Kaspersky Security for Virtualization Light Agent
Kaspersky Security for Virtualization Light Agent is built to provide measurable performance benefits while delivering the latest security technologies and multi-layered protection for virtual servers and/or VDI in hybrid environments. This is achieved by designating a central virtual machine (SVM) to keep the malware databases and produce file threat level verdicts to all the VMs on the host. Through smart optimisation, such as shared caching, and the elimination of redundant information, Kaspersky Security for Virtualization is able to cut the amount of data and operations, dramatically reducing IOPS, CPU cycles, memory and disk footprints to help achieve high consolidation ratios, protecting investments in virtualisation projects.
The solution supports VMware vSphere, NSX, Horizon, Microsoft Hyper-V, Citrix Hypervisor, Virtual Apps and Desktops, KVM, Proxmox VE and Huawei FusionSphere virtualisation environments.
Kaspersky Security for Virtualization Light Agent is a part of Kaspersky Hybrid Cloud Security.
Patented security architecture for performance optimisation and security
Patented architecture reduces memory and disk footprint, and minimizes IOPS and CPU cycles
Kaspersky Security for Virtualization Light Agent features patented architecture that offloads redundant operations and data to a central Secure Virtual Machine (SVM). An optimised agent with reduced footprint and resource requirements – a ‘Light Agent’ – is then deployed to each VM for protection.
The Light Agent combines Kaspersky Lab’s most advanced anti-malware and network protection technologies to match the agent-based security while delivering sizable virtualisation environment performance benefits.
Shared Cache - Eliminating redundant operations
Virtual environments – especially VDIs – often include many similar VMs, each containing identical files. Full agent-based solutions waste time and resources running multiple scans of the same file on different VMs. Kaspersky’s Shared Cache feature shares the results of file scans, which minimises the overall load on the IT infrastructure.
Whenever a file is accessed on a VM, Kaspersky Security for Virtualization Light Agent checks against the shared cash if a verdict has already been issued for the file. If the verdict exists, it’s returned to the requesting VM instantly without wasting an extra cycle. The file is only scanned again if it has been modified or a user manually requests a scan.
NewVMware NSX tags support
Dynamic tagging saves time in the case of an incident or can even completely prevent an incident by automating the response to specific events. For example, a machine can be isolated from the network if protection is disabled, or remediation efforts can be initiated if a machine is infected. Light Agent can apply the “VIRUS FOUND” tag to VMs with a parameter to indicate the threat level so that the virtualisation platform can react to the event.
ImprovedSVM failover protection
The solution is designed so that Light Agents can use a SVM on another host if the local SVM in unavailable or overloaded. This eliminates single points-of-failure in infrastructures of any size. If there’s significant stress on the virtualised infrastructure, the Light Agents can locate and reconnect to the optimal SVM almost immediately. This ensures uninterrupted real-time protection for the entire virtualised environment.
This feature allows the Light Agent to operate in autonomous mode for a short period. In this mode, technologies including Self Defense, Automatic Exploit Prevention and other behavioral-based defensive mechanisms continue to protect the VM. In addition, a local queue of files to be checked for malware is created, ready for when normal operation resumes. This approach ensures that every single object, such as files, scripts, pages, etc. - is inspected, regardless of circumstances.
Self-defense for Light Agents
This built-in mechanism protects Kaspersky Security for Virtualization itself against malware that may try to modify or block its functions, delete components (e.g. antivirus databases, quarantined files, trace files), strip the application of its services or uninstall them. Self-Defense also prevents Kaspersky Security for Virtualization Light Agent’s system registry keys from being modified or deleted inside the guest OS.
The Security Virtual Machine (SVM) constantly and autonomously monitors its own operation, automatically restarting its scan server service if it’s disrupted or stopped for any reason. This ensures that the scanning engine is available and ready to handle anti-malware scans at all times.
Kaspersky Security Network (KSN)
The cloud-based Kaspersky Security Network (KSN) identifies new threats and provides automatic updates to the security solution. Identifying new malware in as little as 0.02 seconds, KSN helps Kaspersky Security for Virtualization Light Agent to protect business-critical environments against even most sophisticated threats, such as zero-day vulnerability exploits.
