Introducing Kaspersky Security for Virtualization - Light Agent
•Download as PPTX, PDF•
4 likes•6,560 views
Organisations globally are subject to greater levels of cyber-threat than ever before. It is vital that the It infrastructure, both physical and virtual, is fully and effectively secured. This presentation gives an overview of why and how!
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Introducing Kaspersky Security for Virtualization - Light Agent
Similar to Introducing Kaspersky Security for Virtualization - Light Agent (20)
More from Kaspersky
More from Kaspersky (20)
Recently uploaded
Recently uploaded (20)
Introducing Kaspersky Security for Virtualization - Light Agent
- 1. INTRODUCING KASPERSKY SECURITY FOR VIRTUALIZATION | LIGHT AGENT Matvey Voytov Product Marketing
- 4. HYPERVISOR – CORE OF VIRTUALIZATION 4 Hypervisor – specialized software which allows to create and operate virtual machines (VM). It manages physical computing resources sharing them among VM. Hardware Hypervisor VM VM VM VM VM
- 5. VIRTUAL MACHINE – BASIC ELEMENT OF VIRTUALIZATION 5 Virtual Machine (VM) – isolated software environment that takes all necessary computing resources like CPU, RAM, HDD from hypervisor, which allows you to run different operating systems and applications on single host. Hardware Hypervisor Windows Server 2008 Windows Server 2012 Windows XP Windows 7 Windows 8
- 6. TWO MOST COMMON TYPES OF VIRTUALIZATION 6 Server Virtualization Infrastructure Desktop Virtualization Infrastructure (VDI) Hardware Hypervisor Windows Server 2008 Windows Server 2012 Windows XP Windows 7 Windows 8
- 7. VIRTUALIZATION BENEFITS FOR BUSINESS VMVM IT-COSTS REDUCTION FLEXIBLE MANAGEMENT RESOURCE OPTIMIZATION HARDWARE INDEPENDENCE 7
- 8. ►VIRTUAL ENVIRONMENTS ARE MORE SECURE THAN PHYSICAL ENVIRONMENTS? GUEST OS IS THE SAME TARGET FOR MALWARE AS USUAL OS. FROM MALWARE STANDPOINT THERE IS NO DIFFERENCE BETWEEN VM AND REAL PC. FALSE ►CYBERCRIMINALS DON’T TARGET VIRTUAL MACHINES?FALSE MORCUT (AKA CRISIS), THE FIRST TROJAN TARGETING VIRTUAL MACHINES, WAS IDENTIFIED IN 2012 ►MALWARE CAN’T SURVIVE THE DECOMMISSIONING OF NON-PERSISTENT VIRTUAL MACHINES?FALSE RESIDENT MALWARE CAN SECURITY IN VIRTUAL ENVIRONMENT 8
- 9. SERVER VIRTUALIZATION USAGE 9 Security in Private and Public Datacenters 80% 75% 57% 50% 46% 3% 1% 67% 58% 45% 37% 34% 2% 4% 0% 20% 40% 60% 80% 100% Database applications E-mail applications CRM applications ERP applications Financial Management applications Other Hard to say Use in virtual environment Business critical among them Kaspersky Lab study | Base: 525 companies over Europe, 2012
- 10. VIRTUALIZATION SECURITY SOLUTIONS & LIGHT AGENT APPROACH
- 11. VIRTUAL SECURITY – THE OPTIONS 11 AGENTLESS NO PROTECTION LIGHT AGENT TRADITIONAL NOT AN OPTION! GREAT PROTECTION /INEFFICIENT IMPLEMENTATION EASY DEPLOY/MANAGE FOR VMWARE FEATURE-RICH SECURITY
- 12. Each guest protects itself - All set of antimalware bases locally at every VM, separate kernel to scan every VM •Excessive resource consumption •Update storms •Instant-On gaps •Lower VM densities AGENT-BASED SECURITY
- 13. •Keeps VM density (consolidation ratio) high •No problems of Agent- based security, but.. •Less security •Only VMware AGENTLESS SECURITY 13
- 15. PROACTIVE DEFENSE INCLUDING AUTOMATIC EXPLOIT PREVENTION LIGHT AGENT | FILE LEVEL PROTECTION 15 AWARD-WINNING ANTI-MALWARE ENGINE REAL-TIME RESPONSE TO ZERO-DAY THREATS - KASPERSKY SECURITY NETWORK CLOUD-BASED INTELLIGENCE DEEP-LEVEL SCANNING AT INDIVIDUAL MACHINE LEVEL, PROTECTING AGAINST THE MOST ADVANCED MALWARE
- 16. LIGHT AGENT | NETWORK LEVEL PROTECTION 16 FEATURES HOST-BASED INTRUSION PROVENSION SYSTEM (HIPS) AND FIREWALL NETWORK ATTACK BLOCKER IDENTIFIES AND RESPONDS TO SUSPICIOUS TRAFFIC BEHAVIOUR IDENTIFIES AND BLOCKS LINKS TO PHISHING SITES
- 17. WEB CONTROL APPLICATION CONTROL DEVICE CONTROL LIGHT AGENT | CONTROLS 17
