A Closer Look at Kaspersky Security for Virtualization 1.1

Virtualization creates some serious security challenges. Any system with access to the Internet is a security risk, and virtualization enables users to provision new workstations and servers in seconds, increasing the odds that some may be connected to the Internet without being protected. Installing an antimalware product on each new virtual machine as it is created increases the complexity of installations and makes it more likely that servers might be unprotected. Having antimalware installed on each VM also creates the potential for input-output "storms," because all the clients would by default conduct tasks such as updating signature files and scanning virtual disks at the same time.

Kaspersky Security for Virtualization 1.1 can protect a VMware server or cluster and all the Windows VMs on it without requiring installation of an antivirus client for each VM. The software's centralized signature file also reduces both the storage used per VM and the number of IOs necessary to scan for malware.

Once the software and several related components are installed, administration is simple. A default policy can be set to ensure that all VMs are protected. IT administrators can create multiple policies to provide different levels of protection; for instance, a minimum level of protection for machines used for internal development, and a higher level of protection for production machines that are accessible from the Internet.

Advantages

Kaspersky Security for Virtualization uses the VMware vShield app and thin agent to scan each VM, while updates and scans are kept to a minimum. The system has only one antivirus signature file to update, and the base image for a group of VMs can be scanned, meaning that each individual VM doesn't have to be scanned separately. This can greatly reduce the load on the VMware server and storage. Also, since each VM needs only the vShield thin agent instead of a full antimalware client, the storage used per VM is reduced.

Management of individual endpoint scanners is greatly simplified, with policies that can be applied to groups of VMs, including new VMs added to a group. Integration of vCenter with the Kaspersky Security Center software is excellent, resulting in a seamless experience. The vShield App assures that thin agents are deployed to all VMs, as well as new VMs as they are brought online.

Why It Works for IT

The Kaspersky Security Center works with vCenter to automatically protect newly created VMs and ensure that VMs that have been turned off are automatically updated when they are turned back on.

The software has to update only one scanning application and one signature database per physical server, so ongoing administration is greatly simplified. The updates happen automatically, with no danger of cascading I/Os as multiple signature files are updated. The Kaspersky Security Center also uses load balancing and coordinates all scans to ensure that multiple scans of VMs don't take up too much processing power or storage bandwidth.

The product supports vSphere 5 and vSphere 4.1, and protects several Windows desktop and server OSs: Windows 7 (32 / 64 bit), Windows Vista (32 bit), Windows XP SP2 or later (32 bit), Windows 2003 (32 / 64 bit), Windows 2003 R2 (32 / 64 bit), Windows 2008 (32 / 64 bit) and Windows 2008 R2 (64 bit).

Disadvantages

In addition to the Kaspersky Security Center, several components must be installed separately, including vCenter, the VMware vShield app and VMware vShield Endpoint thin agent drivers. This adds to the cost of the installation. The vShield app and endpoint licenses are priced separately per VM, so the total cost is per VM for the vShield app, a vShield endpoint license and the Kaspersky license.