An ever-present challenge in business virtualization is keeping setups secure from intrusion. In a conventional architecture, antivirus and anti-malware solutions are essential for safeguarding and hardening against malicious attacks. The problem is that antivirus programs can be quite resource-intensive, diverting substantial computing resources away to handle malware scans. On a physical machine, this may only use a modest percentage of total computing performance capacity. On agent-based virtual machine configurations, however, this computing resource drain is often multiplied.
It’s important to realize that there are the differences between physical and virtualized hardware. The hypervisor creates an abstraction of the links between a VM and the hardware on which it runs. While this affords a major advantage in providing for dynamic resource management, it typically alters the behavior of basic operations—such as file scans.
Another common performance drain is when multiple VMs on the same host begin anti-malware scans simultaneously. This often produces a spike in computing load and reduces performance.
These and other concerns present a significant collective challenge to conventional, agent-based anti-virus, anti-malware, and security management platforms. Many mid-size and large IT environments experience relatively low operational efficiency in their virtualized environments because they are seriously hobbled by agent-based systems. Too many agent-based AV systems that run on VM-based environments are known for hampered scalability, unnecessarily high resource consumption, and security coverage gaps.
Read 'Azure Security Center Guide' to find out more about advanced antivirus protection options available to you today.
Agentless Antivirus: How Does It Work?
Agentless antivirus/security platforms are built on an entirely different architecture that supports a very different approach to managing security for a virtualized environment. Instead of installing a copy of the security software on each VM, a separate virtual appliance is configured to be fully dedicated to the task of running security software and managing security threats.
Benefits of Agentless Security for VMs
Agentless security solutions for managing anti-malware tasks in a virtualized environment provides several key benefits:
- Centralized file scanning
- Lower operational overhead
- Native integration
- Security policy consolidation
- Exhaustive infrastructure scan
- Reduction in computing resource demands—especially in mitigating or avoiding scan storms
- Considerably easier security management
- Always-on anti-virus/anti-malware protection
Agentless antivirus security solutions centralize all operations and coordinate VM security tasks. It’s unlikely—even in large environments—that multiple security program instances will attempt to perform full disk scans simultaneously. Also, management resources are much simpler. Yet they exhibit much higher performance, since it’s unnecessary to individually or manually update the security software of each VM. With an agentless solution, you can centralize and automate such tasks.
Agentless security solutions monitor the entire VM environment, around-the-clock. Even for VMs that are offline. Always-on security is especially important during add-on activities—when you add new VMs to a host. Each new VM will get immediate coverage from the centralized security appliance, which essentially eliminates any security gaps.
In many ways, deployment of agentless antivirus/anti-malware on virtualized environments helps to significantly reduce costs, while increasing performance and improving security for all VMs—on all hosts. This is why top-tier cloud computing service providers all employ agentless security solutions for their virtualized environments.
Let’s have a closer look at the major benefits of agentless solutions.
Offload File Scanning to a Central Appliance
Agentless solutions offload the file-scan tasks from individual VMs over to a dedicated security appliance that runs the anti-malware engine. This results in a major performance improvement because it moves essential yet resource-intensive security functions to the central security appliance—eliminating the security-agent footprint and processing on each virtual machine.
Lower Operational Overhead
In conventional agent-based systems, administrators are often too busy provisioning security agents for new VMs—and too much time is spent reconfiguring many agents as VMs relocate or change state. Frequent pattern update rollouts are another burden. In many organizations, this is all excessively time-consuming but still permits too many security gaps. An agentless solution provides robust security that is much easier to manage—without the hassle of deploying and managing security agents.
Well-built agentless solutions offer tight integration of agentless antivirus with VM management software, which means infrastructure and security layers work together in close co-operation. This results in a high degree of automation and better protection for data centers. Anti-malware scans, signature/heuristic analyses, and attack-blocking functionality are centralized in powerful security appliances that deliver immediate security to each VM—from the moment it powers on.
Security Policy Consolidation
In a dynamic IT landscape, it’s much more important to attach your security policy to a particular VM function—not to a particular location. This ensures that individual security capabilities will transit along with each VM as it moves from one host to another.
With an agentless framework, you can consolidate all security settings—attack-blocking, network, anti-virus, anti-malware—into a single, cohesive policy.
To learn more about major security policy considerations for the upcoming year, check out our recent post on the top cyber security trends of 2018.
Exhaustive Infrastructure Scan
It’s not possible for a conventional solution to perform a security scan on a VM that’s offline. Some agentless solutions include advanced functionality that scans all VMs—even if they are offline. The result? More effective on-demand scanning and more exhaustive security coverage for your entire infrastructure.