System hardening and exploit prevention for server virtualisation
Kaspersky Hybrid Cloud Security can save up to 30% of virtualisation hardware resources compared to a traditional endpoint security solution. The solution is designed and built specifically for the use in virtualised environments to eliminate redundant operations and data. After learning the environment, the solution is in most cases able to instantly produce a verdict, without wasting a single extra cycle. Rich and flexible system hardening functionality drastically reduces the attack surface, eliminates arbitrary code execution on servers and blocks exploits – all without any noticeable increase in resource consumption. Memory and data control algorithms detect and defuse ransomware attacks, both host and network-borne. The solution supports VMWare NSX, Microsoft HyperV, Citrix Hypervisor, KVM, Huawei FusionSphere and Proxmox VE virtualisation platforms.
Protection for Linux and Windows Servers
Kaspersky Security for Virtualization is the ideal solution for hybrid data centers, delivering advanced security capabilities to virtualised Windows and Linux server workloads.
Application control for Windows Server featuring dynamic whitelisting (or Default Deny) mode has also been enhanced to include a blacklisting (or Default Allow) mode that allows applications to execute unless the software has been found on a blacklist. This mode is useful in controlled environments to further harden the server workload by disallowing selected programs permitted by general policies.
Exploit Prevention specifically targets malware that exploits software vulnerabilities in popular applications, by recognising typical or suspicious behaviour patterns, stopping the exploit in its tracks, and preventing any downloaded malicious code from executing.
NewSystem Integrity Assurance
These features work alongside application control and exploit prevention technologies, and can be used to monitor VMs for state changes and configuration drift. These are also often required for compliance reasons.
System Integrity Assurance technologies include File Integrity Monitoring (FIM), Registry Integrity Monitoring and Baseline Management for virtualised Windows Servers.
Behaviour Detection does not rely on signatures of known threats; instead, it leverages techniques including Machine Learning to identify and extract suspicious behaviour patterns during execution. This means that even never-before seen threats can be reliably blocked based simply on the presence of malicious actions.
NewMulti-layered Protection from Ransomware attacks
Ransomware takes many forms, relies on different propagation techniques, targets different objects from disk MBR to user files and can be commanded by a command and control (C&C) server or work completely autonomously. Some ransomware (so-called ‘wipers’) corrupts data irreversibly.
Consequently, protection from ransomware must also be multi-layered. Kaspersky Security for Virtualization Light Agent prevents infection by monitoring the environment for ransomware-like behaviour, blocking communications to C&C servers and restoring originals of the modified files to nullify the damage. There’s also a protection layer for shared data that raises a red flag if shared files are being corrupted over network, blocks attacker’s access to the share and notifies the administrator.
NewHost Intrusion Prevention (HIPS)
Host Intrusion Prevention (HIPS) uses Kaspersky Security Network data to define the level of privilege a program will be running on, efficiently reducing the area of attack.
The Remediation Engine rolls back malicious changes to the operating system.
Advanced anti-malware protection
Kaspersky Security for Virtualization Light Agent delivers on-access and on-demand anti-malware protection for VMs. Kaspersky Lab’s dedicated SVM combines signature-based technologies and heuristic analysis for rigorous protection of VM file systems, including protection against complex, memory-resident malware.
Multi-layered security for VDI
Kaspersky Hybrid Cloud Security drastically cuts login time for virtual desktops while eliminating hiccups and choke points when scaling and pushing the limits of the virtualisation host, compared to a traditional endpoint security solution. The solution is designed and built specifically for use in virtualised environments to eliminate redundant operations and data. After learning the environment, the solution is in most cases able to instantly produce a verdict, without wasting a single extra cycle. Featuring the same extensive endpoint security feature set as traditional solutions, Kaspersky Hybrid Cloud Security creates a secure and responsive user environment, allowing users to focus on their job without risking becoming a victim of fileless malware, ransomware, exploits and the like. The solution supports VMWare Horizon, Microsoft HyperV and Citrix Virtual Desktops VDI platforms.
ImprovedSupports wide range of Windows and Linux operating systems in most VDI environments
Deep integration with platform APIs leverages the deployment, configuration, management and reporting mechanisms of the VDI platforms to ensure high levels of security and control over the user environment.
A wide range of Windows and Linux guest operating systems are supported in VMWare Horizon, Citrix Virtual Apps and Desktops as well as HyperV VDI environments.
To deal with the risks from exploitation of unpatched vulnerabilities, Kaspersky Hybrid Cloud Security incudes a range of Exploit Prevention technologies.