- 18. 18 Internet vSphere Microsoft Hyper-V Linux-based hypervisor VDI for internal use Servers with conf info Test bed KSV KSV Endpoint Endpoint Kaspersky Security Center (KSC) KSV | Agentless Kaspersky Endpoint SecurityKSV | Light Agent REAL LIFE CASE – WHAT SOLUTION TO CHOOSE
- 19. 19 WHAT OUR SOLUTION IS COMPRISED OF *NB!! Kaspersky Security for Virtualization is managed via Kaspersky Security Center
- 20. WHO CAN BENEFIT THE MOST FROM USING KASPERSKY SECURITY FOR VIRTUALIZATION? 20 Enterprises Service Providers Multi-hypervisor infrastructure owners ..as well as SMB
- 21. WHAT MAKES OUR SOLUTION DIFFERENT? 21 Low performance impact on virtual infrastructure, thanks to optimized architecture and dedicated virtual appliance for AV-scan tasks1. Better protection quality, thanks to wide range of protection components and technologies, including Anti-Malware, Automatic Exploit Prevention, Application Control, HIPS, Firewall, Network Attack Blocker, and URL Scan. Comprehensive solution supporting multiple hypervisor platforms (VMware, Citrix and Hyper-V), set of protection components with flexible configuration. Efficient deployment and management of the entire IT infrastructure security with Kaspersky Security Center unified management solution. 1 2 3 4 1 – read more at http://www.kaspersky.com/about/news/compare/2014/Kaspersky-Lab-Tops- Competitors-in-Testing-of-Security-Software-in-Virtual-Environments
- 22. WANT TO KNOW MORE? Please visit kaspersky.com/business or business.kaspersky.com Follow us @KasperskyLabB2B #EnterpriseSec
Editor's Notes
- Чтобы добавить фон, нажмите на иконку в центре слайда и выберите файл. Изображение окажется над другими элементами слайда. Кликните на картинке правой кнопкой мыши и выберите опцию «send to back» («отправить назад»).
- Basically virtualization is the simulation of software and/or a hardware platform, which other software runs on.
- The hypervisor isolates the guests so that each guest only has access to its own resources.
- Actually there are many types of virtualization – application virtualization, storage virtualization, network virtualization, etc. But as we focused on platform/hardware virtualization there are the next main types: Depending on the OS type inside VM distinguish Server virtualization – With server virtualization, you can create multiple virtual servers on a single host. It allows to save capital, floor space, and energy by consolidating multiple workloads onto fewer physical servers. The traditional server-per-workload paradigm ties up valuable capital, drains operational resources and is typically underutilized. Desktop virtualization or a certain case of it - Virtual Desktop Infrastructure (VDI) - is a desktop-centric service that hosts user desktop environments on remote host, which are accessed over a network using a remote display protocol. A connection brokering service is used to connect users to their assigned desktop sessions. For users, this means they can access their desktop from any location, without being tied to a single client device. Since the resources are centralized, users moving between work locations can still access the same desktop environment with their applications and data.
- IT costs reduction: Server utilization raise up to 80% CapEx decrease by 50% OpEx decrease by 60% Reliability raise: Simplifying data backup and data recovery Automated disaster recovery scenarios Hardware independence Simplified management: Rapid launch of new services Easy-scalable IT infrastructure Centralization of management and monitoring tools
- There is a pervasive myth that virtual machines are inherently more secure than physical machines. The truth is that while virtual machines may be less prone to threats such as spyware and ransomware, they are just as vulnerable to malware in the form of malicious email attachments, drive-by-downloads, botnet Trojans and even targeted ‘spear-fishing’ attacks.
