Battling the strain: Kaspersky Security for Virtualization vs. Instant-On Gaps

Traditional ‘agent-based’ solutions should not be used in virtual environments, especially those in dynamic use. Instant-On Gaps are the most common problem here: it strains servers and creates a serious vulnerability window for a VM. Kaspersky Security for Virtualization has been designed specifically to eliminate this problem.

Virtualization offers a lot of advantages, and the possibility to speed things up isn’t the least of them. In recent years it’s become clear that virtual PCs (especially those with Windows installed) require protection from cyber threats as well as physical ones: machines may be virtual, but they are still used to work with sensitive data, and their loss can have very real consequences.

Sometimes people install the same anti-malware solutions that they use on physical (‘normal’) machines to their virtual PCs. This may cost them dearly, especially if there are lots of duplicated virtual PCs on the same host (i.e. physical server).

Because antimalware solutions are duplicated their antivirus bases are as well, and if they are all active at the same time it can put a heavy strain on the server, reducing it to a crawl. This kills the very idea of virtualization: why talk about fast and dynamic resource allocation within an enterprise infrastructure if it’s sluggish?

In one of the previous posts we already talked about the ‘update storm’ and ‘scanning storm’, or when all of the security solutions installed on virtual PCs start updating themselves and scanning virtual drives all at the same time. The causes the server to pant and employees go smoking – there’s no way they can work for at least a few minutes.

A similar situation takes place when an entire pack of virtual machines is being launched. Or when large enterprises use virtual machines in dynamic cycles, provisioning and decommissioning them when needed. Keeping their security tools consistently up-to-date is a problem. Long-dormant VMs can eventually fall below the ‘baseline’ so that updating them is a time-consuming chore.

Besides this, VMs can become a security vulnerability all on their own: it takes time to update them, and this time period is a window of opportunity for malware, cyberattacks, etc. In other words, there is time when existing VMs coming back online from a dormant state or newly created ones (with no security solution installed yet) are vulnerable, or rather are completely unprotected. That is what is called ‘Instant On Gap’. Depending on how many users are simultaneously downloading these updates to their individual VMs, and how many days worth of security updates there are to process, this ‘window’ can drag on for minutes, or even hours. At the same time the resources of the virtual servers are heavily strained, which means that virtualization makes little sense at all.

800_2

There is a way to avoid this, of course. There are solutions tailored specifically towards use in virtual environments providing security for every one of the VMs on a given host. Kaspersky Security for Virtualization is one these solutions. Its primary idea is to reduce the resource’s drain, so that dynamic changes within the virtual infrastructure stay dynamic, without any ‘crawling’. This is achieved via the centralization of protection.

Depending upon the virtualization platform, there are agentless variants and so-called ‘Light Agents’, when every VM is equipped with a small piece of software acting in the similar way to a full-scale security agent, but without straining the server.

In both cases ‘the core’ is a virtual appliance installed on the host, which actually performs all resource-intensive security processing, thus providing immediate protection for every virtual machine, both already existing and new: Light Agent is very small so it’s install time on the new machines takes next to no time, removing the Instant On Gap.

The solution has a unified, centralized database on all threats, so there is no unnecessary data duplication; also, there is Shared Cache, which ensures that the same file opened on several different VMs is scanned only once: the scanning engine’s initial verdict is shared within all of the environments, so unless the ‘good’ file is changed or a user requests a new scan manually, it will be considered safe and won’t be scanned again.

More technical data on the new Kaspersky Security for Virtualization is available here.

Tips