Agentless Security for Virtualization: in the Cloud?
Many organizations installed agent-based physical endpoint security on each VM. But replicating the full solution on each VM saps host resources and degrades performance. An alternative is to integrate security with the virtualization platform.
Well, it depends. Let me step back and briefly explain agentless security to ground the conversation.
In virtual environments, many organizations have installed traditional agent-based physical endpoint security on each virtual machine (VM). But replicating the full solution on each VM saps host resources and degrades performance. An alternative is to integrate security with the virtualization platform. Providing a dedicated security virtual appliance on each host can use the virtualization platform APIs and hypervisor introspection to communicate with each guest VM without requiring in-guest agents for protection. The virtual appliance ensures guest VMs have up-to-date security without the resource impact of agents on each VM. The appliance also serializes security scans and updates to preserve performance.
Agentless security for virtualization was first made available for antivirus through VMware vShield Endpoint integration with security partner solutions. And more and more security vendors are now offering agentless AV. But the agentless approach can apply to broader file-based security, including integrity monitoring for files and the hypervisor, as well as network-based security such as intrusion prevention and firewall.
With VMware integration, the agentless security approach certainly applies to virtual data centers. But can it be deployed in the cloud, for example, in a vCloud environment? If you have hypervisor control of the underlying VMware platform for your cloud, then yes. For example, for a private cloud deployed in your data center, you will control the underlying infrastructure and can deploy agentless security and reap the security and performance benefits.
Public clouds are a different story. In most cases, the service provider will control the underlying infrastructure and you will not have dedicated host resources for your cloud deployment. In this case, you’ll want agent-based security that protects your individual virtual machines in this multi-tenant environment. However, the service provider can offer agentless security as an add-on option to its service, allowing you to manage the agentless security for just your virtual machines.
Ideally a virtualization and cloud security solution will offer both agentless and agent-based deployment options. As companies move forward with cloud computing, more will deploy hybrid clouds that include both private and public cloud components. And a security solution should have the flexibility to deploy security as agentless in private clouds and agent-based in public clouds—with unified management that coordinates security policies across both environments. Regardless of where you are with your cloud deployments, you want security that can easily adapt as your cloud computing needs evolve and change.
At this year’s VMworld, Trend Micro announced new cloud features in its Deep Security solution. Trend Micro Deep Security is a server security platform that protects physical, virtual, and cloud servers as well as virtual desktops with both agentless and agent-based options. And now includes further cloud support with multi-tenancy features for service providers or inter-department control in private clouds as well as integration with vCloud and Amazon EC2 instances. For more details on the latest Deep Security version, read more in this press release.
Trend Micro also announced our new Trend Ready program. This global testing program uses a “Trend Ready” logo to indicate interoperability of cloud service providers with Trend Micro cloud security solutions. When the logo is displayed, you know that your Trend Micro cloud security (Deep Security and/or SecureCloud) will operate effectively to protect IT assets in that private, public, or hybrid cloud environment. Learn more about our Trend Ready program
Visit us at VMworld in booth #1123 (and if you can make it, check out our streaming live video at the show) and see these products and the Trend Ready program in action. If you want more general information on how to secure your journey to the cloud, visit www.trendmicro.com/cloud.