure.
Reporting system                  The reports generated for every antivirus scanning task can help the ad-
                                  ministrator to control the antivirus protection status.
                                  A flexible filter and search system can be used in the reports.

                                  Advantage: detailed reports offer system administrators maximum control
                                  over the functioning of the application.
Activation of licenses from the   The new version allows administrators to extend licenses directly from
application’s interface           the management center interface. In the previous version the license was
(New!)                            activated via the Domino server command console.

                                  Advantage: more convenient management.




Page 234
Messaging, Web, Infrastructure & Endpoint Products

5.23.5. Performance

Features                         Description

Regular database updates         Database updates can be received from Kaspersky Lab servers on request
Improved!                        or automatically according to a preset schedule. The application auto-
                                 matically selects the least loaded update server. The application can also
                                 update from a local shared folder, reducing the amount of traffic required
                                 to update more than one server.

                                 (New!) Optimization of external traffic when updating antivirus databases.
                                 Database updates are downloaded to a server with Internet access and
                                 are distributed to other servers, thereby reducing network traffic. An up-
                                 date schedule can be separately configured for each server.

                                 Advantage: the optimised updating procedures save time for the system
                                 administrators.
Automatic scalability            (New!) The application automatically modifies the number of scanning
(New!)                           threads depending on the volume of traffic. The maximum number of
                                 threads is set by the administrator of the server.

                                 Advantage: the scalability of the application provides flexible and conveni-
                                 ent management of protected business applications running under Lotus
                                 Domino.
Scalable configuration           (New!) The application’s distributed architecture enables existing profiles
(New!)                           to be easily transferred to new servers or network nodes if the number of
                                 servers changes.

                                 (New!) Protected servers running under various operating systems work as
                                 a single entity.

                                 Advantage: the scalability of the application provides flexible and conveni-
                                 ent management of protected business applications running under Lotus
                                 Domino.
Flexible adjustment of server    The application provides flexible scanning exclusions, allowing scanning
load                             speed to be regulated:
Improved!                        • by restricting the size of incoming messages
                                 • by restricting the scanning time
                                 • by restricting the types of attachments
                                 • by excluding scanned databases by mask

                                 (New!) Protection parameters are configured separately for each scanning
                                 task (email, replication, databases).

                                 Advantage: flexible settings allow an administrator to adjust server loads.
Optimised use of system re-      The application scans objects in the server’s operating memory without
sources                          saving them to the hard disk.
(New!)
                                 Advantage: the application works faster and reduces server loads.
Uninterrupted operation of the   Increased fault tolerance of the application due to its optimised architec-
server                           ture.
Improved!
                                 Advantage: increased application reliability means fewer problems for the
                                 administrator.




                                                                                                     Page 235
Enterprise Sales Compendium

5.23.6. Supported Platforms

Features                      Description

Supports Linux                The application supports Red Hat 4.х, 5.x and SLES 9, 10.x, 11.x
(New!)                        Advantage: provides high levels of antivirus protection for the very latest
                              mail systems.
Supports Windows 2008 R2      The application is compatible with Windows 2008 R2
(New!)
Supports Lotus Domino 8.5.x   The application supports the most up-to-date versions of IBM Lotus
(New!)                        Domino
VMware ready                  The application protects business solutions installed on real and virtual
(New!)                        (guest) operating systems as attested by VMware Ready certification.

                              Advantage: provides broader opportunities for partners to use this solu-
                              tion in various tenders.




Page 236
Product




Kaspersky Security for Internet Gateway
Enterprise Sales Compendium




Page 238
Messaging, Web, Infrastructure & Endpoint Products


6. Product: Kaspersky Security for Internet Gateway

6.1. General Introduction
Web Security is defined as any software, appliance, or hosted service that protects corporate users and networks
from Web-based malware, helps prevent data loss, and enables organizations to control employee behavior on
the Internet. In addition, Web Security solutions can also help reduce liability resulting from careless browsing,
block inappropriate data from being uploaded or downloaded, as well as preserve corporate bandwidth for legiti-
mate tasks.

If in the past most companies were mostly concerned about protecting users from outside threats, today, we are
seeing more interest in bi-directional solutions. Bi-directional solutions enable to not only stop incoming threats,
but also prevent undesirable content from going out, including content produced by possible botnets and other
infected applications.

Kaspersky Antivirus for Gateways provides profound protection for Microsoft and linx-based gateway solutions
available throughout the market.




                                                                                                         Page 239
Enterprise Sales Compendium


6.2. Positioning Statement
Kaspersky Security for Internet Gateway provides secure Internet access for all employees in an organization,
automatically removing malicious and potentially hostile programs from incoming HTTP/FTP/HTTPS/SMTP and
POP3 traffic.

Kaspersky Security for Internet Gateway supports all versions of the most popular firewalls. It consists of 3 ap-
plications.

The solution is aimed at companies of all sizes, but primarily in the medium-level category. With the Standard ver-
sion of KAV for ISA/TMG, we can meet the requirements of most medium-level businesses. With the next version,
KAV for ISA/TMG Enterprise Edition, which is coming out next year, we can protect users in large and enterprise-
level companies too. It will contain features designed to support the special attributes of MS ISA Server and Fore-
front Enterprise Edition and will be aimed at large businesses. Now for enterprise-level companies we can offer
protection for previous versions Microsoft ISA Server Enterprise Edition, not for Forefront TMG, but it still has the
significant install base and we can also increase the sales in this market segment.


6.3. Kaspersky Security for Gateways Product Suite
This is a renewed product suite targeted at medium-size and enterprise-level customers and
consisting of five applications:

Kaspersky Security 8.0 for Microsoft ISA Server and TMG Standard Edition (New!)
Kaspersky Anti-Virus for Proxy Server

The previous product suite consisted of:
Kaspersky Anti-Virus for Microsoft ISA Server
Kaspersky Anti-Virus for Proxy Server
Kaspersky Anti-Virus for Check Point FireWall-1

These will be replaced by the new suite consisting of the products listed above.

6.3.1. KAV 8.0 for Microsoft ISA Server and TMG Standard Edition
The new version, Kaspersky Security 8.0 for Microsoft ISA Server and TMG Standard Edition, replaces old
Microsoft ISA Server Standard Edition applications and will be:

Part of Kaspersky Security for Internet Gateway, which belongs to the new Business Solutions family
(formerly Targeted Security)

Part of KOSS 4 (Total Space Security)
The previous version, Kaspersky Anti-Virus for Microsoft ISA Server, was available the same way as the new ver-
sion is.

6.3.2. KAV 5.6 for Microsoft ISA Server Enterprise Edition
This application has not been renewed this year; the new version is going to be launched in Q3 2011. We keep
this version in the product suite because Microsoft ISA Server still has a significant market share and a lot of
customers use it without upgrading to Forefront TMG.

It is now a part of Kaspersky Security for Internet Gateway and KOSS 4.

6.3.3. Kaspersky Anti-Virus for Proxy Server
This application has not been renewed this year; the new version is going to be launched in Q1 2012.
It is now a part of Kaspersky Security for Internet Gateway and KOSS 4.

6.3.4. Kaspersky Anti-Virus for Check Point FireWall-1
This application will not be renewed and is going to be excluded from the product line due to its small market
share.

Page 240
Messaging, Web, Infrastructure & Endpoint Products

6.3.5. Date of the changes
The new Kaspersky Security for Internet Gateway will replace the current suite as soon as the new application,
Kaspersky Security 8.0 for Microsoft ISA Server and TMG Standard Edition, is released commercially.

6.4. Target Market and Audience
KAV for Microsoft ISA Server and Forefront TMG Standard Edition are mostly oriented towards small and medium
businesses. Kaspersky Security for Internet Gateway contains applications supporting the most popular gate-
ways - Microsoft ISA Server and Forefront TMG and Linux proxy.
Microsoft ISA/TMG users: the SE version is mostly for medium-sized companies. SMB might also be a customer
if they are using KAV for Microsoft ISA/TMG as not only a gateway protection, solution, but a mail protection solu-
tion also. Our solution for MS ISA and Forefront TMG is not a standalone solution, but an add-on for that platform.
Our market share is a subset of the installed base of Microsoft ISA/TMG.
KAV for Proxy Server users: small and medium companies that prefer Linux solutions to Microsoft because the
Linux solution is free

Target Audience
The target audience remains mostly unchanged for all of the applications that are included in the product suite.


Target Audience                                         Decision Makers

                                                       CEO - business decision maker. Decides on IT budget-
SMB Small Level (<100 users)                           ing.
                                                       Administrators - choose products and have a strong
Small organizations with less than 100 worksta-        influence on the decision-making process, work with
tions and 1-3 servers.                                 the product after purchase and take decisions regard-
These companies are characterized by limited IT        ing its renewal.
resources dedicated to IT security maintenance and CEO - business decision maker. Decides on IT budget-
as a result, they need stable, easy-to-use and inex- ing. Cares about the general P&L situation regarding
pensive solutions, which provide minimal function- corporate IT.
ality for protection and administration.               Financial Director - often involved in the decision mak-
For these companies, it is common to hire external ing process instead of the CEO, decides on IT budgeting
system administrators (possibly with a low level       and expenses.
of professional experience) for common problem
solving.                                               CIO/CISO - technical decision maker - takes decisions
                                                       about infrastructure purchasing and development
SMB Medium-Level (>100 users)                          and oversees the general corporate IT strategy. They
                                                       typically own the IT budget and fight for it. Cares about
Medium-sized businesses with 100+ users.               savings. Sometimes the role of CEO and CIO are under-
For the lower part of this sector it is common to hire taken by the same person.
external system administrators (with high levels of
professional experience), or dedicated system ad-      Intermediate IT personnel - IT Manager, IT Service Desk
ministrators for common problem solving. However, Manager, Information and Communication Manager,
in most cases, there is no dedicated IT security       Security Manager - in enterprise companies often
specialist. Usually, these types of companies install authorized to take decision about purchasing software
MS ISA Server or Forefront TMG Standard Edition.       applications.
For the upper part of this sector it is common to      Administrators, including dedicated specialists such as
have an IT department with demarcated employee         mail server administrators - have a strong influence on
responsibilities (for example, some employees are      product choice and the decision-making process. They
dedicated to the mail system maintenance, some         work with the product after purchase and take deci-
to the gateways, etc.) ISA server or Forefront TMG is sions regarding its renewal. Enterprise companies often
usually installed in Enterprise Edition with support   have administrators that are solely responsible for sup-
for arrays.                                            porting workstations and file servers – these adminis-
                                                       trators also take decisions about the procurement of
There are a lot of users in these types of compa-      security products.
nies, so in most cases they will have a defined IT
security policy.
SMBs will typically have less than 1000 users in the
USA and less than 500 users in Europe.


                                                                                                         Page 241
Enterprise Sales Compendium


Enterprise Level (>1000 users) (Reliable for KAV for ISA Enterprise Edition.)

