Endpoint Protection

 View Only

  • 1.  VMSAFE

    Posted May 15, 2009 02:11 PM

    I got pulled into a meeting with our VMWARE reps earlier today.  They where telling me about VMSafe.   What all is Symantec doing to address using these API's? From what they were describing it sounds interesting if everything works like they are saying.

     



  • 2.  RE: VMSAFE

    Posted Jun 01, 2009 02:33 AM
    We are currently investigating feasibility across both security effectiveness and run-time performance, and working closely with VMware to deliver a solution.

    More importantly though, what would YOU like to see us do with VMSafe?


  • 3.  RE: VMSAFE

    Posted Jul 15, 2009 11:17 AM
    In a perfect world I'd like to see a VMSafe appliance that protects all VMs without having to install software on each individual VM.  I don't know if that's reasonable or not, but that's how VMware has described VMSafe.  The latest SEP client is leaner than ever, but when you mulitply that by number of running on one host you definitely notice it.  Real-time protection not so bad, but you'll definitely see very busy ESX hosts when your clients start running scheduled scans.  A person could mitigate that performance hit by applying different scanning schedules to different VMs, but that's a lot of extra management especially when DRS will be moving those VMs and possibly screwing up your schedules.


  • 4.  RE: VMSAFE

    Posted Aug 03, 2009 05:53 AM
    I would expect a seamless integration into SEPM. In large environments a good management and reporting solution is a key component to survive. Symantec did a good step forward with the introduction of SEPM, it would be a shame to not use it for other AV products.


  • 5.  RE: VMSAFE

    Posted Sep 07, 2009 07:59 AM
    All,

    I would like to Install some instance of an antivirus appliance in a Vmware Datacenter to protect all the VM of the Vmware Datacenter.
    - no need to install antivirus software in each VM.
    - automatic provisionning of new Antivirus Appliance according to the load.

    It could run the way the Symantec Antivirus for NAS does.

    But, first of all, when a beta will be available for evaluation purpose by customer.
    Thanks




  • 6.  RE: VMSAFE

    Posted Jan 25, 2010 02:48 PM
    Both McAfee and Trend have Anti Virus products out now that are leveraging the VMSafe API, does Symantec have any plans to roll out a version of SEP that will work with this any time soon?  This thread was started 8 months ago and I haven't seen or heard anything from Symantec other than this and a search doesn't turn up anything either.

    As far as what I would like to see it do, the same things everyone else is doing.  A thin agent on the VM, with an appliance VM running on each host to perform AV/AS.  With it all tied up nicely in a bow on SEPM, so that management and reporting can all take place from the current console.  



  • 7.  RE: VMSAFE

    Posted Jan 25, 2010 03:55 PM
     If you read into McAfee's attempt at integration it's not a full solution at all.  In fact its nothing worth evening buying at the moment.  Scanning of offline VM's is useless IMO.  Give me a product that does ACTIVE scanning.

    Reading into Trend Micro's product, it seems to be the same, it requires an agent for active scanning in the virtual guest, it can scan off-line VM's, and has a unified console to manage the implementation.

    But at the same time, Symantec is behind the competition, even if the competition is providing a half baked solution.


  • 8.  RE: VMSAFE

    Posted Jan 25, 2010 04:10 PM
    Regarding your first two lines/paragraphs......
    I contacted a large company last summer that I knew did a lot with thin client, VMWare, etc. - and their response was - "doesn't matter, we'll always want and need the scanner and protection installed on each client, each image".
    So it seems that it's not just me - that new VM scanning might be all well and fine and good, but it's just not going to be enough, as things can still be actively infected just enough and long enough to do damage.
    So frankly, I don't care if such a product doesn't come up, although some here do believe, from all the hype they have heard from VMWare, that this will be the end-all and death for individually installed protection.
    IMO, bunk! No it won't................
    The world of risks has changed, I'll never rely fully on something like that.
    Just my opinions as an individual. Maybe Symantec already knows that it's like the emperor's new clothes - media and journal and VMWare hype, but not truly needed.......
    I could be wrong, but I get the feeling that the REAL professionals in the field, the top folks who know far more than I, see it as something the public wants because they are told it's good, while in reality, it's not needed.
    Am I wrong?


  • 9.  RE: VMSAFE

    Posted Jan 25, 2010 05:02 PM
     I'd have to say it all depends on how it is implemented by Symantec and others.  

    If VMWare really is giving full access to the Hypervisor, then in theory there is nothing taking place on any individual machine that you wouldn't be able to see.  If that is the case why would you run multiple instances of an AV/AS/Firewall product (~10x on each host running servers, possibly up to 100x on a View host) if you can run one appliance per Host to cover all of it? (Yes some are running agents on individual VM's, but I can't imagine there being as much overhead as a full AV/AS/Firewall product)  

    Again it would seem that this all comes down to how this approached by vendors and we won't know that until all the players have found their way onto the field.

    Has anyone actually tested either of the products out there to see how they work?