Virtual security: yeah, we’ve heard something

A recent survey shows that IT professionals have a very uneven understanding of how to protect their virtualization environments. Baseline awareness exists, but there’s a Roman Colosseum of room for improvement.

IT security professionals – i.e. people who claim to have expert-level knowledge of the matter – have very uneven knowledge about securing the virtual environments. As Kaspersky Lab’s 2014 IT Security Risks for Virtualization summary report has shown, between one-quarter and one-third of these respondents expressed a “clear understanding” of agentless and light agent virtualization security models, respectively, but almost equal number of IT professionals reported weak or lacking understanding there.

The rest said they have “a reasonable understanding” of agentless, agent-based, and light agent virtualization security.

All that means that a baseline awareness does exist, and it’s rather good, but there’s a Roman Colosseum of room for improvement. For many professionals virtualization is still a somewhat cryptic thing.

And that most likely means usage of “traditional” approach for security of virtual environments, i.e. the very same agent-based one, used to protect the park of “real”, physical hardware. Install a separate copy of a security solution client to every physical device, than equip with the same agent every virtual PC. Get your update and scanning storms for free and as an extra bonus – instant-on gaps.

In fact, there’s little fun here. Even less of it shows the aforementioned report: according to its findings, the vast majority (58%) of fully implemented virtualization security solutions ARE “conventional” agent-based ones. However, when asking IT professionals who had only partially implemented a virtualization security solution, the rate of conventional agent-based usage was cut in half to 29%, and newer, more efficient technologies such as light agent and agentless security were used more frequently. So there is a slow drift in the right direction – actually, that’s only the beginning.

Why that slow? When IT professionals were asked why they had not adopted a security solution designed specifically for their virtual environments, the two most common answers both pointed to the same conclusion: “our existing anti-malware doesn’t give us problems, and protects more effectively than specialized solutions.”

However, third-party testing indicates that these beliefs are misguided and may rely on outdated beliefs that create performance pitfalls for enterprise-level virtual environments. For example, there was a study performed by independent security testers AV-Test, in which performance testing compared the results of two “traditional” security deployments – using a software agent on each virtual machine – against Kaspersky Lab’s light agent approach, which shifts the burden of most security tasks away from the endpoint to a separate appliance.

All three solutions detected threats similarly well when performing basic AV tasks, but the differences in performance were plain huge. The traditional security measures consumed between 40%-65% more system resources than Kaspersky Lab’s specialized virtual security solution when protecting multiple machines, and could take up to twice as long to boot up virtual machines in heavy load situations. The difference may be not too pronounced when the virtual environment is rather small, but on the large enterprise scale it becomes pure drama.

IT managers and executives are encouraged to learn more about how agentless and light agent security options can significantly boost virtualization ROI by visiting Kaspersky Lab’s virtualization security product page. The full version of the report can be found here.