Typically large, structurally complex organizations with more than 1000 users, which generally need:
to maintain their competitive advantage by securely enhancing cross-organizational IT collaboration
are highly interested in regulatory compliance, measuring productivity and management reporting
wish to increase organizational effectiveness and minimize the cost of security system ownership
generally undertake a tender process for the procurement of equipment
These companies are characterized by a clear structure of responsibilities in their IT departments.
Also, these companies sometimes have complicated topologies, branches and local offices. In such cases,
the IT department structure will be complicated too, with many levels of responsibility and subordination.
Regarding IT-infrastructure, local offices could be managed by the main department, or have full local control.
In the latter case, these branches could be considered as standalone medium or large-sized companies.
For those organizations, ISA Server or Forefront TMG could be installed on a highly complex infrastructure.
This means that all possible combinations of EE and SE might be found in such an environment.
It is not unusual for complex software programs that monitor the status of the network infrastructure and criti-
cal applications to be installed in an organization. So, enterprise customers need to have a security solution
compatible with their integrated operations management systems.
Company management teams in this business segment are interested in preventing the leakage of confiden-
tial information from within the organization via electronic communications.
High fault tolerance of server solutions is hugely significant to larger organizations.



6.5. Target Market
Medium-sized businesses, using Microsoft ISA Server and Forefront TMG and needing a security product to pro-
tect their web traffic. We can offer our solution for the MS platform as part of the KOSS 4 bundle and as a sepa-
rate solution for the protection of corporate gateways

SMBs using Squid proxy server, mostly because it’s a free solution that cuts their IT infrastructure costs
ISPs providing web access services, producing large volumes of web traffic, mostly with a Linux-based server
infrastructure due to its high productivity and free proxy server solution (mostly Squid)
KOSS 2 and KOSS 3 users worldwide Current customers of KOSS 2 or KOSS 3 who need TMG server protection,
but didn’t bother with it because our previous products didn’t support this solution. Now they may want to buy the
new version of Kaspersky Security for Internet Gateway because of the new product features. Or they may want
to upgrade to KOSS 4 when they are ready to renew

Enterprise companies, all industries, using previous versions of Microsoft ISA Enterprise Edition, which need ar-
rays support and other enterprise-oriented features


6.6. Customer Problems and Value Proposition

6.6.1. Customer Problems and Needs
•   A primary need for organizations is to reduce the costs associated with web threats. Thus they need a solu-
    tion which protects corporate users and networks from web-based malware
•   The customers care about their reputation - they don’t want to be a source for malware distribution and want
    to protest their network from becoming a botnet - malware can turn corporate PCs into zombie computers,
    sending out spam or attacking other networks
•   Companies need to preserve their bandwidth and make it available for legitimate traffic and application use
•   Small companies and regional branches of corporations want to save money and use one security solution
    for the protection of both web and mail traffic
•   Customers need to ensure uninterrupted operation and effective execution of the company’s business pro-
    cesses, so they need a reliable, high performance security solution
•   Customers need protection for the latest versions of their gateway solution - when they upgrade their web
    server or buy a new one they may want enhanced, up-to-date security protection. The next after Microsoft ISA
    Server product generation, Microsoft Forefront TMG 2010, has only basic security functionality which may
    not be enough for company business



Page 242
Messaging, Web, Infrastructure & Endpoint Products

•   ISPs need to protect ther customers’ web traffic from digital threats. They also need easy-to-configure and
    easy-to-deploy solutions
•   Our partners need flexible solutions for web server protection if they are to tender successfully – especially
    for clients that prefer a single security vendor approach


6.6.2. Value Statement
•   Kaspersky Lab’s solution offers effective protection from malware spread via the Internet and prevents the
    infection of corporate networks. The solution provides very robust data protection due to the use of Kaspersky
    Anti-Virus technologies
•   The product helps companies to keep their reputation intact – it protects corporate networks from becoming
    botnet
•   Kaspersky Lab’s solution covers all of the popular gateways – Microsoft ISA/TMG server and Linux proxy
    servers. In the new version of Kaspersky Security for Internet Gateway, we support the latest version of the
    Microsoft gateway solution
•   Kaspersky Lab solutions helps cut costs for small businesses by protecting mail and web traffic in one
    solution
•   Our solution is easy to use and provides effective network security management. It allows the productivity of
    IT staff to be increased
•   The product’s solid design provides the customer with the necessary confidence to use it under heavy load
    conditions, safe in the knowledge that it won’t slow the system down or otherwise interfere with business
    operations. It also allows companies to preserve their bandwidth
•   Kaspersky Lab offers a complete range of solutions. From endpoint, network infrastructure, mail and web
    security solutions through to technical support services


6.7. Competitive Analysis

6.7.2.1. Market Overview

Trojans, viruses, worms and other types of malicious code were ranked the second greatest threat to enterprise
security. Virus writers and hackers are increasingly leveraging the popularity of Web 2.0 sites to target the great-
est number of users. The practice of hackers planting malicious code on legitimate websites is quickly becoming
the norm. Hackers and malware developers are aggressively innovating ways to compromise popular Web 2.0
sites and others to install malicious code designed to steal personal and/or business confidential information.

Spyware continues to be both a security and system management nightmare. Theft of confidential information,
loss of productivity, consumption of large amounts of bandwidth, corruption of desktops, and a spike in the num-
ber of help desk calls related to spyware are overwhelming many IT departments. More recently, spyware has
evolved from a mischievous hobby to a money-making criminal venture that has attracted a new breed of sophis-
ticated hackers and organized crime. The web is without doubt the single greatest source of spyware infections.
For web protection, the traditional in-premises market is predicted to continue growing to over US $1.2BN by
2013, despite the increased influence of SaaS and Appliances.

6.7.2.2. Competitive analysis*

*A detailed comparison for each application will be available as separate documents, in this document we
provide the comparison made by “PDF reading”, without testing.

Kaspersky Lab’s key competitors also have a security solution for Gateways, mainly separate products for each
platform type. Below we have a high-level key feature comparison table showing Kaspersky Security for Internet
Gateway against similar competitive products.

Historically, web protection has not been Kaspersky Lab’s flagship solution. At this stage in Kaspersky Secu-
rity for Internet Gateway’s evolution, the solution contains just a basic set of features. Despite not having any
unique features in our solution, we can compete using our traditional strengths which are our high AV detection
rate. In the latest edition we support the newest version of Microsoft’s solutions and this allows us to upgrade
existing clients to the latest version and attract new customers too. The next stage in the development of our
web solutions will see them supporting the latest versions of Linux gateways and Microsoft Forefront TMG Enter-
prise Edition and containing some unique advantages that will allow us to lead this particular market segment.


                                                                                                         Page 243
Enterprise Sales Compendium

At present we have to concentrate on highlighting not only the product’s features, but the associated business
benefits that we can offer too.

In 2010, Microsoft launched a new version of Forefront TMG with a built-in AV engine. With KAV for ISA/TMG,
our competitive edge comes from a Kaspersky Lab engine being installed in Microsoft Forefront. Even though
Microsoft Forefront uses our own OEM engine, we assume that a dedicated solution from Kaspersky Lab would
appeal strongly to discerning customers who want a purpose-designed program from a well-known security ven-
dor. Moreover, the KAV engine used by Microsoft Forefront is older and less advanced than the new AV 8.0 engine.
The challenge is to convince customers to buy Kaspersky Lab’s solution instead of relying on Microsoft’s basic
antivirus product inside MS Forefront TMG because Kaspersky Lab’s products have a higher AV detection rate.
We accept in advance that we will release KAV 8.0 for ISA and TMG EE after SE (Q3 2011) with array support, URL
filtering and anti-phishing.

Besides Microsoft, we compete a lot with hardware solutions and SaaS providers. According to the IDS report,
the growth of hardware solutions and SaaS will be twice as high as web security software growth. In the Linux
security software field, our main competitor is Websence, in spite of its solution including a proxy server together
with an AV solution.

6.7.1. Key feature comparison of KAV 8.0 for
Microsoft ISA/TMG versus Top-4 rivals

                                                     Trend Micro                 McAfee
Features/                         KAV 8.0                                                          Microsoft
                                                      InterScan              Security for MS
Competitors                    for ISA \TMG                                                      Forefront TMG
                                                   WebProtect for ISA          ISA Server

Scanning of HTTP                     V                      V                      V                     V

Scanning of FTP                      V                      V                      V                     V

Scanning of SMTP                     V                      X                      V                     V

Scanning of POP3                     V                      X                      X                     V

Scanning of HTTPS                    V                      X                      X                     V

TMG support                          V                      X                      X                     V

Backup copies                        V                      X                       X                    X

Reports                              V                      V                      V                     V

Statistic                            V                      V                      V                     V
Centralized
                                     X                      V                      V                     V
management



6.7.2. Key feature comparison for KAV for Proxy Server versus Top-2 rivals

                                                                    Trend Micro
Features/                             KAV for Proxy                                            Websense
                                                                InterScan Web Se-
Competitors                              Server                                           Web Security Gateway
                                                                    curity Suite
Scanning of HTTP                            V                            V                           V
Scanning of FTP                             V                            V                           V
Reports and statistic                       V                            V                           V
Policies                                    V                            X                           V
Web console                                 V                            V                           V




Page 244
Messaging, Web, Infrastructure & Endpoint Products


6.8. Key Product Features
As Kaspersky Security for Internet Gateway consists of a number of applications, we will describe the features
separately by application.

6.8.1. Key features of KAV 8.0 for Microsoft ISA Server and Forefront TMG
KAV 8.0 for ISA and TMG SE provides comprehensive scanning of data entering the local area network from the
Internet via HTTP, HTTPS, FTP, POP3 and SMTP protocols.

The new version includes such highly demanded features as: support for Forefront TMG, policies, backup, scan-
ning of mail traffic and others.

With these features the product allows us to compete on the small and medium-sized business market, and next
year will see the release of KAV 8.0 for ISA and TMG Enterprise Edition which will widen the target audience still
further and bring new functionality.

Main features:
• Permanent antivirus protection
• Regular antivirus database updates
• Backup copying
• Flexible scan settings
• Support for Microsoft Forefront TMG (New!)
• Wide-ranging management policies (New!)
• Scanning of SMTP and POP3 (New!)
• Scanning of HTTPS traffic on Forefront TMG (New!)
• Support for Windows 2008 R2 (New!)
• Monitoring via the application’s console (New!)
• Administration via an MMC console
• Scalability and fault tolerance

Additional features
• Event notification system
• Reporting system
• Scanning of traffic passing through published servers (New!)
• VMware Ready

6.8.2. Key features of KAV for Proxy Server
Kaspersky Anti-Virus for Proxy Server protects all HTTP and FTP Internet traffic that passes though the proxy
server.

