FEATURES
Specifically designed for VMware security
The tight integration of Kaspersky Security for Virtualization Agentless with the VMware vSphere and NSX platforms means that the infrastructure and security layers work together in close co-operation, bringing improved levels of automation and protection to software-defined data centers. Anti-malware scans, as well as network attack blocking functionality, are offloaded to dedicated security virtual appliances (also known as Security Virtual Machines or SVMs) and delivered to each VM from the moment it’s powered on.
- Next Gen anti-malware protection, featuring multiple machine learning-powered technology layers, is delivered instantly to every virtual machine (VM) managed by VMware NSX, with no need to install any agent on the VM.
- Full, flexible network threat detection capabilities are also delivered to every virtual host managed by the VMware NSX platform, helping to protect your virtualized infrastructure from the most advanced network-based threats and even zero-day vulnerabilities.
Tight VMware NSX integration enables the fully automated deployment of security appliances (main Secure Virtual Machines (SVMs) or Network Threat Detection SVMs). These pop up on the hypervisor automatically, based on the security polices applied to each VM.
Tight integration with VMware NSX means that each VM receives precise security capabilities as defined by your corporate policies.
In a dynamically changing IT landscape, it’s important to ensure that your security policy is attached to a particular VM function - not to a precise location - so that individual security capabilities travel with each VM from host to host. The VMware NSX platform and its security policies enable this functionality, consolidating all security settings (network, AV, etc.) into one policy. We further boost the VMware NSX platform’s security management efficiency by incorporating the anti-malware and network attack blocking security policies available in our Agentless solution.
This feature fully supports the building and scaling of perfectly balanced software-defined data centers.
Kaspersky Security for Virtualization Agentless and the VMware NSX platform now exchange security tags, which can change based on specific rules (e.g. malware detected inside a VM). This constant interaction between the infrastructure and its security means the software-defined data center can react in real time to any security incident, automatically triggering the reconfiguration of the entire virtual infrastructure if necessary.
Automated Security and Monitoring
No ‘traditional’ security solution can perform an agentless anti-malware scan of a VM that’s offline. Kaspersky Security for Virtualization Agentless introduces advanced functionality that scans all VMs running Windows or Linux OS with the following file systems: NTFS, FAT32, EXT2, EXT3, EXT4, XFS and BTRFS - whether they’re online or offline. This includes VM templates used for on-demand VM spawning. The result is more effective on-demand scanning and better security coverage across your entire infrastructure.
Kaspersky Security for Virtualization Agentless can be installed with an SNMP-agent. This monitors and sends extensive information about the SVM's health status to third-party SNMP monitoring tools like Zabbix and Nagios. SNMP counters include general SVM metrics (CPU, RAM, etc.), as well as specific metrics.
Routine scanning can be performed on all VMs according to your own pre-set schedule. Kaspersky Security for Virtualization Agentless automatically avoids the simultaneous scanning of large numbers of machines, to help ease the load on your systems.
With full support for VMware vMotion, Kaspersky Security for Virtualization Agentless ensures that security is not interrupted when a workload is moved from one ESXi host to another. If the new host has the necessary licenses, the security will automatically transfer along with the workload – and all security settings and policies will remain exactly as you configured them.
Kaspersky Security for Virtualization Agentless receives information about VMs from the VMware vCenter Server, including a list of all VMs and all relevant parameters. As well as giving IT administrators a higher level of visibility, this close integration with vCenter Server ensures that protection is automatically provided whenever your IT team configures a new VM.
The cloud-based Kaspersky Security Network (KSN) identifies new threats and delivers the most recent threat intelligence in real time. With an identification time as quick as 0.02 seconds, KSN helps protect you against zero-day threats.
The Right Balance of Protection and Performance
Kaspersky Security for Virtualization Agentless has been designed to protect virtual servers with optimum efficiency and minimal impact on hypervisor performance. So your servers are protected while retaining all the benefits of virtualization.
