Kaspersky Agentless Virtualization Security

Kaspersky Security for Virtualization | Agentless has been specifically designed to protect software-defined data centers built on the VMware vSphere platform, including support for vShield Endpoint and NSX technologies. Our security solution delivers advanced security capabilities with almost zero impact on platform efficiency. So you can benefit from an industry-leading anti-malware solution while retaining high consolidation ratios.

  • Specifically designed for VMware security

    • Native integration with VMware NSX

      The tight integration of Kaspersky Security for Virtualization | Agentless with the VMware vSphere and NSX platforms means infrastructure and security layers work together in close co-operation, bringing new levels of automation and protection to software-defined data centers. Anti-malware scans and signature and heuristic analyses, as well as network attack blocking functionality, are offloaded to powerful security appliances and delivered to each VM from the moment it’s powered on.

      • Anti-malware protection based on our award-winning engine is delivered instantly to every VM managed by VMware NSX, with no need to install any agent on the VM.
      • Full, Flexible Intrusion Detection and Prevention (IDS/IPS) capabilities are also delivered to every virtual host managed by the VMware NSX platform, helping protect your virtualized infrastructure from most advanced network-based threats and even zero-day vulnerabilities.
    • Automated deployment for VMware NSX

      Tight VMware NSX integration enables the fully automated deployment of security appliances (Security Virtual Machine or Network Attack Blocker). These ‘pop up’ on the hypervisor automatically, based on the security polices applied to each VM.

    • Security Policy integration

      Tight integration with VMware NSX means that each VM now receives precise security capabilities as defined by your corporate policies.

      In a dynamically changing IT landscape, it’s important to ensure your security policy is attached to a particular VM function, not to a precise location, so that individual security capabilities travel with each VM from host to host. The VMware NSX platform and its security policies allow for this functionality, consolidating all security settings (network, AV, etc.) into one policy. We further enhance the VMware NSX platform by incorporating the anti-malware and network attack blocking security policies available in our Agentless solution.

      This feature fully supports the building and scaling of perfectly balanced software-defined data centers.

    • Security Tags integration

      Kaspersky Security for Virtualization and the VMware NSX platform now exchange security tags, which can change based on specific rules (e.g., malware detected inside a VM). This constant interaction between the infrastructure and its security means the software-defined data center can react in real time to any security incident, automatically triggering the reconfiguration of the entire virtual infrastructure if necessary.

    • Support for Both NSX and vShield Endpoint

      If you’re migrating or planning to migrate from vShield Endpoint to the NSX platform, you can continue to rely on Kaspersky Security for Virtualization | Agentless. We are absolutely committed to supporting vShield technology for as long as this is required by any of our customers. So, from a security perspective, you can transition smoothly and flexibly, at your own pace, knowing that Kaspersky Lab will always support you.

    Automated Security and Monitoring

    • Full infrastructure scan

      No ‘traditional’ solution can perform an agentless anti-malware scan of a VM that’s offline. Kaspersky Security for Virtualization introduces advanced functionality that scans all VMs, whether they are on- or offline. The result is more effective on-demand scanning and better security coverage across your entire infrastructure.

    • Advanced SNMP-based monitoring

      Kaspersky Security for Virtualization can be installed with an SNMP-agent. This monitors and sends extensive information about the SVM's "Health Status" to 3rd-party SNMP monitoring tools like Zabbix and Nagios. SNMP counters include general SVM metrics (CPU, RAM, etc.), as well as specific metrics.

    • Security task orchestration according to your needs

      Routine scanning can be performed on all VMs, according to your own pre-set schedule. Kaspersky Security for Virtualization | Agentless automatically avoids the simultaneous scanning of large numbers of machines, to help ease the load on your systems.

    • Fully supports VMware vMotion

      With full support for VMware vMotion, Kaspersky Security for Virtualization | Agentless ensures that security is not interrupted when a workload is moved from one ESXi host to another. If the new host has the necessary licenses, the security will automatically transfer along with the workload – and all security settings and policies will remain just as you configured them.

    • Seamlessly integrated with VMware vCenter Server

      Kaspersky Security for Virtualization | Agentless receives information about VMs from the VMware vCenter Server – including a list of all VMs and all relevant parameters. As well as giving IT administrators a higher level of visibility, this close integration with vCenter Server ensures that protection is automatically provided whenever your IT team configures a new VM.

    • Cloud-assisted protection against the latest threats – including zero-days

      The cloud-based Kaspersky Security Network (KSN) identifies new threats and provides automatic updates to your IT systems. With an identification time that can be as quick as 0.02 seconds, KSN helps protect you against zero-day threats.

    The Right Balance of Protection and Performance

    • Award-winning anti-malware protection

      Kaspersky Security for Virtualization | Agentless allows file-scanning tasks to be offloaded from the individual VM onto a dedicated SVM (Security Virtual Machine) running our industry-leading anti-malware engine. The SVM integrates with VMware vShield Endpoint or NSX to deliver powerful protection to each VM.