Main features
• Permanent antivirus protection
• Flexible scan settings
• Scanning of archived files
• Remote administration via web interface
• Group security policies
• High reliability
• Configurable update modes

Advanced features
• User notifications
• Reports and statistics




                                                                                                        Page 245
Enterprise Sales Compendium


6.9. Key Product Benefits

6.9.1. Business benefits for customers
Product reliability: the solution provides stable, uninterrupted protection for business-critical information assets
Versatility: the solution ensures effective protection for companies using HTTP, HTTPS, FTP, POP3 and SMTP pro-
tocols for receiving and transferring data
Efficiency: protects traffic whilst minimizing server loading and no additional hardware is required
Effective use of IT personnel: user-friendly interface, flexible policies, easy administration and straightforward
configuration and reporting systems reduce the amount of time IT personnel have to spend working with the
product

Business productivity: incoming traffic protected from malware creates a comfortable business environment for
the company’s users and preserves their bandwidth
Client-oriented technical support: Kaspersky Lab’s in-house technical support team is there to provide round-
the-clock assistance
Business reputation support: the solution protects corporate reputations by preventing a company’s infrastruc-
ture from being used as a botnet by cybercriminals

6.9.2. Customer benefits for IT- specialists
•   Support for the latest version of Microsoft Forefront TMG: A company choosing Kaspersky Lab as its security
    vendor can upgrade its MS ISA Server without any security limitations
•   High performance: A new antivirus engine, load balancing of server resources, optimized antivirus scanning
    technology and the exclusion of trusted processes from scanning all increase the product’s performance and
    lower the amount of computing resources required to perform antivirus scans
•   Reliability: In the event of a malfunction or forced shutdown, the application’s automatic restart procedure
    ensures stable system protection, while the diagnostics system determines the cause of the malfunction
•   Powerful manageability and reporting system: Simple and user-friendly management tools, information
    about protection status, flexible settings for scans and reporting systems provide efficient control of infor-
    mation security
•   Real-time protection: frequent database updates ensure proactive protection against the latest potential
    threats
•   Versatility: If required, the product can be used not only for web protection, but for mail protection also (for
    Microsoft ISA/TMG)
•   Customer-focused technical support: Kaspersky Lab provides standard high quality technical support ser-
    vices on a 24x7 basis and additionally offers a Business Support Program and an Enterprise Support Pro-
    gram which includes four service categories: product improvement and innovation, proactive and self-help
    services, knowledge transfer and problem resolution

6.9.3. Benefits for partners
•   Healthy margins: Kaspersky Lab gives partners an excellent opportunity to generate high earnings from the
    sale of its products, offering a flexible discount system and favorable partnership conditions
•   Reliable vendor: Kaspersky Lab is a reputable company demonstrating impressive yearly growth
•   Strong brand: The Kaspersky Lab brand is recognized worldwide as a provider of high-end IT security solu-
    tions. Its strong reputation for excellence in the home user market has been the catalyst for the success of
    its new products in the corporate sector
•   Advanced technology: Kaspersky Lab develops solutions based on its own innovative technologies and its
    products consistently demonstrate some of the best results in the field of IT security
•   Marketing support for sales: Kaspersky Lab offers marketing support to partners and runs regular training
    sessions to inform partners about its products
•   Assistance with tendering: Kaspersky Lab offers support to partners throughout the entire tendering process
    to ensure that our partners’ bids are successful; vendor’s certification such as Microsoft, VMware and West-
    coast Labs also assist in the winning of tenders
•   Customer-focused technical support: Kaspersky Lab provides standard high quality technical support ser-
    vices, and additionally offers a Business Support Program and an Enterprise Support Program, which include
    four service categories: product improvement and innovation, proactive and self-help services, knowledge
    transfer and problem resolution. High-quality technical support provided by the vendor helps partners to
    strengthen the brand’s reputation from a customer perspective


Page 246
Messaging, Web, Infrastructure & Endpoint Products

•   Multi-solution vendor: Kaspersky Lab has a wide range of corporate products and can offer antimalware
    protection solutions for all types of corporate network nodes

6.9.4. Market share forecast
Assumptions:

For web protection, the traditional in-premises market is predicted to continue growing to over US $1.2BN by
2013, (IDC estimations)
• The quantity of Microsoft ISA users worldwide is estimated to be about 111 million
• The quantity of Forefront TMG users worldwide is estimated to be about 14.5 million
• Our present market share of the web security market is 0.2%

Our sales are forecast to grow based on the assumption that we will launch new products and will catch up with
the competition through an aggressive marketing campaign
Our goal is to reach a 5% market share by 2014


6.10. Gateway Security Market Overview

6.10.1. General Introduction
Web Security is defined as any software, appliance, or hosted service that protects corporate users and networks
from Web-based malware, helps prevent data loss, and enables organizations to control employee behavior on
the Internet.

Web security solutions can protect organizations against the following key threats:


Threat                              Details

Malware (viruses, spyware, etc.)    A form of Internet vandalism in the past, today malware is generally used
                                    for financial gain to steal sensitive information (passwords, credit card
                                    numbers, files, etc.) Malware can also turn an infected PC into a botnet
                                    machine, sending out spam and malware without the user’s knowledge.
Productivity Control                By preventing users from spending a lot of time on non-work related sites
                                    organizations can reduce productivity losses. Web security solutions can
                                    help organizations design policies appropriate for their businesses, rang-
                                    ing from completely blocking access to certain web sites to allowing users
                                    to visit them only at a certain time of day or for a set number of minutes/
                                    hours. These policies can be set for all users, groups of users (based on
                                    their corporate roles) or individual users.
Liability Control                   Web security solutions can prevent users from accessing and distributing
                                    potentially litigious Web-based material, including pornography, racially
                                    insensitive content, and other.
Data Loss Prevention                Data loss can occur accidentally, intentionally, or through malware.
                                    Companies want to ensure that all users follow established communica-
                                    tion rules (i.e. no inappropriate information is exchanged between users,
                                    or posted to blogs/websites, sensitive and proprietary information is not
                                    misused or distributed to unauthorized individuals, etc.)
Bandwidth Preservation              By blocking access to non-work related media-rich applications, compa-
                                    nies can preserve their bandwidth, and make it available for legitimate
                                    traffic and application use.




                                                                                                       Page 247
Enterprise Sales Compendium

6.10.1.1. Key features: Corporate Web Security

Popular key features that organizations look for including normally some or all of the following features.


Feature                             Details

Anti-Malware Protection             This can be accomplished based on signature files, reputation filtering
                                    (proactive blocking of malware based on its behavior, and a subsequent
                                    assigned reputation score), and proprietary heuristics. As a rule, most solu-
                                    tions have a number of filters and engines running simultaneously. These
                                    technologies can be deployed through products available from a single
                                    vendor, or a number of vendors.
URL and Content Filtering           Enables organizations to manage and control the types of websites visited
                                    by their employees, and their activities on those websites. Organizations
                                    can block particular websites, or select from a category of websites that
                                    have already been pre-screened by a Web security vendor. Web security
                                    solutions come with a list of pre-determined categories that can range
                                    from 10 to over 80.
Directory Integration               By integrating Web security tools with a corporate directory (such as Active
                                    Directory), organizations can use employees’ directory roles to assign and
                                    manage Web policies for various groups of users.
Reporting                           Drill down reports on user activities, as well as malware infections/clean-
                                    ups. Depending on the solution, the reports can be generated live or within
                                    a few minutes of the activity. Most solutions allow organizations to run
                                    reports for events that occurred over the past 3 to 12 months.

Advanced Features                   Details

Data Loss Prevention                Is a supervision solution that helps companies prevent loss of sensitive
                                    electronic information. Most Web security solutions today have very basic
                                    DLP controls, typically enabling organizations to stop users from employing
                                    various applications, rather than performing deep content analysis, as can
                                    be found in advanced stand-alone DLP solutions.
Encrypted Traffic Management        Enable organizations to control data travelling over SSL channels.
IM Application Management           Some Web security solutions can help organizations manage IM and
                                    other Web-related applications, such as Web mail. In most cases, it simply
                                    means that they can prevent users from accessing these applications. In
                                    some cases, they can actually help organizations control the content that
                                    travels over those channels.




Page 248
Messaging, Web, Infrastructure & Endpoint Products

6.10.1.2. Types of Web Malware in Detail

The majority of malware programs today are written for financial gain, to steal sensitive information, or to find a
new way to distribute spam messages.


Threat                              Details

Virus                               Malicious programs that, when activated, perform harmful actions, such
                                    as damaging programs, deleting files, or formatting an entire drive. Viruses
                                    are spread through the transmission of an infected host file, Web traf-
                                    fic, or through media devices (CDs, flash media, etc.) To avoid detection
                                    via known signature filters, many viruses (polymorphic or metamorphic)
                                    change their base code through subsequent infections, making them more
                                    difficult for signature filters to detect.
Worm                                A form of viruses, worms are self-propagating programs that can spread
                                    themselves to other computers on a network and can cause significant
                                    damage before being detected and removed.
Spyware                             Potentially malicious software with one or more of the following character-
                                    istics:
                                    • Installs without the consent of the user, and does not uninstall at the
                                         user’s request. Often can reinstall itself after uninstallation.
                                    • Makes changes to system and/or registry files without the user’s
                                         consent.
                                    • Exhibits unwanted control over the user’s desktop or Web browsing
                                         experience.
                                    • Logs information about the user, computer, or network, and then trans-
                                         mits this data to a third party for data collection.
Adware                              A simple type of spyware that is normally bundled with another program,
                                    often freeware and shareware programs, such as peer-to-peer applica-
                                    tions, screensavers, backgrounds, weather applications, emoticon packs,
                                    and more. Adware is distributed with the aim to target advertising at the
                                    end-user. However, often it’s not just a simple case of a few extra pop-up
                                    ads, but also a way for advertisers to track Websites visited by the user
                                    and his or her Web browsing habits.
Key Loggers                         These programs track the keystrokes performed by the end user on an
                                    infected machine, while using the Web, e-mail, or IM. These programs
                                    are generally very transparent on the desktop and remain unseen by the
                                    end-user. Although key loggers can be used in malicious ways, they are
                                    also used by law enforcement and intelligence agencies in solving criminal
                                    cases. A common delivery method of keyloggers is through Trojan horses,
                                    viruses, or worms.
Browser Hijackers                   This type of spyware makes changes to the user’s Web browser and Inter-
                                    net settings without the user’s consent. The most common change that is
                                    made is the changing of the user’s homepage. Every time the user opens
                                    the Web browser, he or she is taken directly to the hijacker’s Website,
                                    generating more “hits” for the site, and consequently, more advertising
                                    revenue for the site owner. Some of these hijackers make changes to the
                                    user’s system registry, so that even though the user may change Internet
                                    settings back to default, a system reboot will revert these changes back to
                                    those made by the hijacker.
Browser Helper Objects              These add-ons provide additional functionality to Web browsers. Many of
                                    these modules are harmless and are simple toolbars that are added to
                                    the browser. Some however, are malicious, and can track keystrokes and
                                    Web browsing habits, or redirect users to Websites unspecified by the user.
                                    Sometimes malicious browser helper objects are classified with browser
                                    hijackers, as they can sometimes exhibit similar traits.




