{"id":14948,"date":"2014-04-22T15:03:52","date_gmt":"2014-04-22T15:03:52","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=1722"},"modified":"2020-02-26T18:41:34","modified_gmt":"2020-02-26T16:41:34","slug":"virtualization-security-what-is-light-agent","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/virtualization-security-what-is-light-agent\/14948\/","title":{"rendered":"Virtualization security: What is ‘Light Agent’?"},"content":{"rendered":"

As our readers most likely remember, Kaspersky Lab released a new security solution for virtual environments<\/a> earlier this month \u2013 Kaspersky Security for Virtualization | Light Agent<\/a>. A \u2018Light Agent\u2019? What\u2019s this? Some explanation is necessary.<\/p>\n

This blogpost may seem a bit technical\u2026 But as a \u2018tech-half-savvy\u2019 blogger (which I am) it\u2019s the best approach to a straightforward explanation that I can put out on this topic. So let\u2019s look at Light Agent.<\/p>\n

The first thing that needs mentioning is that virtual PCs require protection just like physical ones. Usually (and hopefully) there is some security solution software installed on physical PCs \u2013 an \u2018agent\u2019.<\/p>\n

The agent-based approach is good for protecting physical machines, but does have some dreary setbacks if there are a large number of VMs on a single server. A machine may be virtual, but a security solution would act the same way, as if it is protecting a physical PC. It will scan all the files on the drive of its host VM; it will download its updates.<\/p>\n

Actually, all \u2018agents\u2019 in your virtual infrastructure will do this, probably even at the same time. That\u2019s what they call an \u2018update storm\u2019 (or \u2018scanning storm\u2019, appropriately). It isn\u2019t too hard to imagine how these \u2018storms\u2019 affect a physical server\u2019s performance. Actually, the goal of virtualization appears to be defeated here.<\/p>

Virtual machines require protection as if they were physical machines. But the approach must be a bit different.<\/p>Tweet<\/a><\/blockquote>\n

The agentless<\/a> approach is different. As it\u2019s clear from the name, it does not require installing an agent on every VM, only a single installation of a dedicated virtual appliance on a physical server is needed in order to protect all of the VMs located there.<\/p>\n

This removes any problems with the duplication of antivirus software and signature databases. All updates are performed once per physical server, newly configured virtual machines and dormant virtual machines that are activated are protected automatically. So the load on virtual machines\u2019 processors, I\/O, memory and storage is reduced substantially, compared to the agent-based protection. And certainly there are no update\/scanning storms: the sea is quiet.<\/p>\n

But there is a small setback\u2026 the agentless approach had been developed specifically for VMware\u2019s virtualization technology. The design requirements of other platforms \u2013 Microsoft Hyper-V and Citrix XenServer \u2013 have made it necessary to develop a new approach for protecting virtual machines. It\u2019s now known as Light Agent.<\/p>\n

\"800\"<\/a><\/p>\n

Well, Light Agent it is what it is called: a small software agent for a dedicated virtual appliance installed on a virtual host (i.e. a physical server). It protects VMs just the same as a \u2018real\u2019 agent would do, but it also has the advantages of an agentless approach. It is light on resources, there is no significant impact on hypervisor performance. There is also no need to duplicate signature databases for every agent, and, just like with an agentless approach, there are no \u2018update storms\u2019 either.<\/p>\n

\u2018Scanning Storms\u2019 are prevented by Kaspersky\u2019s Shared Cache feature, which effectively shares the results of file scans amongst all of the VMs.<\/p>\n

Whenever a file is accessed on a virtual machine, Light Agent will scan it to ensure it\u2019s safe, then store its \u2018not guilty\u2019 verdict in a shared cache.<\/p>

Both Agentless and Light-Agent protection avoid \u2018updates\u2019 and \u2018scanning storms<\/p>Tweet<\/a><\/blockquote>\n

If the same file is then accessed on another virtual machine on the same virtual host \u2013 Light Agent automatically knows it\u2019s not necessary to perform the scan again, unless it\u2019s changed or the user requests a scan manually.<\/p>\n

Because virtual desktop environments include large numbers of similar virtual machines \u2013 with many sets of identical files \u2013 Shared Cache can significantly reduce the load on your virtual desktop infrastructure.<\/p>\n

\u2018Light\u2019, however, doesn\u2019t mean \u2018reduced\u2019 when it comes to protection capabilities: Kaspersky Security for Virtualization | Light Agent offers the \u2018big\u2019 security features, such as application controls, web usage policy, device controls, Host-based Intrusion Prevention Systems and Firewall functionality, too.<\/p>\n

Light Agent also includes all of the security features found in Kaspersky Lab\u2019s agentless solution, including heuristic file analysis and cloud-assisted intelligence via the Kaspersky Security Network.<\/p>\n

For more technical details please visit here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

The virtual environment requires the same protection as physical PCs, but the approach should be different. Full blown security solutions on every virtual machine? The strain for a physical server would be too great. But here comes ‘Light-Agent’…<\/p>\n","protected":false},"author":209,"featured_media":16202,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3021],"tags":[783,251,2088,2089],"class_list":{"0":"post-14948","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-business-security","10":"tag-corporate-security","11":"tag-light-agent","12":"tag-virtualization-security"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/virtualization-security-what-is-light-agent\/14948\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/virtualization-security-what-is-light-agent\/14948\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/virtualization-security-what-is-light-agent\/14948\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/business-security\/","name":"business security"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/14948","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=14948"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/14948\/revisions"}],"predecessor-version":[{"id":26132,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/14948\/revisions\/26132"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/16202"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=14948"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=14948"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=14948"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}