When approaching virtualisation security, most businesses have had to choose between sacrificing either performance or security.
Agentless security models can boost performance by performing all security tasks away from the virtual machine in a dedicated virtual appliance, but these models limit the software's ability to perform advanced security management and network protection tasks on virtual endpoints.
At the same time, agent-based protection, or the installation of security solutions on each and every virtual machine, wastes the very computing resources that virtualisation is trying to save in the first place.
Sergey Novikov, deputy director, Global Research & Analysis Team at Kaspersky Lab, says problems such as the "instant-on gap" can cause major problems in the agent-based approach.
He said this is the window of time between a virtual machine being created and the latest security update being downloaded to each virtual machine, during which time the machine is vulnerable.
With this in mind, Kaspersky Lab has introduced its latest virtualisation security solution - Kaspersky Security for Virtualisation | Light Agent, that he said offers advanced protection for the VMware, Citrix, Microsoft virtualisation platforms.
"This is Kaspersky Lab's first security solution optimised specifically for Microsoft Hyper-V and Citrix XENServer customers, and will provide VMware customers with a choice of agentless or light-agent protection, offering the best of both worlds," he explained.
With this technology, nearly all resource-intensive security processing is performed by a dedicated virtual appliance at the hypervisor level, says Kaspersky Lab.
"By channelling virtualised network traffic and files through this up-to-date appliance, VMs are fully protected with the latest security updates as soon as they are created. The need to push redundant copies of anti-malware databases across the network to each VM is also eliminated," the company adds.
In addition, the company's intelligent scanning technology ensures the same file is not scanned many times over, to avoid system resource hogging.
The product also features a small software agent on each virtual machine that provides big security capabilities. In addition, by channelling virtualised network traffic and files through this appliance, virtual machines are fully protected with the latest security updates as soon as they are created, also removing the need to push redundant copies of anti-malware databases across the network.
Share