                                                                                                         Page 249
Enterprise Sales Compendium

 Trojan Horses                       These are malicious programs which are sometimes classified as spyware
                                     and sometimes classified as viruses. They may seem like innocent files
                                     or programs, but when executed can perform several types of harmful
                                     actions. This includes, but is not limited to, uploading and downloading
                                     files, erasing or making changes to current files, corrupting files, creating
                                     a “backdoor” entry for hackers to take over the host PC, keystroke logging,
                                     and more.
 Tracking Cookies                    Cookies are very small pieces of data that are stored on a user’s computer
                                     when that user accesses a Website. Whenever that user revisits Websites,
                                     the cookie is sent back to the site host, so that the host may recognize the
                                     browser for authentication and maintain certain user-specific informa-
                                     tion, amongst other functions. A large portion of cookies are harmless and
                                     can be quite useful. However, some cookies have the ability to track Web
                                     browsing habits of users without their consent, making them a type of spy-
                                     ware. While browser options allow the disabling of cookies, many Websites
                                     do not allow access by users who have disabled the use of cookies.
 Rootkits                            Rootkits are programs that are secretly installed onto a user’s computer
                                     and give backdoor access to system files to the intruder. They are gener-
                                     ally used to intercept data from keystrokes, network connections, and
                                     applications, and are also used to make the host computer a ‟staging area‟
                                     for further malicious attacks, such as the propagation of further viruses
                                     on an organization’s network. Rootkits can exist on various levels of the
                                     host computer—sometimes they sit with a specific application’s files, and
                                     sometimes they make changes at the kernel-level of the operating system.
                                     Rootkits are very insidious, as they are very difficult to remove. Once a
                                     computer is infected by a rootkit, it often makes changes to the programs
                                     and tools used to detect and remove malware. Sometimes they can even
                                     suspend their activities while these removal tools are run, so as to remain
                                     undetected by the system.


6.10.1.3. Worldwide Virus Volumes

While the majority of viruses today are delivered directly via e-mail, the growing trend are ‟blended attacks,‟ where
a URL to an infected Web site is sent via e-mail, infecting the user’s machine not via e-mail, but once they visit
the Website. The figures below include both – infected e-mail messages, as well as messages that contain a link
to virus-laden Web pages.


                                    Worldwide Virus Volumes
               80
               70
               60
               50                                                                Worldwide Corporate Messages /
  in Billion




               40                                                                Day (Billion)
               30                                                                Total Virus Messages / Day (Billion)
               20
               10
               0
                    2011   2011        2012         2013           2014

                                                      Figure 64.
Protecting against viruses is a high priority for all organizations, as the propagation of a virus can take down an
entire network, effectively stopping most of the work inside a company. Viruses are especially dangerous because
of their self-propagating characteristics, meaning that once a virus infects a host computer, it can easily spread to
other unprotected computers on a shared network. Just like spammers, which often pursue financial gains, many
virus writers are also motivated by profit.



Page 250
Messaging, Web, Infrastructure & Endpoint Products

For example, malware, such as keyloggers, can give virus users access to sensitive information on an unsuspect-
ing user’s hard-drive. This can lead to stealing his or her passwords to financial sites, and ultimately result in a
stolen identity, empty bank accounts, and unauthorized credit card charges.

Since the security risk is raising more companies starting to monitor inbound and outbound traffic. Bi-directional
solutions enable to not only stop incoming threats, but also prevent undesirable content from going out, includ-
ing content produced by possible botnets and other infected applications. In addition, some vendors and service
providers are also starting to offer spyware removal tools for the already infected PCS and other endpoints, to
complement their Web traffic monitoring services. Additionally, the market is moving to a multiple malware filter
architecture which uses a combination of different filters, often from various vendors. They typically combine
signature, reputation-based, and proprietary heuristics filters, defending corporate networks from common, as
well as brand new threats. The heuristics and reputation-based filters are the most useful in combating brand
new malware threats. By analyzing the behavior of each Web site part (HTML, JavaScript, Flash), rather than us-
ing a list of approved sites, they offer protection from potentially compromised legitimate sites that otherwise
users would have been given access to by using traditional signature techniques. Increasing use of web 2.0
applications, organizations have also the need to check web 2.0 releated traffic. While some organizations are
happy to block all social-related websites (such as Facebook), others need to allow users controlled access to
such websites to network with their customers and partners, without exposing themselves to the potential legal
risks. Some of the latest content protection Web tools enable organizations to manage the type of applications
users can see and access on each website, as well as the content they are allowed to post, as opposed to simply
blocking the entire website.

6.10.2. Corporate Web Security Market Share
The list below shows the top twelve venders in the web security market.
                                       Installed Base     Installed Base      Revenue
Vendor              Solution                                                                     Revenue (in %)
                                       (in million $)     (in %)              (in million $)
Aladdin             eSafe Web          0.6                0.4%                4.2                0.4%
Barracuda           Barracuda Web      8.0                5.4%                35                 3.1%
                    Filter
 Blue Coat          Proxy AG/Proxy     26                 17.7%               235                20.6%
                    SG
 Clearswift         Clearswift Web     0.8                0.5%                8                  0.7%
                    Appliance
 Cisco IronPort     S-Series, Web      12                 8.2%                120                10.5%
                    Security, etc.
 M86 Security       Me6, WebMarh-      2.5                1.7%                20                 1.7%
                    al, etc.
 McAfee             Secure Internet    20                 13.6%               140                12.2%
                    Gateway, etc.
 Symantec           Web Gateway,       12                 8.2%                110                9.6%
                    etc.
 TrendMicro         IronScan Web       9                  6.1%                60                 5.2%
                    Security
 Webroot            Web Security       4                  2.7%                40                 3.5%
                    Service
 Websense           Websense Se-       30                 20.4%               260                22.7%
                    curity Suite
 Others                                22.1               15%                 110.8              9.7%

Websense is currently the market leader in the Corporate Web Security market with a 20% installed base market
share and 23% revenue market share. A long-term player in this market, offering Web security software solutions,
with the acquisition of SurfControl, Websense now also provides Web security services on an outsourced basis
and as a virtual appliance.




                                                                                                         Page 251
Enterprise Sales Compendium

Blue Coat is the second major competitor in the Corporate Web Security market. The company initially found its
success in Web filtering, WAN optimization, and proxy caching. Blue Coat has a 18% installed base market share,
and a 21% revenue market share, due to its success with very large organizations that require complex deploy-
ments.

McAfee is currently in third place with a 14% Installed Base and a 12% revenue market share. The company has
been offering a solution mostly attractive to smaller companies for some time. However, with the acquisition of
Secure Computing in 2008, it instantly propelled itself into one of the top market positions, with a strong Web
Security offering favored by large organizations. In 2009, it expanded its line of Web security solutions with the
acquisition of a SaaS vendor MX Logic.

Cisco IronPort has gained a lot of ground, in comparison with last year, with the acquisition of SaaS Web security
solutions provider ScanSafe. It currently has an 8% Installed Base and 11% revenue market share.

Symantec has an 8% installed market share, and a 10% revenue market share. Symantec recently acquired Mi5
Networks, an appliance provider of Web security solutions, adding a line of appliances to its existing SaaS Mes-
sageLabs service.



                            Corprate Web Security Market Share 2010
                                                                                                  Aladdin
                                                                                                  Barracuda
                                                                                                  Blue Coat
                                                                                                  Clearswift
                                                                                                  Cisco IronPort
                                                                                                  M86 Security
                                                                                                  McAfee
                                                                                                  Symantec


                                                         Figure 65.



6.10.3. Corporate Web Security Market Forecast
Radicati Group expects to see steady growth in the Corporate Web Security Market over the next four years, as
the market is forecasted to grow from 147 million seats in 2010, to 315 million in 2014. This represents an aver-
age annual growth rate of around 21%.



                                      Web Security Market Forecast
                                         350
                                         300
                                         250
         in Million




                                         200
                                         150
                                         100
                                           50
                                            0
                                                  2010        2011    2012         2013         2014
                      Worldwide Installed Bases   147          182    222          267          315

                                                         Figure 66.



Page 252
Messaging, Web, Infrastructure & Endpoint Products

As Web and e-mail security solutions will become more integrated, many companies will deploy Web protection
simply because it will come integrated into their overall security suite. Web security is still a very young market.
Many companies are not aware of the benefits or the need for these types of offerings. As Web security solutions
become more accessible and popular, these organizations will help drive the market forward in the coming years.

6.10.3.1. Corporate Web Security Market Penetration

The next figure shows the penetration of corporate web security versus the email accounts, from 2010 to 2014.
The growth of corporate email accounts, is a good indicator for the number of web users in corporate organisa-
tions.



                                          Web Security Market Penetration
                                        1200
                                        1000
                                        800
  in million




                                        600
                                        400
                                        200
                                          0
                                               2010      2011          2012            2013              2014
               Corporate email accounts        730       788           851             918               991
               Corporate web security          147       182           222             267               315

                                                       Figure 67.


6.10.3.2. Corporate Web Security Market by Region

In 2010, the majority of Corporate Web security revenue is generated in North America (50%), followed by Europe
with 38%, and then Asia/Pacific and Rest of World, with 9% and 3%, respectively.

By 2014, Europe will grow its portion of the worldwide Web Security revenue to 41%, however North America will
continue to generate the majority of revenue for Web Security vendors (44%). Asia/Pacific’s portion will grow to
11%, and Rest of World will be around 4%.



                                          Web Security Forecase by Region
                            $1.000,00

                             $800,00

                             $600,00
               $ million




                                                                                              North America

                             $400,00                                                          Europe
                                                                                              Asia/Pacific
                             $200,00
                                                                                              Rest of World
                                  $‐
                                               2010                   2014
                                                      Forecast

                                                       Figure 68.


Over the next four years, the majority of Web Security revenue will be generated in North America and Europe, as
companies within these regions are often more security minded and more worried about issues such as data loss
prevention and compliance.



                                                                                                              Page 253
Enterprise Sales Compendium

6.10.3.3. Corporate Web Security Market by Business Size

Based on the results of the web security market usage by region, the distribution by business size shows also
clearly that small and medium companies are taking a higher portion of the market of 2014.

Radicati Group defines business size according to the following scale:
• Small (1 - 100 Employees)
• Medium (101 - 1,000 Employees)
• Large (1,001 - 10,000 Employees)
• Very Large (Over 10,000 Employees)



                               Web Security Revenue by Business Size
                         45%
                         40%
                         35%
         Revenue share




                         30%
                         25%                                                                    Small
                         20%                                                                    Medium
                         15%
                                                                                                Large
                         10%
                          5%                                                                    Very‐Large
                          0%
                                    2010                              2014
                                                  Forecast

                                                     Figure 69.


In 2010, the majority of Corporate Web Security revenue is generated amongst large and very large organiza-
tions, making up 58% of the market. Larger organizations are more security conscious, and take higher precau-
tions to ensure that their networks are kept safe and malware-free. They normally also have larger IT budgets. By
2014, we expect larger organizations will continue to make up the majority of the market, but small and medium
businesses will make up a relatively larger portion of the market, as overall pricing decreases, Web security solu-
tions will become more popular among companies of all sizes.




