Kaspersky Security for Virtualization
When a company has been in a particular marketspace as long as Kaspersky, one expects a certain level of competence. If we're talking about Kaspersky, you won't be disappointed. The company has built itself up from a purveyor of anti-virus software to a full-blown security management company and now has moved into the virtual environment with this offering. Right from the first, we were impressed.
Kaspersky Security for Virtualization (KSV) is one of those tool sets that goes out of its way to make administrators feel comfortable. The architecture, look and feel and functionality are typical Kaspersky, and the product suite behaves exactly as one would expect. A big piece of that is the seamless stitching together of the Security Center, the centralized management platform. Everything just fits: physical devices, mobile devices and virtual data centers. The system can use both agentless and light agent technology.
In the agentless deployment - on VMware - the system takes advantage of vShield. Connecting through vCenter, the Kaspersky Security Center communicates with the Virtual Appliance File Anti-Virus Component. This connects to the vShield endpoint ESX module and back to vCenter. The VM Tools and the vShield API do the connection duties on the virtual machines.
Deployment in this mode is very quick: the AV engine updates automatically and new virtual machines are protected immediately. The down side, of course, is that there is no access to VM internals, such as RAM. This is a limitation of VMware, however. This also allows the use of the network security appliance in conjunction with the VMware virtual distributed switch to act as an attack blocker.
One can see the real power of this system, however, when using the light agent. The agent is placed on each virtual machine and, in this case, it makes no difference which hypervisor is in use. In addition to having access to VM internals, such as RAM, this deployment enables several other security services - such as web control, application startup control, application privilege control, device ID control, firewall, network attack blocker and vulnerability monitoring. In this deployment the KSV is a powerful generalized security platform that covers the entire hardware and software data center as well as mobile devices. If one is using virtual desktop infrastructure (VDI), this is the best approach.
One of the things about Kaspersky that we have always liked is the flexible way it prices its products, and this is no exception. The company offers two pricing models: hardware and software. The hardware model is based on cores. There is one license required for each core in the data center. Users can have an unlimited number of virtual machines. The software model is based on the number of virtual machines. This, in our view, usually is impractical unless one has a stable deployment, which more virtual environments do not have.
The management console is extremely straightforward. If a user has managed VMware or used Kaspersky enterprise grade products, they will feel right at home. The left-hand pane is the typical tree with computers, reports, repositories, user management and the rest of the usual items. The tabbed right-hand pane contains the details and the drill-downs. Deployment is entirely wizard-driven. For an agentless deployment, there is no Kaspersky code in any virtual machine.
A light agent deployment is redundant and hypervisor agnostic. Again, deployment is wizard-driven and communication between the light agent and the management console is TCP/IP. As we expected, the large signature database for scanning for known malware resides in the security virtual appliance, not the agent. It updates regularly and the deployment is selected when users set up the parameters within the wizard. Those parameters can include any or all of the security services the light agent offers.
We got a bit of a chuckle when we were told that the deployment can be told to remove any competing product currently installed. That is, really, not as silly as it sounds on the surface. There is a significant likelihood of conflicts if all vestages of a pre-existing product are not removed prior to KSV deployment.
We were impressed as well with the wide variety of dashboards and reports available. With this tool there is no excuse for not being aware of the security behavior of your software data center or, for that matter, one's entire enterprise.
Part of the reason we liked this is simply because we like Kaspersky products. They work, they are easy to deploy and they are comprehensive. The rest of the reason, though, is that this particular product is very well thought out and it maintains a consistent look, feel and performance across software and hardware data centers, as well as endpoints, including mobile devices.
At a glance
Product Security for Virtualization
Company Kaspersky Lab
Price Depends on configuration.
What it does A suite of protection functions for VMware, Citrix and Microsoft virtualized environments.
What we liked Excellent coverage, centralized management and both light agent and agentless deployment.