Kaspersky Security for Virtualization Light Agent is built to provide measurable performance benefits while delivering the latest security technologies and multi-layered protection for virtual servers and/or VDI in hybrid environments. This is achieved by designating a central virtual machine (SVM) to keep the malware databases and produce file threat level verdicts to all the VMs on the host. Through smart optimisation, such as shared caching, and the elimination of redundant information, Kaspersky Security for Virtualization is able to cut the amount of data and operations, dramatically reducing IOPS, CPU cycles, memory and disk footprints to help achieve high consolidation ratios, protecting investments in virtualisation projects.
The solution supports VMware vSphere, NSX, Horizon, Microsoft Hyper-V, Citrix Hypervisor, Virtual Apps and Desktops, KVM, Proxmox VE and Huawei FusionSphere virtualisation environments.
Kaspersky Security for Virtualization Light Agent is a part of Kaspersky Hybrid Cloud Security.
Kaspersky Security for Virtualization Light Agent features patented architecture that offloads redundant operations and data to a central Secure Virtual Machine (SVM). An optimised agent with reduced footprint and resource requirements – a ‘Light Agent’ – is then deployed to each VM for protection.
The Light Agent combines Kaspersky Lab’s most advanced anti-malware and network protection technologies to match the agent-based security while delivering sizable virtualisation environment performance benefits.
Virtual environments – especially VDIs – often include many similar VMs, each containing identical files. Full agent-based solutions waste time and resources running multiple scans of the same file on different VMs. Kaspersky’s Shared Cache feature shares the results of file scans, which minimises the overall load on the IT infrastructure.
Whenever a file is accessed on a VM, Kaspersky Security for Virtualization Light Agent checks against the shared cash if a verdict has already been issued for the file. If the verdict exists, it’s returned to the requesting VM instantly without wasting an extra cycle. The file is only scanned again if it has been modified or a user manually requests a scan.
Dynamic tagging saves time in the case of an incident or can even completely prevent an incident by automating the response to specific events. For example, a machine can be isolated from the network if protection is disabled, or remediation efforts can be initiated if a machine is infected. Light Agent can apply the “VIRUS FOUND” tag to VMs with a parameter to indicate the threat level so that the virtualisation platform can react to the event.
The solution is designed so that Light Agents can use a SVM on another host if the local SVM in unavailable or overloaded. This eliminates single points-of-failure in infrastructures of any size. If there’s significant stress on the virtualised infrastructure, the Light Agents can locate and reconnect to the optimal SVM almost immediately. This ensures uninterrupted real-time protection for the entire virtualised environment.
This feature allows the Light Agent to operate in autonomous mode for a short period. In this mode, technologies including Self Defense, Automatic Exploit Prevention and other behavioral-based defensive mechanisms continue to protect the VM. In addition, a local queue of files to be checked for malware is created, ready for when normal operation resumes. This approach ensures that every single object, such as files, scripts, pages, etc. - is inspected, regardless of circumstances.
This built-in mechanism protects Kaspersky Security for Virtualization itself against malware that may try to modify or block its functions, delete components (e.g. antivirus databases, quarantined files, trace files), strip the application of its services or uninstall them. Self-Defense also prevents Kaspersky Security for Virtualization Light Agent’s system registry keys from being modified or deleted inside the guest OS.
The Security Virtual Machine (SVM) constantly and autonomously monitors its own operation, automatically restarting its scan server service if it’s disrupted or stopped for any reason. This ensures that the scanning engine is available and ready to handle anti-malware scans at all times.
The cloud-based Kaspersky Security Network (KSN) identifies new threats and provides automatic updates to the security solution. Identifying new malware in as little as 0.02 seconds, KSN helps Kaspersky Security for Virtualization Light Agent to protect business-critical environments against even most sophisticated threats, such as zero-day vulnerability exploits.
Kaspersky Hybrid Cloud Security can save up to 30% of virtualisation hardware resources compared to a traditional endpoint security solution. The solution is designed and built specifically for the use in virtualised environments to eliminate redundant operations and data. After learning the environment, the solution is in most cases able to instantly produce a verdict, without wasting a single extra cycle. Rich and flexible system hardening functionality drastically reduces the attack surface, eliminates arbitrary code execution on servers and blocks exploits – all without any noticeable increase in resource consumption. Memory and data control algorithms detect and defuse ransomware attacks, both host and network-borne. The solution supports VMWare NSX, Microsoft HyperV, Citrix Hypervisor, KVM, Huawei FusionSphere and Proxmox VE virtualisation platforms.
Kaspersky Security for Virtualization is the ideal solution for hybrid data centers, delivering advanced security capabilities to virtualised Windows and Linux server workloads.
Application control for Windows Server featuring dynamic whitelisting (or Default Deny) mode has also been enhanced to include a blacklisting (or Default Allow) mode that allows applications to execute unless the software has been found on a blacklist. This mode is useful in controlled environments to further harden the server workload by disallowing selected programs permitted by general policies.
Exploit Prevention specifically targets malware that exploits software vulnerabilities in popular applications, by recognising typical or suspicious behaviour patterns, stopping the exploit in its tracks, and preventing any downloaded malicious code from executing.
These features work alongside application control and exploit prevention technologies, and can be used to monitor VMs for state changes and configuration drift. These are also often required for compliance reasons.
System Integrity Assurance technologies include File Integrity Monitoring (FIM), Registry Integrity Monitoring and Baseline Management for virtualised Windows Servers.
Behaviour Detection does not rely on signatures of known threats; instead, it leverages techniques including Machine Learning to identify and extract suspicious behaviour patterns during execution. This means that even never-before seen threats can be reliably blocked based simply on the presence of malicious actions.
Ransomware takes many forms, relies on different propagation techniques, targets different objects from disk MBR to user files and can be commanded by a command and control (C&C) server or work completely autonomously. Some ransomware (so-called ‘wipers’) corrupts data irreversibly.
Consequently, protection from ransomware must also be multi-layered. Kaspersky Security for Virtualization Light Agent prevents infection by monitoring the environment for ransomware-like behaviour, blocking communications to C&C servers and restoring originals of the modified files to nullify the damage. There’s also a protection layer for shared data that raises a red flag if shared files are being corrupted over network, blocks attacker’s access to the share and notifies the administrator.
Host Intrusion Prevention (HIPS) uses Kaspersky Security Network data to define the level of privilege a program will be running on, efficiently reducing the area of attack.
The Remediation Engine rolls back malicious changes to the operating system.
Kaspersky Security for Virtualization Light Agent delivers on-access and on-demand anti-malware protection for VMs. Kaspersky Lab’s dedicated SVM combines signature-based technologies and heuristic analysis for rigorous protection of VM file systems, including protection against complex, memory-resident malware.
Kaspersky Hybrid Cloud Security drastically cuts login time for virtual desktops while eliminating hiccups and choke points when scaling and pushing the limits of the virtualisation host, compared to a traditional endpoint security solution. The solution is designed and built specifically for use in virtualised environments to eliminate redundant operations and data. After learning the environment, the solution is in most cases able to instantly produce a verdict, without wasting a single extra cycle. Featuring the same extensive endpoint security feature set as traditional solutions, Kaspersky Hybrid Cloud Security creates a secure and responsive user environment, allowing users to focus on their job without risking becoming a victim of fileless malware, ransomware, exploits and the like. The solution supports VMWare Horizon, Microsoft HyperV and Citrix Virtual Desktops VDI platforms.