Page 254
Messaging, Web, Infrastructure & Endpoint Products

6.10.4. Competitor Overview
As mentioned in the previous chapter, Kaspersky Lab has quite a few competitors in the web security market. To
get a better understanding of those companies, this chapter will summarize the relevant information.

6.10.4.1. Blue Coat Systems

Founded in 1996, Blue Coat’s original line of solutions included technologies to accelerate Internet browsing. To-
day, Blue Coat has combined its application acceleration and Web security products with its application visibility
solutions to offer complete enterprise network control through its Application Delivery Network (ADN) solution set.
Blue Coat’s ADN solutions cover three areas: Application Visibility, Classification and Performance Monitoring
(to detect and fix network problems); WAN optimization (to help accelerate performance of business applica-
tions) through it’s ProxySG appliances and client software; and Secure Web Gateway technologies (to protect
organizations against malware, and to help them monitor employees’ productivity) through its ProxyAV appliance
and ProxySG appliances and client software. Blue Coat’s solutions are known for their high-performance and,
although Blue Coat sells primarily into large organizations, it is also currently beginning to target mid-size enter-
prises with its ADN solution set.

Products

Blue Coat offers a comprehensive set of Web security solutions. Offered with five layers of defence, these solu-
tions include: the WebPulse cloud service, ProxyAV (anti-malware protection) and ProxySG appliances (with DLP
technology), and real-time remote user protection capabilities through ProxyClient.

The company’s flagship ProxySG is an appliance that ensures that everything from simple browsing to com-
plex Web applications runs smoothly and efficiently. It gives administrators the ability to monitor and manage
the browsing habits of end users and remove web threats. URL filtering keeps users from visiting inappropriate
sites, and application management can ensure that bandwidth is not wasted on non-work related activities. The
latest version adds a number of new URL categories, bringing the total number of categories to 80. ProxySG is
continuously updated by the WebPulse community watch cloud service to detect and block malware downloads,
phishing attacks, scareware, plus assess reputations and rate web content. The ProxyAV appliance focuses on
stopping malware and web threats from reaching the organization. The latest version offers better visibility of
the inline traffic analysis (such as SSL webmail, etc). Both ProxyAV and ProxySG can work with regular, as well as
encrypted traffic. Blue Coat updates its solutions multiple times per day. Over the past 12 months, Blue Coat has
also enhanced the available Web reporting capabilities. The latest version of its Reporter (v9), comes with a new
interface, customisable dashboards and reports per category and per user. It offers interactive graphs and charts
for easier comprehension, and enables users to view reports online, as well as download them to CSV or PDF
formats. Blue Coat is starting to see more interest from its customers in its Hybrid Web security solutions, which
combine appliances and Web security services.

Strength

•   Blue Coat’s Web security solutions include appliance and services.
•   Blue Coat appliances are high-performance solutions, deployed by very large organizations, with some de-
    ployments exceeding 100,000 seats.
•   The appliances are known for their high performance, aimed at large enterprises.
•   Both appliances and services offer protection against malware, as well as enable companies to monitor us-
    ers’ browsing habits.
•   Not only HTTP, but also encrypted traffic can be analysed and managed.
•   Multiple updates are provided throughout the day.
•   Hybrid architecture is available on a customized basis.

Weaknesses

•   Relatively expensive to deploy and manage.
•   All capabilities are offered separately, so for complete protection organizations will have to deploy multiple
    appliances/services.
•   DLP tools are rather basic, contrasting with the more advanced features of the rest of the Web security suite.
•   Web Security solutions are not the main focus of Blue Coat. The vendor mostly targets its own (although quite
    large) customer base.




                                                                                                          Page 255
Enterprise Sales Compendium

6.10.4.2. Cisco IronPort

Founded in 2000, IronPort is one of the leading providers of Web security appliances. The company was acquired
by Cisco in 2007, but continues to operate as an independent subsidiary. In December 2009, Cisco also acquired
ScanSafe, a managed security solutions provider, offering Web security and content management solutions on
a hosted basis.

Appliances

The Cisco IronPort S-Series is a line of Web security appliances that combine comprehensive URL, reputation,
and malware filtering. The appliances enable organizations to manage incoming and outgoing Web traffic, in-
cluding encrypted connections. Cisco IronPort’s SensorBase reputation network scores the trustworthiness of
Web sites using over 200 parameters. This score is used by S-Series to block URL requests to possible malicious
Web sites or re-direct for further scanning by the AV engines. For malware protection, IronPort uses integrated
Webroot and McAfee engines to protect users from multiple malware attacks. In addition to blocking spyware, the
S-Series blocks adware, Trojans, tracking cookies, and other forms of malware. There are three models available:
the S660 for large enterprise deployments (over 10,000 users), S360 (for mid-size companies with under 10,000
users) and S160 (for small companies with under 1,000 users).

SaaS Solutions

The recent ScanSafe acquisition has added the following line of hosted Web Security solutions:

•   Web Security – protects organizations from various types of Web malware, including viruses, spyware, zero-
    hour threats, and others. It uses a combination of signature, reputation-based, and proprietary heuristics
    filters (Outbreak Intelligence service), defending corporate networks from common, as well as brand new
    threats. Scanning over 1 billion Web requests a day, it analyses all elements of a Web request, including
    HTML, JavaScript, Flash, active scripts, and others. This helps it to protect users not only from the typical
    malicious web sites, but also potentially compromised legitimate sites that otherwise users would have been
    given access to by using the traditional techniques.
•   Web Filtering – helps companies control the way employees use the Internet. Policies can be created for in-
    dividuals and groups of users. Policies can range from the types of sites that can be visited, when they can be
    visited, and for how long users can stay there. In addition to simple blocking of complete websites, if needed,
    the service can block undesirable content within allowed websites. In addition, companies can also specify
    what Web-based applications users can deploy, and what type of content can be downloaded.
•   Anywhere + is a Web filtering service for roaming employees that combines malware protection with Web
    content control. It comes in the form of a small agent that can be deployed on an employee’s laptop.

The ScanSafe service comes with extensive reporting capabilities, offering 60 pre-configured reports, and an un-
limited number of custom reports. It can analyze up to 12 months of data, making it available for analysis within
2 minutes of an event. ScanSafe service is known for minimum latency, capable of analysing a web page in about
5 milliseconds. ScanSafe offers 100% availability thanks to its extensive redundancy capabilities. The company
uses 15 live data centers around the world.

Strength

•   With the acquisition of ScanSafe, Cisco IronPort has expanded its line of Web security solutions to include
    services, and Hybrid offerings (coming in the near future).
•   Cisco IronPort appliances offer high performance for efficient management of Web traffic in organizations
    of all sizes. The S-Series includes a built in proxy cache, so that Web traffic is always fast and responsive to
    end-users, despite the fact that it is being filtered for content and malware.
•   Just like Cisco IronPort appliances, ScanSafe services offers multiple layers of protection, including signa-
    ture, reputation-based, and proprietary heuristics filters, ensuring that companies are protected not only
    against known, but also brand new threats.
•   Both Cisco IronPort and ScanSafe can monitor HTTP and encrypted Web traffic.
•   ScanSafe offers a special solution for roaming workers to ensure that all employees and contractors have the
    same level of Web protection as in-house workers.
•   Strong DLP capabilities are offered through partners.




Page 256
Messaging, Web, Infrastructure & Endpoint Products

Weaknesses

•   For Cisco IronPort appliances, initial setup can be complex.
•   Cisco IronPort appliances are relatively expensive.
•   No comprehensive Web 2.0 tools are offered on the appliance side.
•   Basic DLP capabilities are only included with the ScanSafe service.
•   ScanSafe used to derive the majority of its revenue from licensing its Web security technology to other provid-
    ers. It’s unclear whether or not these relations will continue to exist with the acquisition.

6.10.4.3. Clearswift

With nearly two decades of experience in security, Clearswift protects and manages corporate data traveling
via diverse electronic channels, including e-mail and Web (http and https). The company is based in the UK, but
maintains offices all over the world, including the United States, Spain, Germany, Japan, and Australia.

Solutions

Clearswift Web Appliance – offers antivirus and anti-spyware protection, together with URL filtering.
For the anti-malware protection, it uses Kaspersky virus scanning, and other third party solutions. It offers bi-
directional protection, enabling to not only stop incoming threats, but also prevent undesirable content from
going out, produced by possible botnets and other infected applications. Clearswift Web Appliance can manage
HTTP and encrypted traffic. For content inspection purposes, Clearswift Web Appliance can monitor and block
user access to websites according to corporate policies. Organizations can implement schedules when certain
types of websites can be visited, and for how long users can access them. The access schedule can be based on
groups of users (based on their corporate roles), as well as individual users. Currently, Clearswift offers over 70
categories of Websites for organizations to choose from to monitor user behavior. Clearswift Web Appliance also
comes with DLP capabilities to help companies minimize or eliminate loss of sensitive data, or prevent inappro-
priate employees’ comments from being distributed via Web channels.

Strenght

•   Clearswift offers a comprehensive Web security appliance with sophisticated compliance features, in addi-
    tion to strong anti-malware protection.
•   Clearswift Web Appliance comes with basic DLP features.
•   Clearswift can manage both HTTP and SSL traffic.
•   A large number of user management options enable organizations to easily customize the appliance to their
    specific business needs.
•   Serving customers all over the world, Clearswift tailors products to different countries by employing local
    experts who understand the peculiarities of different markets.

Weaknesses

•   The solutions offered are mostly high-end, with no option for simpler deployments for customers who only
    want basic protection.
•   The biggest focus is on user management, rather than malware protection.
•   No comprehensive Web 2.0 management tools are currently offered.




                                                                                                         Page 257
Enterprise Sales Compendium

6.10.4.4. McAfee

McAfee is a leader in corporate and consumer security solutions, offering a wide variety of products across many
different markets, including e-mail and Web. In November 2008, McAfee acquired Secure Computing, enhancing
its line of Web Security offerings with the technology of one of the top market players in the appliances segment.
In September 2009, McAfee also completed the acquisition of MX Logic, a provider of hosted security solutions
for e-mail and Web.

Appliances

McAfee Email and Web Security Appliance
Offers not only antivirus and anti-spam protection (with a claimed 98% spam block rate), but also compliance,
Web filtering, anti-spyware, and more for both e-mail and the Internet.

McAfee Web Gateway (from Secure Computing’s acquisition)
Includes reputation-based web filtering, leveraging Trusted Source (Secure Computing’s global reputation ser-
vice), anti-malware and anti-spyware protection, SSL scanning technology, in-depth reporting, and data leak pro-
tection. By utilizing proactive, reputation-based filtering, Web Gateway is able to keep up with the latest Web
attacks that leverage Web 2.0 technology.
McAfee Web Gateway is available on multiple appliance models, a blade server architecture for the largest of
enterprises and will soon be available for VMware environments.

McAfee SaaS Web Protection
Enables companies to protect all their users, including remote workers, from Web-based threats.

