Kaspersky Lab Patents New Technology to Enhance Virtual Desktop Infrastructure Security
A corporate virtual environment usually consists of a dedicated virtual machine protected by a security solution and a network of virtual workstations with so-called agents. A network connection is installed between the dedicated virtual machine and the agents, to allow data exchange during on-demand scanning of files (ODS) or on-access scanning of user applications (OAS).
This approach significantly reduces the use of resources on target virtual machines while maintaining a high level of information security across the entire virtual infrastructure. However, there is a risk that ODS consumes too much server resources, which in-turn significantly hampers OAS. This can considerably reduce the execution speed for applications awaiting a verdict in real time.
The patented technology can raise the processing priority for OAS tasks, which positively affects the performance of virtual servers or virtual workstations by reducing the response time from the antivirus engine. It reserves one or more network connections between the agent and the dedicated virtual machine. While the reserved connections are not busy they can be used for both on-demand and on-access scanning. When OAS is required, the reserved connection is passed from ODS to a higher-priority OAS, significantly increasing the processing speed for priority requests.
“While developing this solution to protect Microsoft Hyper-V, Citrix XenServer and VMware vSphere virtual infrastructure environments, we focused on two key requirements: minimal impact on performance and maximum safety. The patented technology makes it possible to quickly process loads for the protection of virtual servers and workstations due to the optimal distribution of scheduled tasks, taking into consideration the entire load on the virtual infrastructure,” said Alexander Onishchenko, Product Manager at Kaspersky Lab.