A new patent for Kaspersky Lab: making things work faster

October 23, 2015

Kaspersky Lab has patented a new technology designed to prioritize data-scanning tasks on virtual machines. The technology significantly speeds up processing of high-priority scan requests in real time, while maintaining virtual machine performance. The patent was granted by the US Patent and Trademark Office.

Virtual environment is all about speeding things up. In recent years, it has become clear that virtual systems need protection as much as traditional desktops or laptops. In fact, the entire infrastructure, with each and every part of its element, requires to be secured, otherwise hackers can find a weak spot one day and exploit it. Attacking the physical infrastructure via the virtual one isn’t something exotic: bugs in hypervisors allowing to escape virtual machines are encountered quite often. Then just imagine what happens if attackers successfully take over the hypervisor…

But how can you protect VMs? Sometimes “common” antimalware solutions are deployed onto virtual machines as though they are physical. It means that for every virtual machine launched on a certain physical host there are duplicated AV bases, and every copy of an antimalware solution consumes all the resources it needs. Now, if there are dozens – or even hundreds – of VMs launched at the same time, that can lead to such ugly things as instant-on gaps and scanning and update storms, slowing down the entire infrastructure to a crawl.

That effectively ruins the very idea of using virtual infrastructure to improve performance. Surprisingly, in 2014 the majority (58%) of fully implemented virtualization security solutions were “conventional” agent-based ones, tailored for physical machines.


Kaspersky Lab has a solution specifically designed to be used in virtual environments – Kaspersky Security for Virtualization. The primary idea here is to ensure protection with minimum strain on hardware, which is achieved with centralization of protection. The virtual environment is protected at the hypervisor level; depending on the platform, either “Agentless” or “Light Agent” is deployed. For Citrix, Microsoft Hyper-V and VMware platforms “Light Agent” variant is utilized, which involves installing a small agent program on every VM (that takes very little resources per se).

Patented approach

A network connection is installed between the dedicated virtual machine and the agents to allow data exchange during on-demand scanning of files (ODS) or on-access scanning of user applications (OAS). This approach significantly reduces the use of resources on target virtual machines while maintaining a high level of information security across the entire virtual infrastructure.

But there is a risk that ODS consumes too much server resources, and that in turn significantly hampers OAS. The execution speed for applications awaiting a verdict in real time can be reduced a lot.

The patented technology can raise the processing priority for OAS tasks, which positively affects the performance of virtual servers or virtual workstations by reducing the response time from the antivirus engine.

It reserves one or more network connections between the agent and the dedicated virtual machine. While the reserved connections are not busy they can be used for both on-demand and on-access scanning. When OAS is required, the reserved connection is passed from ODS to a higher-priority OAS, significantly increasing the processing speed for priority requests, as the impact is minimized.

The patented technology is integrated in Kaspersky Security for Virtualization – Light Agent. Take a look at its details here.