To protect against viruses, McAfee SaaS Web Protection utilizes signature-based antivirus technology from McA-
fee and others. The company also incorporates proprietary worm detection technology to stop new outbreaks
that have not been neutralized by a pattern file.

•   Threat Control – offers protection from viruses, fraud, and Web malware.
•   Content Control – enables companies to manage employee Web-related activities. It can block access to
    potentially dangerous sites, and restrict or limit access to undesirable sites (i.e. networking, entertainment,
    etc.)
•   Total Control – combines both Threat and Content control at a discounted price.

Strenght

•   With the acquisition of MXLogic, McAfee now is able to offer appliances, services, and Hybrid solutions (com-
    ing in the future).
•   McAfee offers proven antivirus and anti-malware technology for both e-mail and Web. Its anti-malware solu-
    tions are widely used by other third party providers.
•   The offered solutions enable granular monitoring of user Internet behavior, and provide basic protection from
    loss of sensitive information.
•   Secure Web appliances can monitor and manage employee interaction with Web 2.0 applications.

Weaknesses

•   McAfee is mostly focused on e-mail, rather than Web security, which means that its Web security solutions
    are viewed as an add-on to their e-mail offerings.
•   Due to the Secure Computing acquisition, some of the features offered by both companies are still comple-
    mentary, and may be confusing for customers until a proper integration takes place.
•   McAfee SaaS Web Protection does not protect against encrypted traffic threats, and offers no content filter-
    ing or DLP capabilities.




Page 258
Messaging, Web, Infrastructure & Endpoint Products

6.10.4.5. Symantec

Symantec was one of the latest companies to join the Web Security market, with the acquisition of MessageLabs
in 2008. However, over the past few months, it has been actively gaining more presence. Its latest acquisition
in April 2009, Mi5 Networks, added a new line of appliances (Web Gateway) to Symantec’s Web security suite.

Appliances

Symantec Web Gateway – offers Web anti-malware and URL Filtering capabilities. It analyses and manages both
inbound and outbound Web traffic.

For malware protection, Symantec Web Gateway offers six layers of protection (using proprietary and third party
filters) with bi-directional scanning, enabling to stop not only incoming threats, but also prevent infected ma-
chines from carrying out undesirable outbound activity. It uses behavioral analysis to detect botnets and pinpoint
compromised endpoints. It is able to scan and manage all corporate ports and protocols used by an organization.
The gateway is highly efficient at analyzing Web traffic, capable of analyzing a Web page in about 2 milliseconds.
The latest version of the Symantec Web Gateway (4.5) was released in August 2009.

SaaS Solutions

Managed Web Security Services provides real-time anti-spyware, web viruses and URL filtering service.

•   Anti-Spyware and Antivirus – offers protection against Web-based malware. It utilizes real-time scanning of
    web content, including media and other downloadable content.
•   URL Filtering – enables companies to block user access to undesirable websites, and restrict or block usage
    of various media files. Companies can also specify when during the day (and for how long) employees can
    visit certain websites (i.e. entertainment, social networking, etc.)

Strenght

•   With the latest acquisition of Mi5 Networks, Symantec now is able to offer Web security solutions as appli-
    ances, as well as services.
•   Symantec Web Gateway offers both anti-malware protection, as well as URL filtering.
•   Bi-directional filtering enables Symantec to protect users from incoming, as well as outgoing threats and loss
    of sensitive information.
•   With the help of Symantec Managed Web Security services, corporate policies can be centrally enforced for
    users on-premises, in remote offices, as well as mobile users.
•   In addition to Web security, companies can get the whole corporate security package deployed, including
    Web, e-mail, and IM protection.

Weaknesses

•   The current DLP features offered are very basic, however Symantec does have plans to integrate its Web
    Security offerings with its Vontu DLP services over the next few months.
•   Better Web 2.0 application monitoring tools are needed to give Symantec an edge over competition.

6.10.4.6. Trend Micro

A global leader in network and end-point security, Trend Micro provides multi-layered security for businesses
across the globe. Since its founding in 1988, the Japanese company has expanded its product line to protect
companies from e-mail and Web-based threats with its software, appliance, and hosted security solutions.

Products

Trend Micro provides security solutions that protect organizations at various levels of the network, including at
the desktop, server, and gateway. The InterScan solutions offer Web and FTP traffic filtering, virus and spyware
protection, phishing protection, as well as outbound traffic monitoring. URL filtering is an optional add-on. They
can be deployed as software solutions (Interscan Web Security Suite) and software/virtual appliances (InterScan
Web Virtual Appliance). In the SMB space, Trend Micro offers more comprehensive solutions as part of its Worry-
Free product line. This includes Worry-Free Business Security Managed (hosted security), Worry-Free Business
Security Standard (end-point and server protection), and Worry-Free Business Security (end-point and hosted
email scanning). These products are very low maintenance, easy to set up, and provide an all-in-one solution with
anti-spyware, antivirus, anti-bot, anti-spam, and a personal firewall.

                                                                                                        Page 259
Enterprise Sales Compendium

Strength

•   Web security solutions can be deployed as software, appliances, or hosted services.
•   Web Security solutions cover both malware protection, and employee productivity monitoring.
•   Trend Micro’s small business line of products, the Worry-Free line is affordable, easy to install, and requires
    minimum maintenance.

Weaknesses

•   Some elements (such as URL filtering) are offered at an extra cost, rather than included in the solution. Most
    web security vendors today offer both basic malware and URL filtering capabilities in a single package.
•   The content filtering capabilities of InterScan Virtual Web Security are not as strong as those offered by some
    of the top Web security solutions today.
•   The solutions haven’t undergone significant updates in a long time.

6.10.4.7. Websence

Founded in 1994, Websense provides security solutions to protect corporate Web and e-mail channels, as well
specialized offerings for data security. In 2007 Websense acquired SurfControl and PortAuthority to enhance its
suites with advanced e-mail, Web, and Data Loss Prevention technology. Websense Web security solutions are
designed to protect corporate networks from malicious traffic, prevent loss of sensitive data, and monitor user
productivity. In addition, they also enable management of popular Web-based social networks and applications,
allowing users to effectively do their job, without compromising corporate security.

Products

Websense Web Security Gateway (WSG) enables businesses to securely adopt Web 2.0 tools. It uses dynamic
categorization capabilities to effectively protect users from potential threats without the need of reputation tech-
nology. Rather than blocking the whole website, it can only block the undesirable content within a website. The
Web Security Gateway also offers outbound data loss prevention (both native and integrated options with its
enterprise data loss prevention solution, the Data Security Suite) and hybrid deployment, combining on premise
and SaaS delivered deployment. The Websense Web Security Gateway is available as software, on the Websense
V10000 appliance, and as a service (SaaS).

Websense Web Security protects organizations from Web-based threats, such as spyware, phishing, and more,
combined with the Websense Web Filter. The Websense ThreatSeeker Network offers real time analysis to recog-
nize and stop known and unknown threats.

Websense Web Filter is a robust Web filtering tool that allows administrators to set acceptable use policies for
the Web, providing multiple settings such as Allow, Block, Continue, Quota, Block by Bandwidth, and Block by File
Type.

Websense Express is targeted towards SMBs with environments under 250 users. It enables monitoring of user
productivity, and helps to eliminate Web threats.

Websense also offers Hosted Web Security, delivering web security technology as a service available unified with
Websense Hosted Email Security.

Websense V10000 – available since 2009, it is a virtualized hardware appliance with Web Security Gateway fea-
tures and capabilities. The appliance also integrates seamlessly with Websense Hosted Web Security for hybrid
deployment.

Websense TRITON – introduced in February 2010, includes unified policy management for on-premise and
cloud-based deployments spanning Web, Email, and DLP protection in a unified solution




Page 260
Messaging, Web, Infrastructure & Endpoint Products

Strength

•   Websense Web security solutions can be deployed as appliances, services, or Hybrid solutions.
•   Websense offers one of the most comprehensive suites of Web security solutions for companies of all sizes.
    It covers all aspects of Web security – from employee productivity, to protection from malicious traffic, to data
    loss prevention.
•   Websense is keeping up with emerging Web threats by ensuring that Web 2.0 based sites and applications
    are used safely. Instead of blocking complete websites and applications, Websense enables companies to
    block undesirable content within these applications.
•   The latest Websense TRITON is a Hybrid offering combining advanced e-mail and Web protection tools, in-
    cluding DLP features.

Weaknesses

•   Large deployments of Websense Web Security Suite can be rather costly, given any additional hardware re-
    quirements and support costs.
•   Aside from TRITON, many capabilities have to be purchased separately, rather than as a single solution.
•   DLP capabilities are very basic. Although it is typical for Web Security vendors, Websense should be more at
    the forefront of the market, considering the rest of the advanced Web security tools it offers.




                                                                                                          Page 261
Enterprise Sales Compendium




Page 262
Application




Kaspersky Anti-Virus
for ISA / TMG Servers
Enterprise Sales Compendium




Page 264
Messaging, Web, Infrastructure & Endpoint Products


6.11. Application: Kaspersky Anti-Virus
for ISA/TMG Server (KAV4ISA/TMG)
Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and Forefront TMG
Standard Edition is a solution designed to comprehensively scan In-
ternet data transmitted using HTTP, HTTPS, FTP, POP3 and SMTP as it
enters the local network.




6.10.5. ISA / TMG Server Security Environment
Microsoft Forefront Threat Management Gateway (Forefront TMG), formerly known as Microsoft Internet Security
and Acceleration Server (ISA Server), is a network security and protection solution for Microsoft Windows,

Microsoft Forefront TMG offers a set of features which include:

1. Routing and remote access features: Microsoft Forefront TMG can act as a router, an Internet gateway, a vir-
   tual private network (VPN) server, a network address translation (NAT) server and a proxy server.
2. Security features: Microsoft Forefront TMG is a firewall which can inspect network traffic (including web con-
   tents, secure web contents and emails) and filter out malware, attempts to exploit security vulnerabilities and
   contents that do not match a predefined security policy. In technical sense, Microsoft Forefront TMG offers
   application layer protection, stateful filtering, content filtering and anti-malware protection.
3. Network performance features: Microsoft Forefront TMG can also improve network performance: It can com-
   press web traffic to improve communication speed. It also offers web caching: It can cache frequently-ac-
   cessed web contents so that users can access them faster from the local network cache. Microsoft Forefront
   TMG 2010 can also cache data received through Background Intelligent Transfer Service, such as updates of
   software published on Microsoft Update website.

Since ISA/TMG server are the first instance in the network of an enterprise company, it is the first place to elimi-
nate malware before it enters the company network. Therefore Kaspersky provides profound protection for either
ISA server or the new TMG server.

