Security in virtual environments is still the open task, but nevertheless any enterprise that adopted virtualization applies some security approach at the moment. Let's consider the most popular ones and analyze them.
Simple installation on Each Virtual Machine
The simplest to deploy approach is the installation of a classic antivirus system on each virtual machine in the network.
The advantage of this scheme is that it doesn't need any policy update and emulates the work in classical network with physical machines.
The shortcomings are:
- Costly licensing
- Inefficient IT resource usage
- AV storms
- 9 AM problem
- Complicated security management.
Hypervisor Management of the Agents Installed on Each Virtual Machine
There are several end-point protection systems that have been modified to meet virtual environment needs. Such systems install an agent on each virtual machine and manage such tasks as scanning, updates, etc. via management console on the hypervisor.
Such solutions avoid 9 AM problem, AV storm, but still have some shortcomings:
- Agent on virtual machine is the object to protect from 0-day attacks
- Virtual machine’s resource are used for scanning
- Only on-line virtual machines can be scanned
- Limited system scalability.
Almost-agentless Solution Like vShield
vShiled form VMware is the platform for the solutions where antivirus system does not have agents on virtual machines - it uses agents of virtualization platform itself.
So this is the modified previous case, but with the agents, which antivirus system cannot protect. Actually they are really vulnerable.
Security Virtual Machine
Also vShield implements the scheme when each antivirus check results in several virtual machine traversal calls via hypervisor.
Thus, this approach uses several times more resources than in typical physical PC scenario.