IN THE REAL WORLDVIRTUALIZATION SECURITY

Growing Technology

Virtualization has become the standard for many corporate IT departments. The market for server virtualization infrastructure has matured, surpassing 70% of all server workloads with forecasted growth to 82.4% in 2015. Gartner predicts that server virtualization will drive storage requirements up by 600%, meaning virtual environments will need six times the storage to support those environments.1

As the prevalence of the technology increases, virtualization security issues are becoming more critical and complex. When virtual machines have downtime, sensitive data is exposed, making the system more vulnerable to security and regulatory risk. To reap the rewards of virtualization, you must also consider increased complexity, storage requirements, compliance regulations, and cybersecurity needs.

1 Gartner, 2014

Virtualization 101

For the purposes of this eBook, the term “virtualization” is used to speak of a virtual hardware platform where an operating system can run. This platform is called a virtual machine (VM) which is an isolated software environment that is assigned computing resources (e.g., CPU, RAM, or HDD) from the hypervisor. The hypervisor is the core of the virtualization system. It provides connection between the physical server and virtual machine hardware. The hypervisor isolates VMs so that each only has access to its own resources. The hypervisor is used to create and manage VMs and ensure resources are available for all VMs configured in the host environment.

This architecture allows multiple different operating systems and applications running on a single host. As far as the user is concerned, a VM acts like a real computer with an operating system.

There are two main types of hardware virtualization:

• Server Virtualization: With server virtualization, you can create multiple virtual servers on a single host. The benefits include reduced hardware equipment, floor space, and energy by consolidating multiple workloads onto fewer physical servers. Traditional servers tie up valuable capital, drain operational resources, and are typically underutilized.

• Virtual Desktop Infrastructure (VDI): With a virtual desktop infrastructure (VDI), user desktop environments are accessed over a network using a remote display protocol. A connection brokering service is used to connect users to their assigned desktop sessions. For users, this means they can access their desktop from any location, without being tied to a single client device. Since the resources are centralized, users moving between work locations can still access the same desktop environment with their applications and data.

Benefits of Virtualization

• Reduced costs

• Simplified management

• Prompt deployment of test and industrial configuration

• Standard drivers provide portability

• Efficient use of resources

• Prompt disaster recovery

• High availability and load balancing

Security Risks

Although virtualization is widely accepted as an efficient and cost-effective option, VMs are not inherently more secure than physical machines.

In reality, VMs are just as vulnerable to malware in the form of malicious email attachments, drive-by-downloads, botnet Trojans and even targeted “spearphishing” attacks. Virtualization security is not optional.

Virtualization Security Options

For virtualization security, there’s no ‘one size fits all’ solution. The optimum approach for your organization – and the unique architecture of your IT infrastructure – will depend on a number of factors, including:

• The level of risk you’re likely to encounter

• The value of the data that your systems store and process

• The consolidation ratios that you’re aiming to achieve

• Your organization’s virtual environment – including servers and desktops

• Your choice of virtualization platform

With a virtualized system, you have several protection options available, including:

• Agent-based (conventional security solution deployed within guest VM like it would be a physical machine)

• Agentless

• Light Agent

Agentless protection has its pros and cons, depending on your organization’s particular circumstances:

There are some cases—such as organizations with less than 20 VMs or super-low consolidation ratios – whereby a traditional, agent-based security product would be the best option. In general, security that’s optimized for virtual environments is desirable because it offers significant performance, consolidation, and operating cost benefits.

For solutions that are optimized for virtualization, it’s a matter of choosing an agentless solution or a light agent (or ‘small footprint’) security product.

Kaspersky Virtualization Security OptionsKaspersky Lab released its first dedicated solution for virtualization in early 2011. Today, there are options that support a variety of virtualization platforms.

VMware®internal storage servers benefit from the density available through agentless security.

The Kaspersky Security for Virtualization | Light Agent (KSV | LA) solution provides advanced anti-malware and network protection for virtual machines through a combination of a dedicated virtual appliance and small software agents which are installed onto each virtual machine or template.

Virtualization Case StudyTo read a case study about an enterprise organization in the healthcare industry that has improved efficiency and performance with Kaspersky Security for Virtualization, click here.

FEATURE KSV I AGENTLESS

KSV I LIGHT AGENT KESB

Virtualization Platforms Supported VMwareVMware, Microsoft Hyper-V®, Citrix®

Any except OS-level1

Guest OS Supported MS Windows MS WindowsMS Windows®,

Mac®OS X, Linux®

Consolidation Ratio with a Single Host

* * * * * * * *

Centralized Management via Kaspersky Security Center

+ + +

KSN Functionality + + +

Protection of New VM without Additional Installations

+ +/– –

Anti-Malware * * * * * * * *

Firewall + +

Host-based Intrusion Prevention (HIPS)

+ +

Network Attack Blocker + + +

Application Control with Dynamic Whitelisting and Support for

Default Deny+ +

Web Control + +

Device Control + +

Systems Management +/– +/–

Call Kaspersky today at 866-563-3099 or email us at corporatesales@kaspersky.com, to learn more about Kaspersky Endpoint Security for Business.

www.kaspersky.com/businessSEE IT. CONTROL IT. PROTECT IT. With Kaspersky, now you can.

© 2014 Kaspersky Lab ZAO. All rights reserved. Registered trademarks and service marks are the property of their respective owners.