Organisations globally are subject to greater levels of cyber-threat than ever before. It is vital that
the It infrastructure, both physical and virtual, is fully and effectively secured.
This presentation gives an overview of why and how!
4. HYPERVISOR – CORE OF VIRTUALIZATION
4
Hypervisor – specialized software which allows to create and operate virtual
machines (VM). It manages physical computing resources sharing them
among VM.
Hardware
Hypervisor
VM VM VM VM VM
5. VIRTUAL MACHINE – BASIC ELEMENT OF VIRTUALIZATION
5
Virtual Machine (VM) – isolated software environment that takes all
necessary computing resources like CPU, RAM, HDD from hypervisor, which
allows you to run different operating systems and applications on single host.
Hardware
Hypervisor
Windows
Server
2008
Windows
Server
2012
Windows
XP
Windows
7
Windows
8
6. TWO MOST COMMON TYPES OF VIRTUALIZATION
6
Server Virtualization
Infrastructure
Desktop Virtualization
Infrastructure (VDI)
Hardware
Hypervisor
Windows
Server
2008
Windows
Server
2012
Windows
XP
Windows
7
Windows
8
7. VIRTUALIZATION BENEFITS FOR BUSINESS
VMVM
IT-COSTS REDUCTION
FLEXIBLE MANAGEMENT
RESOURCE OPTIMIZATION
HARDWARE INDEPENDENCE
7
8. ►VIRTUAL ENVIRONMENTS ARE MORE SECURE THAN
PHYSICAL ENVIRONMENTS?
GUEST OS IS THE SAME TARGET FOR MALWARE AS USUAL OS. FROM
MALWARE STANDPOINT THERE IS NO DIFFERENCE BETWEEN VM AND
REAL PC.
FALSE
►CYBERCRIMINALS DON’T TARGET VIRTUAL MACHINES?FALSE
MORCUT (AKA CRISIS), THE FIRST TROJAN TARGETING VIRTUAL
MACHINES, WAS IDENTIFIED IN 2012
►MALWARE CAN’T SURVIVE THE DECOMMISSIONING OF
NON-PERSISTENT VIRTUAL MACHINES?FALSE
RESIDENT MALWARE CAN
SECURITY IN VIRTUAL ENVIRONMENT
8
9. SERVER VIRTUALIZATION USAGE
9 Security in Private and Public Datacenters
80%
75%
57%
50%
46%
3%
1%
67%
58%
45%
37%
34%
2%
4%
0% 20% 40% 60% 80% 100%
Database applications
E-mail applications
CRM applications
ERP applications
Financial Management
applications
Other
Hard to say
Use in virtual environment
Business critical among them
Kaspersky Lab study | Base: 525 companies over Europe, 2012
11. VIRTUAL SECURITY – THE OPTIONS
11
AGENTLESS
NO PROTECTION
LIGHT AGENT
TRADITIONAL
NOT AN OPTION!
GREAT PROTECTION
/INEFFICIENT
IMPLEMENTATION
EASY
DEPLOY/MANAGE
FOR VMWARE
FEATURE-RICH
SECURITY
12. Each guest protects itself -
All set of antimalware
bases locally at every VM,
separate kernel to scan
every VM
•Excessive resource consumption
•Update storms
•Instant-On gaps
•Lower VM densities
AGENT-BASED SECURITY
13. •Keeps VM density
(consolidation ratio) high
•No problems of Agent-
based security, but..
•Less security
•Only VMware
AGENTLESS SECURITY
13
15. PROACTIVE DEFENSE INCLUDING AUTOMATIC EXPLOIT
PREVENTION
LIGHT AGENT | FILE LEVEL PROTECTION
15
AWARD-WINNING ANTI-MALWARE ENGINE
REAL-TIME RESPONSE TO ZERO-DAY THREATS - KASPERSKY
SECURITY NETWORK CLOUD-BASED INTELLIGENCE
DEEP-LEVEL SCANNING AT INDIVIDUAL MACHINE LEVEL,
PROTECTING AGAINST THE MOST ADVANCED MALWARE
16. LIGHT AGENT | NETWORK LEVEL PROTECTION
16
FEATURES HOST-BASED INTRUSION PROVENSION
SYSTEM (HIPS) AND FIREWALL
NETWORK ATTACK BLOCKER IDENTIFIES AND
RESPONDS TO SUSPICIOUS TRAFFIC BEHAVIOUR
IDENTIFIES AND BLOCKS LINKS TO PHISHING SITES
18. 18
Internet
vSphere Microsoft
Hyper-V
Linux-based
hypervisor
VDI for internal use Servers with conf info Test bed
KSV KSV
Endpoint Endpoint
Kaspersky
Security Center (KSC)
KSV | Agentless Kaspersky Endpoint SecurityKSV | Light Agent
REAL LIFE CASE – WHAT SOLUTION TO CHOOSE
19. 19
WHAT OUR SOLUTION IS COMPRISED OF
*NB!! Kaspersky Security for Virtualization is managed via Kaspersky Security Center
20. WHO CAN BENEFIT THE MOST FROM USING KASPERSKY
SECURITY FOR VIRTUALIZATION?
