Kaspersky Security for Virtualization Light Agent is built to provide measurable performance benefits while delivering the latest security technologies and multi-layered protection for virtual servers and/or VDI in hybrid environments. This is achieved by designating a central virtual machine (SVM) to keep the malware databases and produce file threat level verdicts to all the VMs on the host. Through smart optimization, such as shared caching, and the elimination of redundant information, Kaspersky Security for Virtualization is able to cut the amount of data and operations, dramatically reducing IOPS, CPU cycles, memory and disk footprints to help achieve high consolidation ratios, protecting investments in virtualization projects.
The solution supports VMware vSphere, NSX, Horizon, Microsoft Hyper-V, Citrix Hypervisor, Virtual Apps and Desktops, KVM, Proxmox VE and Huawei FusionSphere virtualization environments.
Kaspersky Security for Virtualization Light Agent is a part of Kaspersky Hybrid Cloud Security.
Kaspersky Security for Virtualization Light Agent features patented architecture that offloads redundant operations and data to a central Secure Virtual Machine (SVM). An optimized agent with reduced footprint and resource requirements – a ‘Light Agent’ – is then deployed to each VM for protection.
The Light Agent combines Kaspersky’s most advanced anti-malware and network protection technologies to match the agent-based security while delivering sizable virtualization environment performance benefits.
Virtual environments – especially VDIs – often include many similar VMs, each containing identical files. Full agent-based solutions waste time and resources running multiple scans of the same file on different VMs. Kaspersky’s Shared Cache feature shares the results of file scans, which minimizes the overall load on the IT infrastructure.
Whenever a file is accessed on a VM, Kaspersky Security for Virtualization Light Agent checks against the shared cash if a verdict has already been issued for the file. If the verdict exists, it’s returned to the requesting VM instantly without wasting an extra cycle. The file is only scanned again if it has been modified or a user manually requests a scan.
Dynamic tagging saves time in the case of an incident or can even completely prevent an incident by automating the response to specific events. For example, a machine can be isolated from the network if protection is disabled, or remediation efforts can be initiated if a machine is infected. Light Agent can apply the “VIRUS FOUND” tag to VMs with a parameter to indicate the threat level so that the virtualization platform can react to the event.
The solution is designed so that Light Agents can use a SVM on another host if the local SVM in unavailable or overloaded. This eliminates single points-of-failure in infrastructures of any size. If there’s significant stress on the virtualized infrastructure, the Light Agents can locate and reconnect to the optimal SVM almost immediately. This ensures uninterrupted real-time protection for the entire virtualized environment.
This feature allows the Light Agent to operate in autonomous mode for a short period. In this mode, technologies including Self Defense, Automatic Exploit Prevention and other behavioral-based defensive mechanisms continue to protect the VM. In addition, a local queue of files to be checked for malware is created, ready for when normal operation resumes. This approach ensures that every single object, such as files, scripts, pages, etc. - is inspected, regardless of circumstances.
This built-in mechanism protects Kaspersky Security for Virtualization itself against malware that may try to modify or block its functions, delete components (e.g. antivirus databases, quarantined files, trace files), strip the application of its services or uninstall them. Self-Defense also prevents Kaspersky Security for Virtualization Light Agent’s system registry keys from being modified or deleted inside the guest OS.
The Security Virtual Machine (SVM) constantly and autonomously monitors its own operation, automatically restarting its scan server service if it’s disrupted or stopped for any reason. This ensures that the scanning engine is available and ready to handle anti-malware scans at all times.
The cloud-based Kaspersky Security Network (KSN) identifies new threats and provides automatic updates to the security solution. Identifying new malware in as little as 0.02 seconds, KSN helps Kaspersky Security for Virtualization Light Agent to protect business-critical environments against even most sophisticated threats, such as zero-day vulnerability exploits.
Kaspersky Hybrid Cloud Security can save up to 30% of virtualization hardware resources compared to a traditional endpoint security solution. The solution is designed and built specifically for the use in virtualized environments to eliminate redundant operations and data. After learning the environment, the solution is in most cases able to instantly produce a verdict, without wasting a single extra cycle. Rich and flexible system hardening functionality drastically reduces the attack surface, eliminates arbitrary code execution on servers and blocks exploits – all without any noticeable increase in resource consumption. Memory and data control algorithms detect and defuse ransomware attacks, both host and network-borne. The solution supports VMWare NSX, Microsoft HyperV, Citrix Hypervisor, KVM, Huawei FusionSphere and Proxmox VE virtualization platforms.
Kaspersky Security for Virtualization is the ideal solution for hybrid data centers, delivering advanced security capabilities to virtualized Windows and Linux server workloads.
Application control for Windows Server featuring dynamic whitelisting (or Default Deny) mode has also been enhanced to include a blacklisting (or Default Allow) mode that allows applications to execute unless the software has been found on a blacklist. This mode is useful in controlled environments to further harden the server workload by disallowing selected programs permitted by general policies.
Exploit Prevention specifically targets malware that exploits software vulnerabilities in popular applica