Interview on VM Security: “We save our customers hard cash”

06/03/2019
G DATA Blog

If you run hundreds of virtual machines on one server, you need to provide adequate protection. In this interview, Jan Schlemmer from G DATA explains the problems and solutions.

Interview with Jan Schlemmer, Head of Technical Account at G DATA

The IT security requirements for companies and their IT service providers are enormous. A security solution must meet these requirements and provide comprehensive protection. This is exactly what the new G DATA business solutions do. They are equipped with the new DeepRay technology, which uses machine learning and artificial intelligence to detect disguised malware. In addition to the new multi-client capability, the network solutions now include protection for virtual desktop environments (VDIs) as well - G DATA VM Security.

Jan Schlemmer, Head of Technical Account at G DATA, explains the background to and advantages of G DATA VM Security.

What are the special challenges in securing a virtual environment?

Like all antivirus solutions, the protection software within a virtual machine needs regular signature updates - in some cases multiple updates can occur within an hour. However, if a number of virtual environments are being hosted on one hypervisor, this creates an enormous network and performance load. We counter this with the Light Agent. We outsource the signature updates to our own virtual scan server appliance on the hypervisor, while continuing to provide the usual G DATA security.

How exactly does the Light Agent work?

The Light Agent is a full client component from our G DATA Endpoint solution - with the exception of the signatures. If the component performs a signature scan, the request is forwarded to the virtual scan server for the same hypervisor. The hypervisor scans the file for the most recent signatures and returns the result to the requesting virtual machine. We also use a caching mechanism to ensure that similar requests from different virtual machines on the same host can be processed efficiently and to avoid duplicate checks on the hypervisor as a whole.

Unlike some competitors, G DATA works with one agent on each client. What are the benefits of this for the customer?

That's right, some competitors work with a system that doesn’t have agents and that uses direct internal interfaces in the hypervisor to scan files inside virtual machines. However, such an approach is half-hearted, as no proactive protection mechanisms are being used within the virtual machines. From today's perspective, AV protection that lacks behaviour-based analysis of a machine is not adequate. Our Light Agent only outsources the part of our AV protection that can be outsourced efficiently. All the proactive mechanisms remain active on the various virtual machines. This enables customers to benefit from all our innovative next-generation features when deploying virtual environments - for example, AntiRansomware, Exploit Protection and USB Keyboard Guard - plus our DeepRay AI technology. This isn’t possible with a system that doesn’t have agents. Only the signature-based approach is represented there.

Jan Schlemmer

From today's perspective, AV protection that lacks behaviour-based analysis of a machine is not adequate. Our Light Agent only outsources the part of our AV protection that can be outsourced efficiently. All the proactive mechanisms remain active on the various virtual machines. This enables customers to benefit from all our innovative next-generation features when deploying virtual environments - for example, AntiRansomware, Exploit Protection and USB Keyboard Guard - plus our DeepRay AI technology. This isn’t possible with a system that doesn’t have agents. Only the signature-based approach is represented there.

Jan Schlemmer

Head of Technical Account at G DATA,

What infrastructure is required to use VM Security?

The G DATA business solution requires a separate scan server for each hypervisor. This ensures that the scan requests do not have to be routed via a network connection, thus ensuring high performance. In addition, we avoid unnecessary utilisation of the company network.

How is it installed? What do customers need to do?

It’s extremely simple. We deliver the scan server as a preconfigured template based on CentOS 7. Customers need to import this template into their respective hypervisor and can then assign the correct scan server to the virtual machines in G DATA Administrator. That’s all you need to do.

On which platforms can the scan appliance be imported or operated?

Our scan appliance is initially compatible with Microsoft HyperV and VMWare ESXi. There may be more platforms in the future, but we think we are already covering the most important fields in the market.

For which companies is the Light Agent of particular interest?

Any company that relies on large-scale virtual desktop environments. This is the case where new workstations are frequently needed at short notice. The actual work is then carried out on a central server. Call centres, banks and hospitals are already using such systems on a regular basis, but the concept is also being used increasingly in other industries.

Hauke Gierow
Teamlead PR & Public Affairs