20
Enterprises
Service Providers
Multi-hypervisor
infrastructure owners
..as well as SMB
21. WHAT MAKES OUR SOLUTION DIFFERENT?
21
Low performance impact on virtual infrastructure, thanks to optimized
architecture and dedicated virtual appliance for AV-scan tasks1.
Better protection quality, thanks to wide range of protection components
and technologies, including Anti-Malware, Automatic Exploit Prevention,
Application Control, HIPS, Firewall, Network Attack Blocker, and URL Scan.
Comprehensive solution supporting multiple hypervisor platforms (VMware,
Citrix and Hyper-V), set of protection components with flexible configuration.
Efficient deployment and management of the entire IT infrastructure
security with Kaspersky Security Center unified management solution.
1
2
3
4
1 – read more at http://www.kaspersky.com/about/news/compare/2014/Kaspersky-Lab-Tops-
Competitors-in-Testing-of-Security-Software-in-Virtual-Environments
22. WANT TO KNOW MORE?
Please visit kaspersky.com/business or business.kaspersky.com
Follow us @KasperskyLabB2B
#EnterpriseSec
Editor's Notes
Чтобы добавить фон, нажмите на иконку в центре слайда и выберите файл. Изображение окажется над другими элементами слайда. Кликните на картинке правой кнопкой мыши и выберите опцию «send to back» («отправить назад»).
Basically virtualization is the simulation of software and/or a hardware platform, which other software runs on.
The hypervisor isolates the guests so that each guest only has access to its own resources.
Actually there are many types of virtualization – application virtualization, storage virtualization, network virtualization, etc. But as we focused on platform/hardware virtualization there are the next main types:
Depending on the OS type inside VM distinguish
Server virtualization – With server virtualization, you can create multiple virtual servers on a single host. It allows to save capital, floor space, and energy by consolidating multiple workloads onto fewer physical servers. The traditional server-per-workload paradigm ties up valuable capital, drains operational resources and is typically underutilized.
Desktop virtualization or a certain case of it - Virtual Desktop Infrastructure (VDI) - is a desktop-centric service that hosts user desktop environments on remote host, which are accessed over a network using a remote display protocol. A connection brokering service is used to connect users to their assigned desktop sessions. For users, this means they can access their desktop from any location, without being tied to a single client device. Since the resources are centralized, users moving between work locations can still access the same desktop environment with their applications and data.
IT costs reduction:
Server utilization raise up to 80%
CapEx decrease by 50%
OpEx decrease by 60%
Reliability raise:
Simplifying data backup and data recovery
Automated disaster recovery scenarios
Hardware independence
Simplified management:
Rapid launch of new services
Easy-scalable IT infrastructure
Centralization of management and monitoring tools
There is a pervasive myth that virtual machines are inherently more secure than physical machines.
The truth is that while virtual machines may be less prone to threats such as spyware and ransomware, they are just as vulnerable to malware in the form of malicious email attachments, drive-by-downloads, botnet Trojans and even targeted ‘spear-fishing’ attacks.
Traditional, agent-based antimalware products are not well suited to virtualized environments. Virtualization is all about maximizing the utilization rates for the IT infrastructure – in order to maximize return on investment. However, agent-based antimalware products require the antivirus software and signature database to be installed on every virtual machine, which partly defeats the object of virtualization.
Customer will experience serious issues with performance and security if he will use agent-based security software in virtualized environment:
AV storm is the demand on computing resources that occurs when antimalware software simultaneously scans multiple guest virtual machines on a single physical host. In this context, the word "storm" means a bombardment or blitz. The result is degradation of service.
