Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance / Policy Enforcement... Error! Bookmark not defined. Content Security via Containerization... Error! Bookmark not defined. Encryption... 6 Configuration backup... Error! Bookmark not defined. Supported platform and devices... 4
Overview The key features of this new product are: Simplified centralized deployment Application data protection and anti-malware capabilities for enhanced IT security New features to help comply with internal IT policy requirements Tablet and ios support Control over mobile devices when outside the corporate network Full support for Exchange ActiveSync (EAS) and Apple MDM Native integration with Kaspersky s endpoint agent for smartphones and tablets and Kaspersky Security Center features Inventories, Policies, Reports Corporate Portal Improved security and anti-theft features See below for detailed descriptions of each feature. Feature Feature Description and User Benefits Simplified Centralized Deployment 1 Support for Exchange ActiveSync Enables company-wide mobile security management from a Kaspersky Security Center console, also provides limited integration with any device implementing EAS protocol. 2 Support for Apple MDM Kaspersky Lab s secure implementation of Apple MDM Server gives additional control over Apple mobile devices, making it possible to control non-malware-related security settings. 3 Pre-configured installer Kaspersky Security Center allows systems administrators to customize and pre-configure mobile endpoint security applications (or security profile for ios) based on corporate policies. An installation package will be automatically generated, with pre-configured policies and settings ready for publishing on a corporate web portal. IT can then simply push out the link using its preferred method. 5 Multiple deployment/provision options The system administrator can send out notifications containing links to a download for the Kaspersky endpoint agent application, Apple profiles, configuration settings, etc. to selected users. Integration with Active Directory makes this process easy, allows IT to set different policies based on roles and group settings, and initiate the distribution process. Deployment via SMS or email (over-the-air) - the distribution module automatically sends out notifications via SMS or email messages containing installation links and instructions. Deployment via PC (mobile device connection to a PC) the system administrator installs a delivery utility on the users PCs. Once a user connects his/her mobile device to the PC, the utility will guide the user though the installation process. 6 Mobile Anti-Malware
1 Core protection Improved! Core protection is strengthened due to tightly-integrated protection technologies: Real-time protection analyses a file on access Scan ensures protection with on-demand and scheduled scans in addition to automatic over-the-air virus updates Heuristic analysis for better detection In addition to traditional signature-based and heuristic technologies, cloud security ensures maximum protection for your mobile devices. A combination of traditional signature-based, proactive and cloudassisted technologies, which works in the background with minimal impact on system performance. Every file, application, email attachment and media file is instantly scanned to ensure it is free from all the latest threats. In addition, integration with Kaspersky Security Network provides immediate, real-time protection for mobile devices against new and emerging threats. 2 Safe Browser Utilizes cloud assisted technology (KSN) to safeguard the user s online identity by blocking malicious and fraudulent websites, including phishing websites designed to steal money. 3 Anti-Spam Filters out unwanted calls and SMS messages automatically. Anti-Theft/Content Security 1 SIM Watch Improved! Helps automatically lock a lost or stolen smartphone/tablet and reports the new phone number if the SIM card has been replaced. 2 Find Improved! Provides an approximate location of a lost or stolen mobile device using GPS, GSM and Wi-Fi connections and a Google Map link with the device s whereabouts. 3 Remote Wipe Improved! Offers several data protection scenarios that could be useful if company or employee-owned devices are lost or stolen: Remote Wipe - ability to remotely clean the mobile device by erasing data stored on it Selective Wipe - wipes corporate data only Device Reset deletes all information stored on the device and restores the default factory settings 4 Remote lock (enhanced with Apple MDM support) Improved! Ability to remotely lock a smartphone or tablet by sending a command to the device. Users can also display a custom message on the blocked device that may encourage finders of the device to return it. Compliance/Policy Enforcement 1 Application Control Monitors applications installed on a mobile device according to predefined company group policies. Possible scenarios: The Default Allow policy allows all applications to run on user devices, except for blacklisted applications (application defined as restricted or blocked) The Default Deny policy blocks all applications running on a user's
devices except those explicitly permitted ( whitelisted ). A list of necessary applications ensures that an employee has all the required tools. Where security policies are breached, the application is allowed to run, but the mobile device can be blocked from accessing corporate data (essentially returning rogue devices to personal use only). 2 Rooting/Jailbreak detection Alerts users (and administration) when any attempt to root or jailbreak is detected. IT staff have the option of automatically triggering the following data protection mechanisms: Block access to containerized applications Data Wipe (selective or complete) Content Security via Containerization 1 Application container An application is fully isolated when launched in the container. IT staff have the flexibility to define and restrict network communication, for example limiting it to VPN or https connections. 2 Application container settings 3 Application data encryption through the container 4 Application inactivity control Enhances data security by adding additional features to containers: Application data encryption management through the container Application access management for common device resources (SMS sending channel, camera, GPS, network access, file system access) Data access restrictions The working process with encrypted application data is automated and fully transparent to users, but data can only leave the container after encryption no data leakage is possible. IT staff can define re-login requirements. For example, an application will automatically log the user out after being inactive for XX minutes, after which the user must log in once again. 5 Troubleshooting Allows administrators to troubleshoot and ensure apps are working correctly, and provide customer feedback. Encryption 1 Full disk encryption (FDE) A form of encryption where the entire partition or disk is encrypted, implemented in ios only. For other platforms only external flash drives can be encrypted while the internal drive stays unencrypted. Available through ActiveSync and Apple MDM. 2 File/folder level encryption (FLE) An encryption method where separate files or folders are encrypted while the file system remains intact. Only Symbian and Windows Mobile platforms support this feature. Configuration backup 1 Configuration Backup & Restore Ensures that configured settings will not be lost by accident.
Supported platforms and devices 1 Supports popular tablets and smartphones Improved! Supports the following OS: Android 2.2 2.x, 4.0; Android 3 for tablets ios 4, 5 BlackBerry 4.5-6.0, 7.0; BlackBerry for tablets Windows Mobile 5.0 6.5 Symbian 9.1 9.3, Symbian^3, Anna, Belle