Security Experts:

What Makes for a Winning AV Strategy for Your VMs? What Choices Do You Have?

Antivirus Strategies for Virtualized Environments

We know by now that virtualized data centers and cloud deployments require more than the traditional physical security measures. They require security components that have been specifically developed for virtualization. These include firewalls, intrusion detection engines, compliance enforcement mechanisms, and antivirus protections.

To protect your data center, you must run antivirus scans on your virtual machines (VMs). It’s the right thing to do. It’s more so a question of how to do this right thing the right way.

Problems of the Past

AV for Virtual MachinesThe problem with typical antivirus strategies, such as signature-based detection, which involves searching for known patterns of data within executable code, is that they can degrade system performance. For example, if a VM uses 50 percent of its processor to scan every file, you have a resource-use concern. If you have 20 VMs simultaneously running antivirus scans, that concern is going to lead to severe performance degradation.

Because some of these traditional, as in non-purpose-built, approaches to AV for the virtualized environment are so punitive on CPU and RAM for guest VMs, it leads to organizations needing to buy more VM hosting hardware to support the additional protections. But that, in effect, can begin to chip away at one of virtualization’s biggest benefits—server consolidation.

In the past, the choice for system administrators has often been to a) take a risk and not install antivirus software on VMs; or b) run it and face regular disruptions.

Well, neither of those options seems right.

Protection Shouldn’t Hinder Performance

The good news is that when it comes to antivirus protection for virtual machines, a new era is dawning.

Today, the goal is to implement an antivirus strategy that provides protection without sacrificing performance. And virtualization-specific AV solutions exist that can not only help organizations defend against the proliferation of malware and other threats, but can also help contribute to the bottom-line benefits of virtualization overall.

A virtualization-specific AV can protect guest VMs by detecting malware or viruses on VMs, quarantining the affected files or infected guest VMs themselves, and then allowing users to define a remediation plan. With the right AV, the processing is extremely efficient, making use of virtualized environment awareness and intelligence so that AV scans are applied when it makes sense and to what matters most. For the service provider industry, in particular, it can provide a quick return on investment by enabling providers to augment their menus of cloud security services.

Scanning for Success

In the virtual data center, you can optimize an antivirus application and reduce its load on a VM host resource pool, as well as identify essential characteristics for an antivirus application for VMs. You just need to consider a few things when choosing and deploying any antivirus product in your VMs.

First thing to consider is scan times. Scheduled on-demand antivirus scans (i.e., offline scans conducted on a snapshot of the VM image) influence host resource saturation. It’s okay if a small number of VMs run CPU-intensive scans. But you’ll start to run into issues when those VM numbers begin to increase. An antivirus vendor should provide flexibility and allow users to choose between automatically, manually, or randomly running scans so as to reduce the potential for VM host CPU saturation.

Read Johnnie's Other Cloud & Virtualization Security Columns Here

In this vein, an antivirus vendor should also offer real-time on-access scans whose settings can be easily adjusted. It’s important to note that not all AV solutions provide that kind of fine-tuning option. Yet with the right antivirus software for your VMs, you can prioritize your scanning processes and optimize performance by lowering memory and CPU usage and decreasing disk I/O.

And when you combine the right virtualization-specific AV with the right high-performing hypervisor-based stateful firewall, integrated intrusion detection engine, and compliance mechanism, you’ll ensure yourself the most comprehensive virtualization security solution for complete virtual network protection and maximum return on your virtualization and cloud investments.

Security Resource: Vulnerability Management Buyer's Checklist: Key Questions to Ask

view counter
Johnnie Konstantas heads Gigamon’s security solutions marketing and business development. With 20+ years in telecommunications, as well as data and cybersecurity, she has done a little bit of everything spanning engineering, product management and marketing for large firms and fledglings. Most recently, she was the VP of Marketing at Dato, a company pioneering large-scale machine learning. She was also VP Marketing at Altor Networks (acquired by Juniper), an early leader in virtualization security and at Varonis Systems. Past roles have included product management and marketing for Check Point, Neoteris, NetScreen and RedSeal Systems. Johnnie started her career at Motorola, designing and implementing large-scale cellular infrastructure. She holds a B.S. in Electrical Engineering from the University of Maryland.