The Exploit Prevention mechanism specifically monitors the most frequently targeted applications – including Adobe Reader, Internet Explorer, Microsoft Office, Java and many more – delivering an extra layer of security monitoring and protection against unknown threats.
Configurable Application Control tools let you to specify which applications are allowed to run on which VMs. This reduces exposure to risk and wasted resources due to running unnecessary software.
There’s a choice of a Default Allow policy, that allows the execution of all applications except the specifically blacklisted ones, or a Default Deny policy, that blocks all programs except those on the White List.
Kaspersky’s Application Control consists of:
- Application Startup Control –allows or disallows each application startup on the protected system
- Application Privilege Control – registers applications and regulates their activity according to the rules set. The rules define whether an application is allowed to access operating system resources and a user’s personal data.
Supports the rapid provisioning of VDI machines
Kaspersky Security for Virtualization Light Agent fully supports linked and full cloning. Thanks to the pre-installed lightweight agent, provisioning a new VM simply involves cloning a template. Once cloning is complete, the new machine is automatically protected by the SVM. This simplifies VDI management, eliminating the need to update security products on the VDI image.
Anti-ransomware for your VDI
System Watcher technology built into Kaspersky Security for Virtualization Light Agent monitors the behaviour of applications running inside each virtual desktop. If suspicious behaviour is detected - such as cryptor or locker activity - it’s immediately blocked and any malicious changes are automatically rolled back, keeping your critical data secure.
Web Control helps manage Internet use, blocking VM access to specific websites or automatically updated categories such as social networks, music, videos and personal web email. Different control policies can be set for different job roles, blocking access around the clock or during specific times during the day.
Because users can connect to their VDI machine from anywhere, on any device, it’s important to ensure that VMs aren’t exposed to threats from unsecured USB devices. With Device Control, administrators can specify exactly which removable devices can be accessed in each individual VM. It’s easy to apply control policies to a range of devices, including removable drives, printers and non-corporate network connections. For VMware installations, this technology complements and enhances existing Horizon USB Redirection capabilities.
Silent Mode for maximum performance gains
The Kaspersky Security for Virtualization Light Agent user interface can be disabled (by unloading it) on any or all VMs for additional performance optimisation.
Network security to block attacks and exploits
NewScanning for threats hiding in encrypted HTTPS traffic
This functionality allows Light Agent to analyse secure connections for threats and prevent the malicious object from reaching the end user’s browser. Often, this can stop an exploitation attempt before it even begins.
Multi-layered protection for your network
Kaspersky Security for Virtualization Light Agent protects against external and internal network attacks – including threats that may be hiding in encrypted traffic. Every VM is protected by host-based network security which includes Kaspersky Lab’s HIPS, firewall and Network Attack Blocker technologies.
Host-based Intrusion Prevention System (HIPS) and personal firewall
HIPS – working together with Kaspersky Lab’s two-way firewall – controls inbound and outbound network traffic. Flexible tools enable granular control over security according to a policy containing a wide range of parameters, including settings for particular ports, individual IP addresses or specific applications’ network activity.
Network Attack Blocker
Kaspersky’s Network Attack Blocker technology monitors hypervisor network traffic and checks for the presence of any activity which may signify a network attack. As soon as it’s detected, the network attack is blocked.
Consistent visibility and control
NewRole-Based Access Control (RBAC) support
Kaspersky Security Center features Role-Based Access Control (RBAC) that facilitates duty separation, task delegation and audits of security–related organisational functions.
This feature is highly relevant for organisations with a developed information security function, branched infrastructures or large complex infrastructures where there are usually multiple management servers and different people being responsible for security administration, policies and audits.
ImprovedSingle-package deployment wizard
Kaspersky Security for Virtualization Light Agent is deployed using the single product installer wizard. The wizard has been improved to include agent installers and SVM image downloaders. Remote installation packages for agents are also added to Kaspersky Security Center for streamlined deployment.
NewRemote installation of Linux Agent
Kaspersky Security for Virtualization Light Agent for Linux can now be remotely deployed, simplifying the solution rollout.
ImprovedLarge scale and complex network architecture support
Security administrators can use deployment improvements to automate the rollout of security agents and optimise infrastructure protection.
SVM discovery and selection is enhanced to optimise deployments in large-scale environments.
Protection Server can now be deployed and configured via the API, making it possible to deploy the protection server using hypervisor deployment capabilities.