I/O storms – similar to a scanning storm, this may occur when all virtual machines with local signature database download updates simultaneously.
Duplication/redundancy – duplication of signature databases and redundant file scanning unnecessarily consumes valuable system resources.
Instant-on gaps Virtual machines can be easily taken off line and go dormant for long intervals. When they are brought back online (awakened), the virtual machines may have security gaps, such as unpatched software vulnerabilities and outdated virus signature databases.
VM sprawl and security visibility Virtual machines can be created in minutes, often without the IT department’s knowledge or consent. Visibility then becomes an issue; as security managers cannot protect virtual machines that they cannot see. Agent-based anti-virus in virtual environments, particularly in virtual desktops, can hamper ROI as it impedes the performance of the guest, limits the density of the virtual cluster and allows for unnecessary risk.
Kaspersky Lab released its first dedicated solution for virtualization in early 2011. We were among the first vendors to support the VMware vShield – API that allows security vendors to seamlessly implement an “agentless” antimalware solution into VMware environments.
Citrix and Microsoft don’t provide special APIs for security vendors to connect into hypervisor as VMware does (vShield API). That is why agentless security solution is not possible for non-VMware hypervisor.
In 2014 KL presented a new approach for virtual environment protection. KSV | LA solution provides advanced anti-malware and network protection for virtual machines through a combination of a dedicated virtual appliance and small software agents (so called Light Agents) which are installed onto each persistent virtual machine or template. This architecture allows KL to bring efficient virtualization- security solutions to platforms without an agentless option – Citrix and Hyper-V while maintaining the performance advantages of a Virtualization-optimized solution against traditional agent-based solutions.
Actically this approach gives better level of protection than VMware agentless technology – due to agents solution can apply all advanced endpoint protection – proactive technologies incl. exploit prevention; application and web controls; HIPS/firewall and more. This allows KSV LA to detect uncatchable for agentless solution malware – e.g. memory resident viruses.
Kaspersky’s control tools have become a key part of our protection methods. They have helped our customers implement security policies and are a significant differentiator for us.
WEB CONTROLS ALLOW INAPPROPRIATE INTERNET CONTENT – INCLUDING SOCIAL NETWORKS, MUSIC, VIDEO ETC - TO BE BLOCKED OR LIMITED DURING BUSINESS HOURS.
APPLICATION CONTROLS REGULATE AND CONTROL THE OPENING OF PROGRAMS ON INDIVIDUAL VIRTUAL MACHINES.
DEVICE CONTROLS PERMIT OR RESTRICT THE USE OF REMOVABLE DEVICES, INCLUDING EXTERNAL DRIVES, PRINTERS, CDS/DVDS, WI-FI OR BLUETOOTH.
Kaspersky Lab solutions are highly effective at protecting highly heterogeneous infrastructures, managed centrally through a single console.
In this example:
VMware internal storage servers benefit from the density available through agentless security
The Hyper-V platform environment enjoys advanced security and controls from a light-agent solution
The Linux based test bed is protected by Kaspersky Security for Business.*
Security for all three platforms is managed together with physical endpoint security through Kaspersky Security Center.
* Kaspersky Endpoint Security for Business was deliberately designed to perform effectively in virtual as well as physical environments, so can play a valuable role in a multi-platform, multi-functional IT environment.
NB!! In May 2014 the third technical version/generation of KSV | Agentless will be released. It means that starting from that time all applications inside the product will be in third version, so we can publicly tell that KSV product is in its third generation (though we do not use versioning of this product in basic materials).
Midsize and enterprise customers who seek protection for on-premise or private cloud form the main Target Audience for Kaspersky Security for Virtualization. The product can also be effectively offered to data center and cloud-level businesses (or even to IaaS providers - they could offer value-added AV scanning and network protection as built-in security to their clients). With broad hypervisor coverage KSV will also be a strong solution for multi-hypervisor datacenters.
The product provides simplified deployment and use – which is especially important for the companies with small IT teams. High scalability together with simplified management makes Kaspersky Security for Virtualization attractive to big companies as well.
Actual research about preferences in multi-hypervisor datacenters http://wikibon.org/wiki/v/VMware_Dominant_in_Multi-Hypervisor_Data_Centers#Multi-Hypervisor_Impact_on_Cloud_Deployments