A similar situation takes place when an entire pack of virtual machines is being launched. Or when large enterprises use virtual machines in dynamic cycles, provisioning and decommissioning them when needed. Keeping their security tools consistently up-to-date is a problem. Long-dormant VMs can eventually fall below the \u2018baseline\u2019 so that updating them is a time-consuming chore.<\/p>\n
Besides this, VMs can become a security vulnerability all on their own: it takes time to update them, and this time period is a window of opportunity for malware, cyberattacks, etc. In other words, there is time when existing VMs coming back online from a dormant state or newly created ones (with no security solution installed yet) are vulnerable, or rather are completely unprotected. That is what is called \u2018Instant On Gap\u2019. Depending on how many users are simultaneously downloading these updates to their individual VMs, and how many days worth of security updates there are to process, this \u2018window\u2019 can drag on for minutes, or even hours. At the same time the resources of the virtual servers are heavily strained, which means that virtualization makes little sense at all.<\/p>\n
There is a way to avoid this, of course. There are solutions tailored specifically towards use in virtual environments providing security for every one of the VMs on a given host. Kaspersky Security for Virtualization is one these solutions. Its primary idea is to reduce the resource\u2019s drain, so that dynamic changes within the virtual infrastructure stay dynamic, without any \u2018crawling\u2019. This is achieved via the centralization of protection.<\/p> Agent-based antimalware protection on long dormant VMs can fall below the actual security baseline and take \u2018ages\u2019 to update.<\/p>Tweet<\/a><\/blockquote>\n Depending upon the virtualization platform, there are agentless variants and so-called \u2018Light Agents\u2019, when every VM is equipped with a small piece of software acting in the similar way to a full-scale security agent, but without straining the server.<\/p>\n In both cases \u2018the core\u2019 is a virtual appliance installed on the host, which actually performs all resource-intensive security processing, thus providing immediate protection for every virtual machine, both already existing and new: Light Agent is very small so it\u2019s install time on the new machines takes next to no time, removing the Instant On Gap.<\/p>\n The solution has a unified, centralized database on all threats, so there is no unnecessary data duplication; also, there is Shared Cache, which ensures that the same file opened on several different VMs is scanned only once: the scanning engine\u2019s initial verdict is shared within all of the environments, so unless the \u2018good\u2019 file is changed or a user requests a new scan manually, it will be considered safe and won\u2019t be scanned again.<\/p>\n![\"800_2\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/04\/06015945\/800_23.jpg\")
<\/a><\/p>\n