When the city of Kelowna in Canada began expanding its virtualized infrastructure, IT decision makers shied away from installing antivirus on virtual servers. The antivirus software options were too CPU and memory resource intensive, said Dave Zylyz, senior systems analyst of information services/corporate services at Kelowna.
The city relied on perimeter protections to keep its virtualized data center secure, but found an antivirus product that wasn’t resource intensive: Trend Micro Deep Security. “You can run it at the ESX host level or install the client in each VM. We chose to [deploy] it at the ESX host level for ease of implementation,” Zylyz said. “It was unique in its class.”
Today, the antivirus options for VMware are expanding. At VMworld 2011, held this week in Las Vegas, Juniper Networks introduced virtualization-specific antivirus protection to its vGW Virtual Gateway, building on its acquisition of virtualization security specialist Altor Networks last December. Also at VMworld, Sophos said it plans to demonstrate a prototype of antivirus optimized for virtualization using VMware vShield Endpoint. In addition, Romania-based antivirus company Bitdefender announced Security for Virtualized Environments, which integrates VMware vShield and will launch later this year.
Trend Micro integrated VMware vShield Endpoint APIs to launch its agentless antivirus for virtual environments at last year’s VMworld. This year at VMworld, the Cupertino, Calif.-based vendor is announcing new functionality with Deep Security 8.0, including file integrity monitoring for virtual servers.
The goal of the new antivirus technologies optimized for virtual servers is to avoid the performance problems – often described as AV storms -- that can occur by applying security software to each virtual machine on a physical server. Multiple antivirus scans happening at one time consume the physical server’s computing resources, leading to service degradation. VMware vShield Endpoint enables antivirus scanning to be offloaded to a dedicated virtual machine.
The new antivirus capabilities in Juniper Networks vGW Virtual Gateway 5.0 leverage the VMsafe APIs to provide on-demand and on-access antivirus scanning, said Johnnie Konstantas, director of cloud security marketing at Sunnyvale, Calif.-based Juniper Networks. VMsafe is VMware’s partner program for integrating security technologies into VMware environments.
The on-demand option gives administrators the ability to run scans offline, during off-peak times. vGW runs in the hypervisor and compares copies of VM discs against antivirus signature files. Juniper has a partnership with Sophos, which provides the AV signatures. The on-access option, which requires a lightweight agent, scans files when they’re introduced into a VMware server. Administrators may choose to have agents on critical servers, Konstantas said. “You have options for how you want to fine-tune the antivirus,” she said.
The updated vGW is like a virtualization-specific UTM, providing integrated firewall protection, intrusion detection, hypervisor compliance monitoring and security management capabilities, Konstantas said. Other new capabilities of the vGW 5.0, which integrates with Juniper’s SRX security appliances, include continuous monitoring of VM security configurations. The product is scheduled to be available early in the fourth quarter.
The new file integrity monitoring capability in Trend Micro Deep Security, which integrates antimalware, firewall protection, IDS/IPS and Web application protection, will help organizations with compliance mandates, said Harish Agastya, director of product marketing at Trend Micro. Incorporating the technology into the server security platform makes it easier for organizations to deploy file integrity monitoring, he said.
Paula Musich, senior analyst at market research firm Current Analysis, said legacy file monitoring products have been problematic. “They’re cumbersome and expensive to deploy – that’s kept the market fairly small. Taking the agentless approach does make it easier,” she said.
Deep Security 8.0 also provides hypervisor integrity monitoring by using Intel TPM/TXT technology. The product is expected to ship by the end of the year.