In my last blog post, I discussed some of the benefits of agentless security for virtual and private cloud servers. Today at VMworld, Harish Agastya, Director of Data Center Security at Trend Micro, conducted a presentation on Agentless Security for VMware Environments (listed on the Trend Micro VMworld page). Trend Micro released agentless antivirus in Deep Security at last year’s VMworld and has seen impressive results over the last year. With such success, today Trend Micro announced an extension of its agentless security with new agentless file integrity monitoring (FIM) in Deep Security (press release).
In his presentation, Harish starts by discussing agentless antivirus. Trend Micro has partnered with VMware and integrated its Deep Security antivirus with VMware’s vShield Endpoint APIs. This approach uses a dedicated security virtual appliance on each host and small footprint drivers on each guest VM to coordinate staggered updates and scans. Resource-intensive operations, such as full system scans, are run from this separate scanning virtual appliance. And the virtual appliance also ensures that guest VMs have up-to-date security, including when they are reactivated or cloned.
Eliminating the agents off the guest virtual machines reduces the resource burden on the underlying host—maximizing performance and increasing VM densities. Third party test results show 3x-12x better VM consolidation ratios when using agentless antivirus when compared to traditional antivirus solutions. You can see an overview of the comparison in this solution brief or read the nitty gritty in this report by Tolly Enterprises (gated). At Trend Micro, we designed our agentless antivirus for VMware environments, which you can read more about in this white paper.
These results inspired Trend Micro to expand our agentless security options with agentless file integrity monitoring (FIM) for Deep Security. FIM provides change control that monitors critical operating system and application files (files, directories, registry keys and values, etc.), including hypervisor integrity monitoring, to detect unexpected, unauthorized, or malicious changes. This agentless deployment option for Deep Security FIM further preserves performance and also reduces administrative complexity with no agents to deploy, configure, or update.
Trend Micro now provides extensive agentless server security in Deep Security by integrating with VMware vShield Endpoint APIs to offer agent-less antimalware and agent-less file integrity monitoring, and integrating with VMware VMsafe APIs to offer other agent-less protection, including HIPs, Web application protection, application control, and firewall. Trend Micro refutes the myth that you have to sacrifice performance to achieve effective virtualization and cloud security.