With the latest improvements, Kaspersky Security for Virtualization Light Agent operates seamlessly in complex enterprise infrastructures running multiple logical networks on different hypervisor hosts and platforms.
Parallel installation and deployment
SVMs can be deployed onto several virtualisation hosts simultaneously. This significantly reduces the time it takes to get the security solution up and running within a virtualised infrastructure, regardless of size.
Exceptions or enforcement management
Kaspersky Security for Virtualization Light Agent now offers a wider list of applications from different software vendors for use when specifying exceptions or configuring an enforced scanning policy.
Single pane of glass management console for all physical, virtual and mobile devices
Kaspersky Security for Virtualization Light Agent is managed by Kaspersky Security Center – Kaspersky Lab’s management interface that lets you granularly configure and control a wide range of Kaspersky’s applications protecting mobile devices as well as server and desktop workloads on-premise, in a datacenter or in a public cloud.
- VMware vSphere 6.7 with VMware vCenter 6.7
- VMware vSphere 6.5 with VMware vCenter 6.5
- VMware vSphere 6.0 with VMware vCenter 6.0
- Microsoft Windows Server 2016 Hyper-V role (Full or Server Core mode)
- Microsoft Windows Server 2012 R2 Hyper-V role (Full or Server Core mode)
- Deployment via System Center Virtual Machine Manager (SCVMM) 2019 is available
- Deployment via System Center Virtual Machine Manager (SCVMM) 2016 is available
- Deployment via System Center Virtual Machine Manager (SCVMM) 2012 R2 is available
- Citrix XenServer 7.1 LTSR
KVM (Kernel-based Virtual Machine)
- Ubuntu Server 18.04 LTS
- Ubuntu Server 16.04 LTS
- Red Hat Enterprise Linux Server 7.6
- CentOS 7.6
Proxmox VE (KVM-based only)
- Proxmox VE 5.3
- HUAWEI FusionCompute CNA 6.3.1
- R virtualization 7.0.6
- Citrix Virtual Apps and Desktops 7 1903
- Citrix Provisioning 7 1903
- Citrix XenApp and XenDesktop 7.15 LTSR
- Citrix Provisioning Services 7.15 с последними установленными обновлениями
- VMware Horizon 7.7
Windows-based guest operating systems
- Windows 10 Desktop Pro / Enterprise / LTSC / RS4 / RS5 / RS6 (32 / 64-bit)
- Windows 8.1 Update 1 Professional / Enterprise (32 / 64-bit)
- Windows 7 Professional / Enterprise Service Pack 1 (32 / 64-bit)
- Windows Server 2019 RS5 Standard / Datacenter (Full mode) (64-bit).
- Windows Server 2016 Standard / Datacenter (Full mode) (64-bit).
- Windows Server 2012 R2 Standard / Datacenter / Essentials (Full mode) (64-bit)
- Windows Server 2012 Standard / Datacenter / Essentials (Full mode) (64-bit)
- Windows Server 2008 R2 Service Pack 1 Standard / Enterprise / Datacenter (Full mode) (64-bit)
Linux-based guest operating systems
- Debian GNU / Linux 9.8 (64-bit)
- Debian GNU / Linux 8.11 (64-bit)
- Debian GNU / Linux 8.11 i386 (32-bit)
- Ubuntu Server 18.04 LTS (64-bit)
- Ubuntu Server 16.04 LTS (64-bit)
- CentOS 7.6 (64-bit)
- CentOS 6.10 (64-bit)
- Red Hat Enterprise Linux Server 7.6 (64-bit)
- Red Hat Enterprise Linux Server 6.10 (64-bit)
- SUSE Linux Enterprise Server 15 (64-bit)
- ALT Linux 8 (64-bit)
- ALT Linux 7.0.6 (64-bit)
- Oracle Linux 7.6 (64-bit)
- Astra Linux SE 1.6 (No support for Mandatory Access Control or Closed Software Environment)
- Astra Linux SE 1.5 (No support for Mandatory Access Control or Closed Software Environment)
Kaspersky Security for Virtualization
Solution Data Sheet.
Advanced healthcare provider AZ Sin-Jan protects its sensitive data and systems using Kaspersky Endpoint Security for Business, Mail Server and Virtualization.
A white paper exploring why a specialised security solution for virtual environments is essential.