Interview on VM Security: “We save our customers hard cash”

[harlan4096]

If you run hundreds of virtual machines on one server, you need to provide adequate protection. In this interview, Jan Schlemmer from G DATA explains the problems and solutions.

Interview with Jan Schlemmer, Head of Technical Account at G DATA

The IT security requirements for companies and their IT service providers are enormous. A security solution must meet these requirements and provide comprehensive protection. This is exactly what the new G DATA business solutions do. They are equipped with the new DeepRay technology, which uses machine learning and artificial intelligence to detect disguised malware. In addition to the new multi-client capability, the network solutions now include protection for virtual desktop environments (VDIs) as well - G DATA VM Security.

Jan Schlemmer, Head of Technical Account at G DATA, explains the background to and advantages of G DATA VM Security.

What are the special challenges in securing a virtual environment?

Like all antivirus solutions, the protection software within a virtual machine needs regular signature updates - in some cases multiple updates can occur within an hour. However, if a number of virtual environments are being hosted on one hypervisor, this creates an enormous network and performance load. We counter this with the Light Agent. We outsource the signature updates to our own virtual scan server appliance on the hypervisor, while continuing to provide the usual G DATA security.

How exactly does the Light Agent work?

The Light Agent is a full client component from our G DATA Endpoint solution - with the exception of the signatures. If the component performs a signature scan, the request is forwarded to the virtual scan server for the same hypervisor. The hypervisor scans the file for the most recent signatures and returns the result to the requesting virtual machine. We also use a caching mechanism to ensure that similar requests from different virtual machines on the same host can be processed efficiently and to avoid duplicate checks on the hypervisor as a whole.

Unlike some competitors, G DATA works with one agent on each client. What are the benefits of this for the customer?

That's right, some competitors work with a system that doesn’t have agents and that uses direct internal interfaces in the hypervisor to scan files inside virtual machines. However, such an approach is half-hearted, as no proactive protection mechanisms are being used within the virtual machines. From today's perspective, AV protection that lacks behaviour-based analysis of a machine is not adequate. Our Light Agent only outsources the part of our AV protection that can be outsourced efficiently. All the proactive mechanisms remain active on the various virtual machines. This enables customers to benefit from all our innovative next-generation features when deploying virtual environments - for example, AntiRansomware, Exploit Protection and USB Keyboard Guard - plus our DeepRay AI technology. This isn’t possible with a system that doesn’t have agents. Only the signature-based approach is represented there.

Continue Reading