6.10.6. Definition

6.10.6.1. Main features:

•   Permanent antivirus protection
•   Regular updates of antivirus databases
•   Backup copies
•   Flexible scan settings
•   Scalability and fault tolerance
•   Administration via an MMC console


6.10.6.2. Additional features:

•   Event notification system
•   Reporting system




                                                                                                         Page 265
Enterprise Sales Compendium

6.10.6.3. New features:

•   Support for Microsoft Forefront TMG
•   Wide-ranging management policies
•   Monitoring via the application’s console
•   Support for SMTP and POP3
•   Scanning of HTTPS traffic on Forefront TMG
•   Support for Windows 2008 R2
•   Scanning of traffic passing through published servers

6.10.7. Antivirus protection

Feature                            Description

Protection from viruses, worms     The new antivirus engine offers the following advantages:
and Trojans - new antivirus
engine 8.0 Improved!               (New!) The use of new heuristic technologies combined with traditional
                                   signature-based methods makes detection of malicious objects more
                                   effective

                                   (New!) Antivirus scanning speed has increased considerably
                                   Advantage: smart technologies and regular database updates provide
                                   proactive protection against latest and potential treats.
Real-time scanning                 The application detects and removes all types of malware from the data
Improved!                          stream passing through Microsoft ISA Server and Forefront TMG.
                                   Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and Forefront TMG
                                   Standard Edition also scans archived and packed files of almost any for-
                                   mat.

                                   (New!) Now has the capability to treat archives.

                                   Advantage: the protection of all traffic types inside company’s network
                                   perimeter.
Supports POP3 and SMTP             The application scans mail traffic passing through an ISA server and TMG.
(New!)                             This feature may be useful for small companies that have no antivirus
                                   protection for their mail server or if mail server is located with a service
                                   provider.

                                   Advantage: provides an additional layer of antivirus protection for incom-
                                   ing and outgoing mail. Easy mail protection solution for SMB and corpora-
                                   tion’s branches.
Backup copying                     The application saves copies of infected, damaged and suspicious objects
(New!)                             to backup storage, making it possible to restore an object if it has been
                                   erroneously tagged as suspicious. This may be useful for data transmitted
                                   via HTTP/FTP and objects sent via SMTP. A wide range of search parame-
                                   ters makes searching for an object in the backup storage more convenient.

                                   Advantage: any action performed on an object by the application will not
                                   lead to the loss of any information requested by the user.
Support for HTTPS                  The application scans data transferred via HTTPS, thereby allowing pro-
(Forefront TMG only)               tected connections to be controlled.
(New!)                             Advantage: antivirus protection for all types of traffic passing through the
                                   server ensures high-level protection of the whole network perimeter. Reli-
                                   able network perimeter protection – all transferred objects are checked.
Scanning of HTTP and FTP traffic The application scans traffic passing through published servers, e.g. when
from published servers           Outlook Web Access is used to access corporate mail.
(New!)
                                 Advantage: protection of popular workflow scenarios.



Page 266
Messaging, Web, Infrastructure & Endpoint Products

Support for VPN connections        The application monitors the traffic passing through VPN connections
(New!)                             established using Microsoft ISA/ Forefront TMG.

                                   Advantage: antivirus protection for all types of traffic passing through
                                   the server ensures high-level protection of the whole network perimeter,
                                   including mobile users and branch offices.
Regular database updates           Databases can be updated on demand or by schedule from Kaspersky
                                   Lab’s servers. The application automatically selects the least loaded
                                   Kaspersky Lab update server. Alternatively, it can receive updates from a
                                   local shared folder, minimizing the traffic required to update more than one
                                   server.

                                   Advantage: permanent high level protection against new threats. Opti-
                                   mized update procedures save the administrator’s time.



6.10.8. Administration and notifications

Feature                            Description

Management via MMC                 With the new, more user-friendly administration console, the application
Improved!                          can be managed both locally and remotely.

                                   (New!) The new version has a restyled interface and enhanced manage-
                                   ment capabilities.

                                   Advantage: easy-to-use Windows-style interface will already be familiar to
                                   most administrators, saving them time when using the solution.
Monitoring of application status   The administration console displays the status of Microsoft ISA/TMG
(New!)                             server protection, database updates and real-time statistics about multi-
                                   protocol traffic, allowing the administrator to see any network event in
                                   real-time from a single point.

                                   Advantage: the console presents all of the important information in one
                                   place, allowing the administrator to respond quickly to new threats.
Policy management                  The application offers advanced capabilities for configuring and managing
(New!)                             traffic processing policies during scanning. For example, certain file types
                                   can be excluded from scanning, or malware processing rules can be speci-
                                   fied.

                                   There are three types of policies in the application:
                                   • traffic processing
                                   • scanning exclusion
                                   • antivirus scanning.

                                   Using the policy management tools, the administrator can configure dif-
                                   ferent data scanning rules for different servers, computers, IP address
                                   ranges, domain names and subnets. They can also create lists of trusted
                                   sites and configure other exemptions to tailor the application’s perfor-
                                   mance to specific business needs and to comply with a specific corporate
                                   security policy.

                                   Advantage: enhanced configuration capabilities help to accurately config-
                                   ure the application to meet specific business needs in full.




                                                                                                      Page 267
Enterprise Sales Compendium

Detailed reports               Detailed reports provide the administrator with an accurate picture of the
(New!)                         antivirus protection status of Microsoft ISA Server and Forefront TMG.
                               The administrator configures how often and for what period of time the
                               reports are generated.

                               Advantage: detailed reports help the administrator closely manage the
                               application’s functioning and to optimize security settings.
Export and import of           The application supports the backup of its configurations, policies and the
configurations                 license key so they can be restored if required.
(New!)
                               Advantage: the backup feature helps the administrator manage the ap-
                               plication more efficiently.
Support for non-standard FTP   The application can handle non-standard FTP commands that are used by
commands                       some clients when connecting to restricted-access services.

                               Advantages: the application can even be used to protect network traffic in
                               companies whose IT infrastructure has specific requirements.
Logging system                 Information about the all application’s operations is recorded in its own
                               event log. Important events are also recorded in the Windows System Log.
                               The application includes flexible logging options.

                               Advantage: the logging system allows administrators to monitor the ap-
                               plication’s operation and its interaction with Windows applications.
Notifications                  Standard ISA alerts are used for notification of important events. The form
                               of notification is selected by the administrator from the standard options
                               available in Windows.

                               Advantage: integration with ISA alerts allows the administrator to receive
                               important messages about the application’s operation immediately.
Control over performance       The application registers Windows performance counters for monitoring.
                               To measure the application’s performance the administrator can use Win-
                               dows Performance Monitor.

                               Advantage: permanent control over the performance parameters allows
                               the administrator to optimize the application’s settings in order to attain
                               maximum performance from the server. It helps to save investments in
                               new network infrastructure.


6.10.9. Performance

Feature                        Description

High performance               The application’s performance has been enhanced considerably compared
(New!)                         to the previous version thanks to an optimized architecture and the capa-
                               bilities of the new antivirus engine.

                               Advantage: the application’s high performance allows traffic to be
                               scanned as quickly as possible without delaying the delivery of information
                               for the end user.




Page 268
Messaging, Web, Infrastructure & Endpoint Products

Scalability                      The scalability of the application makes it possible to launch several an-
                                 tivirus engines simultaneously. The number of antivirus engines is deter-
                                 mined by the administrator when the application is installed and depends
                                 on the configuration of the server. The number can be modified if neces-
                                 sary.

                                 Advantage: the scalability of the application makes it possible to enhance
                                 scanning performance and optimize server load. The application can be
                                 used by growing company which periodically changes their network con-
                                 figuration.
Flexible policy settings         To reduce server load the administrator can safely exclude several types of
Improved!                        objects as well as trusted server traffic from the scanning process.

                                 (New!) The new version has a much wider range of settings than the previ-
                                 ous version.

                                 Advantage: flexible settings allow the administrator to regulate server
                                 load.
Uninterrupted server operation   (New!) Enhanced fault tolerance of the application due to its optimized
Improved!                        architecture.

                                 Advantage: the high reliability of the application makes the administra-
                                 tor’s job much simpler; minimize the downtimes.


6.10.10. Suppored Platforms

Feature                          Description

Supports Microsoft               The application supports Microsoft Forefront TMG, which has superseded
Forefront TMG (New!)             Microsoft ISA.

                                 Advantage: existing users of Kaspersky Anti-Virus continue to receive a
                                 high level of antivirus protection after they migrate to Microsoft Forefront
                                 TMG. It helps to save investments in corporate IT infrastructure.
Supports Windows 2008 R2         The application runs on the latest Windows 2008 R2 and
and Windows 2008 SP2             Windows 2008 SP2 operating systems.
(New!)
VMware Ready (New!)              The application protects traffic that passes through Microsoft ISA Server or
                                 Forefront TMG installed on real or virtual (guest) operating systems.
                                 The product is certified VMware Ready.

                                 Advantage: wide possibilities for partners to use the solution in a variety
                                 of tenders.




                                                                                                      Page 269
Enterprise Sales Compendium




Page 270
Application




Kaspersky Anti-Virus
for Linux Proxy Server
Enterprise Sales Compendium




Page 272
Messaging, Web, Infrastructure & Endpoint Products


6.13. Application: Kaspersky Anti-Virus
for Proxy Server (KAV4Proxy)
Kaspersky Anti-Virus for Proxy Server protects all HTTP and FTP Internet
traffic that passes though the proxy server.

The application provides security for users when working online and
deletes malicious programs and worms that spread via instant mes-
saging programs.




6.11.1. Proxy Server Security Environment
Kaspersky Anti-Virus 5.5 for Proxy Server provides antivirus traffic protection for proxy servers based on Squid
version 3.0 supporting ICAP (Internet Content Adaptation Protocol) protocol in compliance with RFC 3507.




6.11.2. Definition

6.11.2.1. Main Features

•   Real-time scanning of Internet traffic
•   Choice of filtration parameters
•   Scanning of archived files
•   Detection of potentially harmful programs

6.11.2.2. Advanced Features

•   Remote Administration
•   Group security policies
•   Reports and statistics




                                                                                                      Page 273
Enterprise Sales Compendium


6.12. General Application Description

Features                           Description

Real-time scanning of Internet     The program detects and deletes all types of viruses, worms, Trojans and
traffic                            other malicious programs in traffic that passes through most types of proxy
                                   servers.
Choice of filtration parameters    The program includes a wide choice of filtration parameters (IP and URL
                                   addresses, MIME types and file size), which can be used to create individu-
                                   al scanning rules for different user groups.
Scanning of archived files         Kaspersky Anti-Virus provides the highest quality detection and treatment
                                   of viruses in any type of file or attachment. The program supports more
                                   than 70 formats for archivers (over 420 versions) and more than 260
                                   types of compressed file formats (over 1,330 versions).
Detection of potentially harmful   Using the extended protection option, the application can detect and
programs                           delete not only known malicious programs, but also potentially harmful
                                   programs (such as spyware).