- Traditional, agent-based antimalware products are not well suited to virtualized environments. Virtualization is all about maximizing the utilization rates for the IT infrastructure – in order to maximize return on investment. However, agent-based antimalware products require the antivirus software and signature database to be installed on every virtual machine, which partly defeats the object of virtualization. Customer will experience serious issues with performance and security if he will use agent-based security software in virtualized environment: AV storm is the demand on computing resources that occurs when antimalware software simultaneously scans multiple guest virtual machines on a single physical host. In this context, the word "storm" means a bombardment or blitz. The result is degradation of service. I/O storms – similar to a scanning storm, this may occur when all virtual machines with local signature database download updates simultaneously. Duplication/redundancy – duplication of signature databases and redundant file scanning unnecessarily consumes valuable system resources. Instant-on gaps Virtual machines can be easily taken off line and go dormant for long intervals. When they are brought back online (awakened), the virtual machines may have security gaps, such as unpatched software vulnerabilities and outdated virus signature databases. VM sprawl and security visibility Virtual machines can be created in minutes, often without the IT department’s knowledge or consent. Visibility then becomes an issue; as security managers cannot protect virtual machines that they cannot see. Agent-based anti-virus in virtual environments, particularly in virtual desktops, can hamper ROI as it impedes the performance of the guest, limits the density of the virtual cluster and allows for unnecessary risk.
- Kaspersky Lab released its first dedicated solution for virtualization in early 2011. We were among the first vendors to support the VMware vShield – API that allows security vendors to seamlessly implement an “agentless” antimalware solution into VMware environments. Citrix and Microsoft don’t provide special APIs for security vendors to connect into hypervisor as VMware does (vShield API). That is why agentless security solution is not possible for non-VMware hypervisor.
- In 2014 KL presented a new approach for virtual environment protection. KSV | LA solution provides advanced anti-malware and network protection for virtual machines through a combination of a dedicated virtual appliance and small software agents (so called Light Agents) which are installed onto each persistent virtual machine or template. This architecture allows KL to bring efficient virtualization- security solutions to platforms without an agentless option – Citrix and Hyper-V while maintaining the performance advantages of a Virtualization-optimized solution against traditional agent-based solutions. Actically this approach gives better level of protection than VMware agentless technology – due to agents solution can apply all advanced endpoint protection – proactive technologies incl. exploit prevention; application and web controls; HIPS/firewall and more. This allows KSV LA to detect uncatchable for agentless solution malware – e.g. memory resident viruses.
- Kaspersky’s control tools have become a key part of our protection methods. They have helped our customers implement security policies and are a significant differentiator for us. WEB CONTROLS ALLOW INAPPROPRIATE INTERNET CONTENT – INCLUDING SOCIAL NETWORKS, MUSIC, VIDEO ETC - TO BE BLOCKED OR LIMITED DURING BUSINESS HOURS. APPLICATION CONTROLS REGULATE AND CONTROL THE OPENING OF PROGRAMS ON INDIVIDUAL VIRTUAL MACHINES. DEVICE CONTROLS PERMIT OR RESTRICT THE USE OF REMOVABLE DEVICES, INCLUDING EXTERNAL DRIVES, PRINTERS, CDS/DVDS, WI-FI OR BLUETOOTH.
- Kaspersky Lab solutions are highly effective at protecting highly heterogeneous infrastructures, managed centrally through a single console. In this example: VMware internal storage servers benefit from the density available through agentless security The Hyper-V platform environment enjoys advanced security and controls from a light-agent solution The Linux based test bed is protected by Kaspersky Security for Business.* Security for all three platforms is managed together with physical endpoint security through Kaspersky Security Center. * Kaspersky Endpoint Security for Business was deliberately designed to perform effectively in virtual as well as physical environments, so can play a valuable role in a multi-platform, multi-functional IT environment.
- NB!! In May 2014 the third technical version/generation of KSV | Agentless will be released. It means that starting from that time all applications inside the product will be in third version, so we can publicly tell that KSV product is in its third generation (though we do not use versioning of this product in basic materials).
- Midsize and enterprise customers who seek protection for on-premise or private cloud form the main Target Audience for Kaspersky Security for Virtualization. The product can also be effectively offered to data center and cloud-level businesses (or even to IaaS providers - they could offer value-added AV scanning and network protection as built-in security to their clients). With broad hypervisor coverage KSV will also be a strong solution for multi-hypervisor datacenters. The product provides simplified deployment and use – which is especially important for the companies with small IT teams. High scalability together with simplified management makes Kaspersky Security for Virtualization attractive to big companies as well. Actual research about preferences in multi-hypervisor datacenters http://wikibon.org/wiki/v/VMware_Dominant_in_Multi-Hypervisor_Data_Centers#Multi-Hypervisor_Impact_on_Cloud_Deployments