::: Virtual Aleph ::: Virtualization Techniques: Hypervisor based antivirus and Endpoint security

VMworld 2017 Banner

VMworld 2017 Banner
VMworld 2017 Las Vegas

13 October, 2010

Hypervisor based antivirus and Endpoint security

Session speakers Dean Coza and Marios Leventopoulus

recap of the session

vShield products
   App and Zones
   Endpoint offload antivirus protection

Let's concentarte on Endpoint.
endpoint provides interfaces from vendors and move agent antivirus insiden an appliance one per host

Nowadays issues: AV storm. 
Antiviruses are heavy resources consumers and theynare not aware of being virtualized. scheduled scan create heavy IO on storage
Memory footprint of the agents are high and in a VDI environmemt can reach 6 GB of utilization. Moving antivirus agent outside the vms is more agile and remediate the painpoints above leveraging the Hyperfisors to offload AV function.

VMSafe: is related to VShield endpoint? 
VmSafe blocks threaths before entering the virtual machines while endpoint put remediations, scans actual disks file level and it' real file level scan.

With vShield endpoint we are deploing AV security as a service.

Key benefit
   less OPEX (new machine automatically protected, always on, always update)
   Protection tamper-resistant

API main features
   on access scan
   on demand scan
   chaching and filtering

There is a componenets inside Endpoint that monitors each events generated by their subcomponents and that display info, warnings and alarms into the vCenter Server giving reccomenndations too.
We can also trigger actions on events:
   email notifications
   execute a command

There is also a summary dashboard of thenstatus of Endpoint

the future:
    offload other security agents
    additional better than physical efficiencies
    stronger protection throught CPU and Memory introspection