    • Virtual Network Intrusion Detection and Prevention (IDS/IPS)

      Kaspersky’s Network Attack Blocker monitors network traffic for signs of activity typical of network attacks. On detecting an attack, Network Attack Blocker will block the attacking computer. Kaspersky Security for Virtualization | Agentless provides this network-level functionality together with support for VMware vCloud Networking and Security or VMware NSX.

    • Preserves the performance of virtual servers

      Kaspersky Security for Virtualization | Agentless has been designed to protect virtual servers with optimum efficiency – and no significant impact on hypervisor performance. So you can protect servers - and the confidential business data located on them – while retaining all the benefits of virtualization.

    • Reduces the load on your systems – so each host machine can achieve more

      Kaspersky Security for Virtualization | Agentless reduces the load on each virtual host – including the following resources:

      • Hypervisor I / O
      • CPU
      • Memory
      • Storage
    • Automatically tracks scanned files for greater efficiency

      Kaspersky Security for Virtualization | Agentless automatically ensures that recently scanned files are not re-scanned during routine scanning.

    • Eliminates ‘update storms’ and ‘scanning storms’

      With just one instance of the security appliance protecting the entire virtual host, Kaspersky Security for Virtualization | Agentless helps to eliminate anti-malware 'update storms' and 'scanning storms'.

    • Shared Cache

      When a file is accessed on a VM, Kaspersky Security for Virtualization | Agentless will automatically scan the file to ensure it’s safe, then store the verdict in an area of Shared Cache. When the same file is accessed on another VM on the same virtual host, the security solution will know that a further scan is unnecessary. The file will only be re-scanned if it’s been changed, or if the user runs a manual scan. This saves resources – especially in virtual desktop (VDI) environments, where many VMs use identical sets of OS and application files.

      Kaspersky’s Shared Cache technology helps enhance IT performance and reduce the load on your computing infrastructure, so you can reallocate resources to other tasks without compromizing security levels.

    Superior Reliability and Manageability

    • A single management console for virtual, physical and mobile devices

      Kaspersky Security Center, included in Kaspersky Security for Virtualization | Agentless, provides a single unified management console for controlling a wide range of Kaspersky Lab security technologies. You can manage the protection of virtual, physical and mobile devices, and enforce consistent security policies across your entire IT estate – all from one console.

    • Solution deployment with no downtime

      During deployment, there’s no need to reboot any machines or to put the host server into maintenance mode. This helps to maintain productivity for your users – vitally important for Data Centers committed to achieving ‘five nines’ (99.999%) uptime or better.

    • Greater visibility with detailed reporting

      Kaspersky Security Center makes it easy to generate detailed reports, giving administrators greater visibility of events and completed tasks. Because Kaspersky Security Center lets you manage a wide range of security applications, you can produce reports covering all the virtual, physical and mobile devices that are being protected by Kaspersky Lab security technologies.

    • A choice of licensing options – simplifies licenses and reduces cost

      Kaspersky Security for Virtualization | Agentless offers a choice of ‘per virtual machine’ or ‘per core’ licensing – so you can choose the option that’s most cost-effective for your business. For large Data Centers and IaaS (Infrastructure as a Service) providers, the number of virtual machines will regularly fluctuate – so ‘per core’ licensing can offer big benefits.

  • VMware NSX infrastructures

    • Virtualization Platforms

      • VMware vSphere 6.0 with vCenter Server 6.0
      • VMware NSX for vSphere 6.2.4 (including NSX for vShield Endpoint)
      Note: A current license for NSX for vSphere Advanced or NSX for vSphere Enterprise is required in order for the Network Threat Detection component to work

    • Windows-based guest operating systems

      • Windows 10 (32 / 64-bit)
      • Windows 8.1 (32 / 64-bit)
      • Windows 8 (32 / 64-bit)
      • Windows 7 SP1 (32 / 64-bit)
      • Windows Server 2012 R2 without ReFS (Resilient File System) support (64-bit)
      • Windows Server 2012 without ReFS (Resilient File System) support (64-bit)
      • Windows Server 2008 R2 SP1 (64-bit)
      • Windows Server 2003 R2 SP2 (32 / 64-bit)

    VMware vShield Endpoint infrastructures

    • Virtualization Platforms

      • VMware vSphere 6.0 with vCenter Server 6.0
      • VMware vShield Endpoint from VMware vCloud Networking and Security suite
      • VMware vShield Manager from VMware vCloud Networking and Security suite
    • Windows-based guest operating systems

      • Windows 10 (32 / 64-bit)
      • Windows 8.1 (32 / 64-bit)
      • Windows 8 (32 / 64-bit)
      • Windows 7 (32 / 64-bit)
      • Windows XP SP3 (32-bit)
      • Windows Server 2012 R2 without ReFS (Resilient File System) support (64-bit)
      • Windows Server 2012 without ReFS (Resilient File System) support (64-bit)
      • Windows Server 2008 R2 (64-bit)
      • Windows Server 2003 R2 (32-bit / 64-bit)
A part of

    Kaspersky Security for Virtualization

    Not sure which Security Solution is right for your business?