6.12.1. Administration and Notification

Feature                            Description

Remote administration              The application can be administered remotely via the web interface or via a
                                   single configuration file.
Group security policies            The administrator can set individual traffic filtration rules for each user
                                   group, which defines permission rules in line with the corporate security
                                   policy and employee requirements.
User notifications                 The program automatically blocks any infected objects and sends the user
                                   a notification in the form of an HTML page. The system administrator can
                                   configure the content, format and language of notifications.
Reports and statistics             The application can compile statistical reports to help administrators track
                                   virus activity and monitor the application’s performance.
Configurable update modes          Updates to antivirus databases and program modules are available on de-
                                   mand, automatically or on schedule. They can be downloaded directly from
                                   Kaspersky Lab servers via the Internet or from a local corporate server.
High reliability                   Protection from memory leaks, hardware conflicts, input/output errors and
                                   critical system conflicts ensures fast and stable application performance.



6.12.2. Supported Platforms

Features                           Description

Linux / FreeBSD Support            KAV4Proxy supports multiple linux distributions and verions, as well as
                                   multiple FreeBSD versions.
                                   For futher information please check
                                   http://support.kaspersky.com/proxy5?level=3
                                   http://www.kaspersky.com/anti-virus_proxy_server




Page 274
Messaging, Web, Infrastructure & Endpoint Products

6.12.3. Certifications

 Title                                Details

                                      This logotype confirms that Kaspersky Anti-Virus 5.5 for Proxy Server has
                                      been tested and runs fine on Novell SUSE Linux Enterprise Server
                                      platform.




 Novell Ready Certification



6.12.4. Application Environment
The following chapter explains the application environment of the KAV4Proxy application by Kaspersky Lab. This
shows cleary the need of KAV4Proxy and its usage in corporate environment.

6.12.4.1. What is a Proxy Server?

In computer networks, a proxy server is a server (a computer system or an application program) that acts as
an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy
server, requesting some service, such as a file, connection, web page, or other resource, available from a differ-
ent server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic
by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to
the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the cli-
ent’s request or the server’s response, and sometimes it may serve the request without contacting the specified
server. In this case, it ‘caches’ responses from the remote server, and returns subsequent requests for the same
content directly.

A proxy server has a large variety of potential purposes, including:

•   To keep machines behind it anonymous (mainly for security).
•   To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from
    a web server.
•   To apply access policy to network services or content, e.g. to block undesired sites.
•   To log / audit usage, i.e. to provide company employee Internet usage reporting.
•   To bypass security/ parental controls.
•   To scan transmitted content for malware before delivery.
•   To scan outbound content, e.g., for data leak protection.
•   To circumvent regional restrictions.

A proxy server that passes requests and replies unmodified is usually called a gateway or sometimes tunneling
proxy. A proxy server can be placed in the user’s local computer or at various points between the user and the
destination servers on the Internet.

6.12.4.2. Caching Proxy Server

A caching proxy server accelerates service requests by retrieving content saved from a previous request made
by the same client or even other clients. Caching proxies keep local copies of frequently requested resources,
allowing large organizations to significantly reduce their upstream bandwidth usage and cost, while significantly
increasing performance. Most ISPs and large businesses have a caching proxy. Caching proxies were the first
kind of proxy server.

Another important use of the proxy server is to reduce the hardware cost. An organization may have many sys-
tems on the same network or under control of a single server, prohibiting the possibility of an individual connec-
tion to the Internet for each system. In such a case, the individual systems can be connected to one proxy server,
and the proxy server connected to the main server.



                                                                                                            Page 275
Enterprise Sales Compendium

6.12.4.3. Web Proxy Server

A proxy that focuses on World Wide Web traffic is called a “web proxy”. The most common use of a web proxy is to
serve as a web cache. Most proxy programs provide a means to deny access to URLs specified in a blacklist, thus
providing content filtering. This is often used in a corporate, educational, or library environment, and anywhere
else where content filtering is desired. Some web proxies reformat web pages for a specific purpose or audience,
such as for cell phones and PDAs.

6.12.4.4. Content Filtering Web Proxy Server

A content-filtering web proxy server provides administrative control over the content that may be relayed through
the proxy. It is commonly used in both commercial and non-commercial organizations (especially schools) to
ensure that Internet usage conforms to acceptable use policy. In some cases users can circumvent the proxy,
since there are services designed to proxy information from a filtered website through a non filtered site to allow
it through the user’s proxy.

Some common methods used for content filtering include: URL or DNS blacklists, URL regex filtering, MIME filter-
ing, or content keyword filtering. Some products have been known to employ content analysis techniques to look
for traits commonly used by certain types of content providers.

A content filtering proxy will often support user authentication, to control web access. It also usually produces
logs, either to give detailed information about the URLs accessed by specific users, or to monitor bandwidth
usage statistics. It may also communicate to daemon-based and/or ICAP-based antivirus software to provide
security against virus and other malware by scanning incoming content in real time before it enters the network.

6.12.4.5. Anonymising Proxy Server

An anonymous proxy server (sometimes called a web proxy) generally attempts to anonymize web surfing. There
are different varieties of anonymizers. One of the more common variations is the open proxy. Because they are
typically difficult to track, open proxies are especially useful to those seeking online anonymity, from political dis-
sidents to computer criminals. Some users are merely interested in anonymity for added security, hiding their
identities from potentially malicious websites for instance, or on principle, to facilitate constitutional human
rights of freedom of speech, for instance. The server receives requests from the anonymizing proxy server, and
thus does not receive information about the end user’s address. However, the requests are not anonymous to the
anonymizing proxy server, and so a degree of trust is present between that server and the user. Many of them are
funded through a continued advertising link to the user.

Access control: Some proxy servers implement a logon requirement. In large organizations, authorized users
must log on to gain access to the web. The organization can thereby track usage to individuals.

Some anonymizing proxy servers may forward data packets with header lines such as HTTP_VIA, HTTP_X_FOR-
WARDED_FOR, or HTTP_FORWARDED, which may reveal the IP address of the client. Other anonymizing proxy
servers, known as elite or high anonymity proxies, only include the REMOTE_ADDR header with the IP address of
the proxy server, making it appear that the proxy server is the client. A website could still suspect a proxy is being
used if the client sends packets which include a cookie from a previous visit that did not use the high anonymity
proxy server. Clearing cookies, and possibly the cache, would solve this problem.

6.12.4.6. Transparent and non-transparent Proxy Server

The term “transparent proxy” is most often used incorrectly to mean “intercepting proxy” (because the client does
not need to configure a proxy and cannot directly detect that its requests are being proxied).

However, RFC 2616 (Hypertext Transfer Protocol - HTTP/1.1) offers different definitions:

•   “A ‘transparent proxy’ is a proxy that does not modify the request or response beyond what is required for
    proxy authentication and identification”.
•   A ‘non-transparent proxy’ is a proxy that modifies the request or response in order to provide some added
    service to the user agent, such as group annotation services, media type transformation, protocol reduction,
    or anonymity filtering”.

A security flaw in the way that transparent proxies operate was published by Robert Auger in 2009 and advisory
by the Computer Emergency Response Team was issued listing dozens of affected transparent, and intercepting
proxy servers.

Page 276
Messaging, Web, Infrastructure & Endpoint Products

6.12.4.7. Reverse Proxy Server

A reverse proxy is a proxy server that is installed in the neighbourhood of one or more web servers. All traffic com-
ing from the Internet and with a destination of one of the web servers goes through the proxy server. The use of
“reverse” originates in its counterpart “forward proxy” since the reverse proxy sits closer to the web server and
serves only a restricted set of websites.

There are several reasons for installing reverse proxy servers:

•   Encryption / SSL acceleration: when secure web sites are created, the SSL encryption is often not done by
    the web server itself, but by a reverse proxy that is equipped with SSL acceleration hardware. See Secure
    Sockets Layer. Furthermore, a host can provide a single “SSL proxy” to provide SSL encryption for an arbitrary
    number of hosts; removing the need for a separate SSL Server Certificate for each host, with the downside
    that all hosts behind the SSL proxy have to share a common DNS name or IP address for SSL connections.
    This problem can partly be overcome by using the SubjectAltName feature of X.509 certificates.
•   Load balancing: the reverse proxy can distribute the load to several web servers, each web server serving
    its own application area. In such a case, the reverse proxy may need to rewrite the URLs in each web page
    (translation from externally known URLs to the internal locations).
•   Serve/cache static content: A reverse proxy can off load the web servers by caching static content like pic-
    tures and other static graphical content.
•   Compression: the proxy server can optimise and compress the content to speed up the load time.
•   Spoon feeding: reduces resource usage caused by slow clients on the web servers by caching the content the
    web server sent and slowly “spoon feeding” it to the client. This especially benefits dynamically generated
    pages.
•   Security: the proxy server is an additional layer of defense and can protect against some OS and Web Server
    specific attacks. However, it does not provide any protection to attacks against the web application or service
    itself, which is generally considered the larger threat.
•   Extranet Publishing: a reverse proxy server facing the Internet can be used to communicate to a firewalled
    server internal to an organization, providing extranet access to some functions while keeping the servers
    behind the firewalls. If used in this way, security measures should be considered to protect the rest of your in-
    frastructure in case this server is compromised, as its web application is exposed to attack from the Internet.


6.12.5. Squid Proxy Server
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves
response times by caching and reusing frequently-requested web pages. Squid has extensive access controls
and makes a great server accelerator. It runs on most available operating systems, including Windows and is
licensed under the GNU GPL.

Squid is used by hundreds of Internet Providers world-wide to provide their users with the best possible web
access. Squid optimises the data flow between client and server to improve performance and caches frequently-
used content to save bandwidth. Squid can also route content requests to servers in a wide variety of ways to
build cache server hierarchies which optimise network throughput.

To be able to scan the traffic via the squid proxy with Kaspersyk for Proxy Server, the squid proxy must be enabled
to us the Internet Content Adaption Protocol (ICAP).

Internet Content Adaption Protocol (ICAP)

The Internet Content Adaptation Protocol (ICAP) is a lightweight HTTP based protocol specified in RFC 3507 de-
signed to off-load specific content to dedicated servers, thereby freeing up resources and standardizing the way
in which features are implemented. ICAP is generally used in proxy servers to integrate with third party products
like antivirus software, malicious content scanners and URL filters.

ICAP in its most basic form is a “lightweight” HTTP based remote procedure call protocol. In other words, ICAP
allows its clients to pass HTTP based (HTML) messages (Content) to ICAP servers for adaptation. Adaptation
refers to performing the particular value added service (content manipulation) for the associated client request/
response.

ICAP concentrates on leveraging edge-based devices (proxies and caches) to help deliver value-added services.
At the core of this process is a cache that will proxy all client transactions and will process them through ICAP Web
servers. These ICAP servers are focused on a specific function, for example, ad insertion, virus scanning, content

                                                                                                          Page 277
Enterprise Sales Compendium

translation, language translation, or content filtering. Off-loading value-added services from Web servers to ICAP
servers allows those same web servers to be scaled according to raw HTTP throughput versus having to handle
these extra tasks.




Page 278
Digital Media




Endpoint Products

Messaging, Web and Infrastructure
Products

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:362
posted:8/21/2012
language:Latin
pages:279