Offloading resource-heavy tasks such as anti-malware scans and storing security intelligence databases substantially reduces the strain of doubling-up functionality on every virtual host, including Hypervisor I/O, CPU, Memory and Storage.
Kaspersky’s Network Threat Detection System monitors network traffic for signs of activity typical of network attacks. On detecting an attack, it blocks the attacking computer. It also detects suspicious network activities that may be a side effect of a network intrusion into the protected infrastructure. Exclusion rules can be configured to scan or block specific IP addresses. A traffic processing mode can be selected for Network Threat Detection, to block the detected threats. Kaspersky Security for Virtualization Agentless provides this network-level functionality together with support for VMware vCloud Networking and Security or VMware NSX.
Comprehensive policies can be created for all KSC clusters. These can define settings to protect all VMs within the protected infrastructure of every KSC cluster, i.e. all VMs managed by all VMware vCenter servers.
With just one instance of the security appliance protecting all the VMs running on a single host, Kaspersky Security for Virtualization Agentless helps to eliminate anti-malware 'update storms' and 'scanning storms'.
When a file is accessed on a VM, Kaspersky Security for Virtualization Agentless automatically scans the file to ensure that it’s safe, then stores the verdict in a shared cache. When that same file is accessed on another VM on the same virtual host, the security solution knows that another scan is unnecessary. The file will only be re-scanned if it’s been changed, or if the user runs a manual scan. This saves resources – especially in virtual desktop (VDI) environments, where many VMs use identical sets of OS and application files.
Kaspersky’s shared cache technology helps enhance IT performance and reduce the load on your computing infrastructure, so you can reallocate resources to other tasks without compromising security levels.
Superior Reliability and Manageability
Kaspersky Security Center, included in Kaspersky Security for Virtualization Agentless, provides a single unified management console for controlling a wide range of Kaspersky security technologies. You can manage the protection of virtual, physical and mobile devices, and enforce consistent security policies across your entire IT estate – all from the one console.
During deployment, there’s no need to reboot any machines or put the host server into maintenance mode. This helps maintain productivity for your users – vitally important for data centers committed to achieving ‘five nines’ (99.999%) uptime or better.
Kaspersky Security for Virtualization Agentless is managed from the same Kaspersky Security Center that manages regular endpoints. KSC makes it easy to generate detailed reports, giving administrators greater visibility of events and completed tasks. Because Kaspersky Security Center lets you manage a wide range of security applications, you can produce reports covering all the virtual, physical and mobile devices being protected by Kaspersky security technologies.
Kaspersky Security for Virtualization Agentless offers a choice of ‘per virtual machine’ or ‘per CPU’ licensing – letting you choose the option that’s most cost-effective for your business. For large data centers and IaaS (Infrastructure as a Service) providers, the number of virtual machines regularly fluctuates, so ‘per CPU’ licensing offers big benefits.
SYSTEM REQUIREMENTS
- Option 1:
- VMware ESXi 6.7 hypervisor, VMware ESXi 6.5 hypervisor Update 2 or VMware ESXi 6.0 hypervisor Update 3a
- VMware vCenter Server 6.7.0b, VMware vCenter Server 6.5 Update 2b, or VMware vCenter Server 6.0 Update 3f
- VMware NSX for vSphere 6.4.1
- Option 2:
- VMware ESXi 6.5 hypervisor Update 2 or VMware ESXi 6.0 hypervisor Update 3a.
- VMware vCenter Server 6.5 Update 2b or VMware vCenter Server 6.0 Update 3f
- VMware NSX for vSphere 6.3.6
VMware Tools kit version 10.2.5 is required to ensure proper functioning of the File Anti-Virus component. When you install the VMware Tools suite, the Guest Introspection Thin Agent component must be installed.
A current license for NSX for vSphere Advanced or NSX for vSphere Enterprise is required in order for the Network Threat Detection component to work.
