Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

What Makes for a Winning AV Strategy for Your VMs? What Choices Do You Have?

Antivirus Strategies for Virtualized Environments

We know by now that virtualized data centers and cloud deployments require more than the traditional physical security measures. They require security components that have been specifically developed for virtualization. These include firewalls, intrusion detection engines, compliance enforcement mechanisms, and antivirus protections.

Antivirus Strategies for Virtualized Environments

We know by now that virtualized data centers and cloud deployments require more than the traditional physical security measures. They require security components that have been specifically developed for virtualization. These include firewalls, intrusion detection engines, compliance enforcement mechanisms, and antivirus protections.

To protect your data center, you must run antivirus scans on your virtual machines (VMs). It’s the right thing to do. It’s more so a question of how to do this right thing the right way.

Problems of the Past

AV for Virtual MachinesThe problem with typical antivirus strategies, such as signature-based detection, which involves searching for known patterns of data within executable code, is that they can degrade system performance. For example, if a VM uses 50 percent of its processor to scan every file, you have a resource-use concern. If you have 20 VMs simultaneously running antivirus scans, that concern is going to lead to severe performance degradation.

Because some of these traditional, as in non-purpose-built, approaches to AV for the virtualized environment are so punitive on CPU and RAM for guest VMs, it leads to organizations needing to buy more VM hosting hardware to support the additional protections. But that, in effect, can begin to chip away at one of virtualization’s biggest benefits—server consolidation.

In the past, the choice for system administrators has often been to a) take a risk and not install antivirus software on VMs; or b) run it and face regular disruptions.

Well, neither of those options seems right.

Protection Shouldn’t Hinder Performance

Advertisement. Scroll to continue reading.

The good news is that when it comes to antivirus protection for virtual machines, a new era is dawning.

Today, the goal is to implement an antivirus strategy that provides protection without sacrificing performance. And virtualization-specific AV solutions exist that can not only help organizations defend against the proliferation of malware and other threats, but can also help contribute to the bottom-line benefits of virtualization overall.

A virtualization-specific AV can protect guest VMs by detecting malware or viruses on VMs, quarantining the affected files or infected guest VMs themselves, and then allowing users to define a remediation plan. With the right AV, the processing is extremely efficient, making use of virtualized environment awareness and intelligence so that AV scans are applied when it makes sense and to what matters most. For the service provider industry, in particular, it can provide a quick return on investment by enabling providers to augment their menus of cloud security services.

Scanning for Success

In the virtual data center, you can optimize an antivirus application and reduce its load on a VM host resource pool, as well as identify essential characteristics for an antivirus application for VMs. You just need to consider a few things when choosing and deploying any antivirus product in your VMs.

First thing to consider is scan times. Scheduled on-demand antivirus scans (i.e., offline scans conducted on a snapshot of the VM image) influence host resource saturation. It’s okay if a small number of VMs run CPU-intensive scans. But you’ll start to run into issues when those VM numbers begin to increase. An antivirus vendor should provide flexibility and allow users to choose between automatically, manually, or randomly running scans so as to reduce the potential for VM host CPU saturation.

Read Johnnie’s Other Cloud & Virtualization Security Columns Here

In this vein, an antivirus vendor should also offer real-time on-access scans whose settings can be easily adjusted. It’s important to note that not all AV solutions provide that kind of fine-tuning option. Yet with the right antivirus software for your VMs, you can prioritize your scanning processes and optimize performance by lowering memory and CPU usage and decreasing disk I/O.

And when you combine the right virtualization-specific AV with the right high-performing hypervisor-based stateful firewall, integrated intrusion detection engine, and compliance mechanism, you’ll ensure yourself the most comprehensive virtualization security solution for complete virtual network protection and maximum return on your virtualization and cloud investments.

Security Resource: Vulnerability Management Buyer’s Checklist: Key Questions to Ask

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.