There is no dispute to the advantages virtualization brings to organizations. As compute and storage technologies improve; through virtualization organizations are seeing better resource utilization with reduced operational and capital expenditure in their datacenters.
The challenge, virtual machines are still susceptible to malicious attack and need to be protected. In many cases organizations use traditional security solutions in an attempt to thwart such risks. However, they ultimately pay the price when it comes to application performance.
Traditional security is evolving to accommodate virtualized environments, but is not necessarily optimized for virtualization.
VMware has enabled security vendors with the ability to integrate with vShield Endpoint Security (EPSEC), providing agentless antimalware scanning that is triggered on file open and close. What’s missing is the ability to perform process, memory and registry scanning. For that, organizations still need to install an agent on each virtual machine, which in most cases is the full traditional agent-going back to square-one with issues as outlined above.
So what is the solution to this conundrum? Moreover, are organizations with virtualized infrastructures based on hypervisors like Xen, KVM or Hyper-V predestined to these issues without any solution?
Virtualization security needs to be optimized specifically for virtualized environments, providing functionality like whitelisting of VM template files, caching mechanisms to reduce duplicate scans and offline VM scanning.
Fortunately I work for a company that is doing something about this and has a solution. Security for Virtualized Environments (SVE) by Bitdefender is designed specifically for virtualized environments, providing hypervisor agnostic protection for virtualized Windows, Linux, and Solaris systems for organizations. When installed in VMware environments, SVE takes advantage of vShield Endpoint Security providing agent-less protection. The solution also provides protection in other virtualized environments from malicious attacks while providing cost savings via the small silent agent footprint.
The Bitdefender solution de-duplicates and centralizes the scanning functionality to dedicated virtual appliances. Patent-pending technology that includes a series of sophisticated intelligent cache mechanisms acts to provide further performance improvements in the scanning process, resulting in less CPU and memory being used compared to other antimalware solutions. Thus resulting in higher VM density ratios per host and greater cost savings. The whitepaper “The impact of virtualization security on your VDI environment” goes into detail about the cost savings Security for Virtualized Environments brings.
Product Name: Security for Virtualized Environments
Version(s): 1.2
Unique Feature(s):
- Platform-agnostic security: ability to support major virtualization platforms: Citrix, VMware, Microsoft, Red Hat, Oracle and any guest OS: Windows, Linux and Solaris
- Centralized antimalware: offloads scanning and update functions on a dedicated virtual appliance per physical host, across all platforms.
- Deep-level protection: provides process and memory introspection capabilities to cover not only file system, but also memory scanning of both online and offline VMs.
- High optimization: incorporates self-learning caching mechanisms that streamline the antimalware processes outside VMware vSphere coverage.
- Integrated management: simplifies deployment and administration of the protected environment through tight integration with VMware vCenter and Citrix XenServer.
Value Propostion:
- Improves consolidation ratios by up to 30% when compared to traditional antimalware, due to patent-pending optimization technologies designed for virtualization.
- Reduces infrastructure costs through higher server density and enhanced performance
- Addresses the most common security challenges caused by legacy AV in virtual environments: AV storms, poor performance, management overhead and complexity.
- Meets the requirements of complex datacenters with unobtrusive protection designed to work across any virtualization infrastructure and guest operating systems.
Technical Contact(s): Andrei Pisau (apisau@bitdefender.com), Product Manager for SVE
Link(s) to documentation:
Administrator’s Guide: http://download.bitdefender.com/SMB/SVE/SVE-1.2/Multi-Platform/Bitdefender_SVE_MultiPlatform_AdminsGuide_enUS.pdf
Reporter’s Guide: http://download.bitdefender.com/SMB/SVE/SVE-1.2/Multi-Platform/Bitdefender_SVE_MultiPlatform_ReportersGuide_enUS.pdf
Link(s) to demonstration video – currently available only for VMware with vShield: http://enterprise.bitdefender.com/solutions-and-services/enterprises-virtualization-security.html#Product%20Demo
Product page: bitdefender.com/sve
Webinar registration: http://enterprise.bitdefender.com/webinarCitrix; alternatively, it can be accessed from http://enterprise.bitdefender.com/ by clicking on ‘Register now’ from the top page rolling banner.
Search the Citrix Ready Xchange Marketplace here
Join the Citrix Ready Program here