masterzphotofo - Fotolia
Server virtualization plays a vital role in many data centers, which means that VM security must be a top priority. Kaspersky's Hybrid Cloud Security product now includes the Security for Virtualization Light Agent application, a new software package that provides multilayered protection for virtual servers and VDIs.
IT administrators must have reliable and comprehensive tools to fully protect their virtual environments. Unfortunately, many vendors design their security tools for bare-metal implementations and fail to provide the protections necessary to safeguard virtualized workloads. A security tool must include features designed specifically for virtual environments in order to properly protect those environments. Anything less and admins could put sensitive data at risk.
Kaspersky designed and built the Light Agent application specifically for virtualized environments, with a focus on hybrid cloud security. This application protects individual VMs running on supported hypervisors while reducing the impact on performance that often comes with safeguarding data center systems.
Hybrid cloud security and the Light Agent application
Kaspersky's Hybrid Cloud Security product offers a unified solution for securing physical machines and virtual workloads implemented on premises or in the public cloud. The product comes preintegrated with AWS and Microsoft Azure and provides a central hub for managing security across the entire hybrid infrastructure.
Hybrid Cloud Security bundles several Kaspersky applications into a single package for managing security. The applications include Security Center, Endpoint Security for Linux, Security for Windows Server, Hybrid Cloud Security for AWS, Hybrid Cloud Security for Microsoft Azure, Security for Virtualization Agentless and Security for Virtualization Light Agent.
The Kaspersky Light Agent application can protect VMs and their guest OSes across multiple hosts for both virtual servers and VDI environments. The application prevents exploitations to the system, reduces attack surfaces and eliminates arbitrary code execution. It also includes memory and data control algorithms to detect and diffuse ransomware threats.
The Light Agent application supports several virtualization platforms, including VMware vSphere, Citrix Hypervisor, Microsoft Hyper-V and Linux KVM. IT teams should determine whether the Light Agent application supports their virtualization platforms and editions before implementation. For example, the Light Agent application supports vSphere 6.0, 6.5 and 6.7, but no other vSphere editions.
Light Agent application features
The Kaspersky Light Agent application offers several features particularly beneficial for server virtualization. For example, the application utilizes a shared cache feature that makes file scanner results available to all VMs on a host, a process that minimizes duplicate efforts across the VMs while reducing the infrastructure load. The application also regularly downloads updated database and application modules to provide up-to-date protections against malware across the protected VMs.
If the Light Agent application detects an infected file during a virus scan, it blocks the file and copies it to a backup repository. The application also protects against internal and external network threats, including those embedded in encrypted traffic. In addition, the application integrates with the Kaspersky Security Network, which can help protect against new threats such as zero-day vulnerability exploits.
The Light Agent application also includes an exploit protection feature that monitors popular applications running on virtual servers or desktops. Exploit protection works by identifying suspicious behavior patterns and stopping the exploit before it can execute malicious code. The application also includes the Application Control feature, which supports application blacklisting and whitelisting to better manage virtual environments.
Another important feature is System Integrity Assurance, which works in conjunction with the exploit protection and application control features to monitor VMs for configuration drift and state changes. The application also has Behavior Detection, which uses machine learning and other advanced technologies to identify suspicious behavior patterns. The Light Agent application provides a remediation engine for rolling back malicious changes, as well as on-demand and on-access antimalware protection for monitored VMs.
Light Agent application components
The Kaspersky Light Agent application includes three primary components: the Protection Server secure virtual machine (SVM), the Light Agent VM client software and the Integration Server.
Protection Server SVM. The Protection Server is management software that runs in an SVM on each protected host. Kaspersky provides the SVM as part of the application installation package. The Protection Server scans all files within host VMs that have the Light Agent client software running. When scanning files, the server uses the shared cache features to optimize operations.
The Protection Server receives database and application module updates. In addition, it maintains the malware database for the host's VMs, and it generates file threat verdicts for those VMs. It also manages licensing keys and licensing restrictions.
Light Agent VM client software. Admins' systems install the Light Agent software client on each protected VM and prevents malware and network exploits and maintains connectivity with the Protection Server in order to facilitate the file scanning process.
When connected to the Protection Server, the agent sends file fragments for scanning along with specific information, such as file names, checksums and web addresses. If the local Protection Server is not available, the agent can connect to a remote instance of the Protection Server to carry out the scanning. If an agent loses connectivity for over five minutes during a scan, the system pauses and generates an error.
Integration Server. The Integration Server supports interactions between the virtual infrastructure and the Light Agent application components. The Integration Server deploys, reconfigures and removes SVMs. The server also gathers information about the hypervisors and VMs within a system, as well as details for establishing connectivity between the Protection Server and Light Agent software clients.
In addition to the three primary components, the Light Agent application includes functional components that admins can individually enable, disable and configure. These functional components provide specific types of functionality, such as antivirus scanning, firewall protection, application privilege control and network attack blocking.
The Light Agent application requires admins to install the Security Center application, Kaspersky's management interface for configuring and controlling other Kaspersky applications.