Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Analyst Relations

Thinking outside the (VM) box - where should virtual security features go?

Created: 15 Jul 2014
Sian John's picture
+1 1 Vote
Login to vote

An ongoing debate is about the location of antivirus - whether it should happen within a virtual machine or outside of it, in the management/hypervisor layer.
This question becomes increasingly important when considering software-defined networking (SDN) or more specifically, what happens as the creation of virtual machines becomes increasingly automated?
As use of SDN increases, so it becomes more important to ensure all security features are enabled - such as intrusion protection, firewall and behavioural monitoring - not just antivirus.
This is primarily because it may not always be obvious how and where a VM is to be used, and therefore how well protected it needs to be. However it is not so straightforward to run some features 'off-VM' - for example behavioural monitoring requires direct access to system resources.
Equally there are times when it makes more sense to run protective measures outside the VM, not least that they are more straightforwardly accessible, once installed.
Beyond these trade-offs, a fundamental question remains about overall server loading. That is, if software is installed on every VM, it will need to run multiple times. While we (and other security software vendors) have optimised our software to reduce the impact this could have, running protections in the management layer will have less of a footprint than on multiple VMs in parallel.
As a consequence, the answer lies with the management and compliance tools, which can make the right decision about what should run where, based on the above criteria and/or active policy choices. While some organisations may decide to mandate the use of such tools, others may simply choose to benefit from the increased simplicity and control they offer.
Not only can management tools offer the right flexibility, but also ensure that new VMs are configured in the correct manner to minimise potential security issue in advance - we have enabled such features in the Symantec Control Compliance Suite.
Ultimately it is not only important to deliver flexible IT - that's why SDN exists - but also to do so without compromising security. We are likely to see increasing flexibility in the future, so we should increase expectations on our management platforms to keep risks at an acceptable level without incurring an unnecessary overhead.