The Network Threat Detection component protects only those virtual machines that use the E1000 or VMXNET3 network adapter.
The File Anti-Virus component ensures protection of virtual machines that have the following guest operating systems installed:
- Windows desktop operating systems:
- Windows 10 Pro / Enterprise RS1 / RS2 / RS3 (32- or 64-bit)
- Windows 10 Pro for Workstations (32- or 64-bit)
- Windows 8.1 (32- or 64-bit)
- Windows 8 (32- or 64-bit)
- Windows 7 Service Pack 1 (32- or 64-bit)
- Windows server operating systems:
- Windows Server 2016 (LTSC) (64-bit)
- Windows Server 2012 R2 without ReFS (Resilient File System) support (64-bit)
- Windows Server 2012 without ReFS (Resilient File System) support (64-bit)
- Windows Server 2008 R2 Service Pack 1 (64-bit)
On protected virtual machines running Windows operating systems, one of the following file systems must be used: FAT, FAT32, NTFS, ISO9660, UDF, CIFS.
- Ubuntu Server 14.04 LTS (64-bit)
- Red Hat Enterprise Linux Server 7 GA (64-bit)
- SUSE Linux Enterprise Server 12 GA (64-bit)
On protected virtual machines running Linux operating systems, one of the following file systems must be used:
- Local file systems: EXT2, EXT3, EXT4, XFS, BTRFS, VFAT, ISO9660.
- Network file systems: NFS, CIFS.
The application distribution kit includes several SVM images (Secure Virtual Machine images) with the File Anti-Virus component installed, and several SVM images with the Network Threat Detection component installed. You can use these images to deploy SVMs with the necessary configuration.
Depending on the selected configuration for an SVM with the File Anti-Virus component, the following minimum system resources are required:
2 CPU 2 GB RAM configuration:
Number of processors – 2
Allocated RAM size – 2 GB
Available disk space – 32 GB
2 CPU 4 GB RAM configuration:
Number of processors – 2
Allocated RAM size – 4 GB
Available disk space – 34 GB
2 CPU 8 GB RAM configuration:
Number of processors – 2
Allocated RAM size – 8 GB
Available disk space – 38 GB
4 CPU 4 GB RAM configuration:
Number of processors – 4
Allocated RAM size – 4 GB
Available disk space – 34 GB
4 CPU 8 GB RAM configuration:
Number of processors – 4
Allocated RAM size – 8 GB
Available disk space – 38 GB
Depending on the selected configuration for a SVM with the Network Threat Detection component, the following minimum system resources are required:
2 CPU 1 GB RAM configuration:
Number of processors – 2
Allocated RAM size – 1 GB
Available disk space – 9 GB
4 CPU 2 GB RAM configuration:
Number of processors – 4
Allocated RAM size – 2 GB
Available disk space – 10 GB
8 CPU 4 GB RAM configuration:
Number of processors – 8
Allocated RAM size – 4 GB
Available disk space – 12 GB
The computer must meet the following minimum hardware requirements to support installation and operation of the Integration Server:
- Available disk space – 500 MB
- Available RAM:
- For operation of the Integration Server Management Console – 50 MB.
- For operation of an Integration Server that serves no more than 30 hypervisors and 2000–2500 protected virtual machines – 300 MB. RAM size may change depending on the size of the VMware virtual infrastructure.
For hardware requirements for Kaspersky Security Center, please refer to the Kaspersky Security Center documentation.
For hardware requirements for the VMware virtual infrastructure, please refer to the VMware product documentation.
For hardware requirements for the Windows operating system, please refer to the Windows product documentation.
Kaspersky Security for Virtualization
virtualization and VDI
Kaspersky Hybrid Cloud Security for Virtualization - Solution datasheet
Resolute Mining chose Kaspersky Lab’s virtualisation security solution for world-class protection of its virtual servers.
Virtualization Security architecture and feature guide: learn about your options when it comes to efficient Virtual Machine security