Virtualization security: What is ‘Light Agent’?

The virtual environment requires the same protection as physical PCs, but the approach should be different. Full blown security solutions on every virtual machine? The strain for a physical server would be too great. But here comes ‘Light-Agent’…

As our readers most likely remember, Kaspersky Lab released a new security solution for virtual environments earlier this month – Kaspersky Security for Virtualization | Light Agent. A ‘Light Agent’? What’s this? Some explanation is necessary.

This blogpost may seem a bit technical… But as a ‘tech-half-savvy’ blogger (which I am) it’s the best approach to a straightforward explanation that I can put out on this topic. So let’s look at Light Agent.

The first thing that needs mentioning is that virtual PCs require protection just like physical ones. Usually (and hopefully) there is some security solution software installed on physical PCs – an ‘agent’.

The agent-based approach is good for protecting physical machines, but does have some dreary setbacks if there are a large number of VMs on a single server. A machine may be virtual, but a security solution would act the same way, as if it is protecting a physical PC. It will scan all the files on the drive of its host VM; it will download its updates.

Actually, all ‘agents’ in your virtual infrastructure will do this, probably even at the same time. That’s what they call an ‘update storm’ (or ‘scanning storm’, appropriately). It isn’t too hard to imagine how these ‘storms’ affect a physical server’s performance. Actually, the goal of virtualization appears to be defeated here.

The agentless approach is different. As it’s clear from the name, it does not require installing an agent on every VM, only a single installation of a dedicated virtual appliance on a physical server is needed in order to protect all of the VMs located there.

This removes any problems with the duplication of antivirus software and signature databases. All updates are performed once per physical server, newly configured virtual machines and dormant virtual machines that are activated are protected automatically. So the load on virtual machines’ processors, I/O, memory and storage is reduced substantially, compared to the agent-based protection. And certainly there are no update/scanning storms: the sea is quiet.

But there is a small setback… the agentless approach had been developed specifically for VMware’s virtualization technology. The design requirements of other platforms – Microsoft Hyper-V and Citrix XenServer – have made it necessary to develop a new approach for protecting virtual machines. It’s now known as Light Agent.

800

Well, Light Agent it is what it is called: a small software agent for a dedicated virtual appliance installed on a virtual host (i.e. a physical server). It protects VMs just the same as a ‘real’ agent would do, but it also has the advantages of an agentless approach. It is light on resources, there is no significant impact on hypervisor performance. There is also no need to duplicate signature databases for every agent, and, just like with an agentless approach, there are no ‘update storms’ either.

‘Scanning Storms’ are prevented by Kaspersky’s Shared Cache feature, which effectively shares the results of file scans amongst all of the VMs.

Whenever a file is accessed on a virtual machine, Light Agent will scan it to ensure it’s safe, then store its ‘not guilty’ verdict in a shared cache.

If the same file is then accessed on another virtual machine on the same virtual host – Light Agent automatically knows it’s not necessary to perform the scan again, unless it’s changed or the user requests a scan manually.

Because virtual desktop environments include large numbers of similar virtual machines – with many sets of identical files – Shared Cache can significantly reduce the load on your virtual desktop infrastructure.

‘Light’, however, doesn’t mean ‘reduced’ when it comes to protection capabilities: Kaspersky Security for Virtualization | Light Agent offers the ‘big’ security features, such as application controls, web usage policy, device controls, Host-based Intrusion Prevention Systems and Firewall functionality, too.

Light Agent also includes all of the security features found in Kaspersky Lab’s agentless solution, including heuristic file analysis and cloud-assisted intelligence via the Kaspersky Security Network.

For more technical details please visit here.

Tips