I'm especially interested in how endpoint anti-virus and Internet security tools impact virtual desktop and server systems. So I spent most of today with Kaspersky Labs at their North American Reviewers workshop here in San Francisco.
Kaspersky's Senior Anti-Virus Researcher, Roel Schouwenberg, kicked off the day talking about the current threat landscape, as seen by Kaspersky's monitoring network. His findings showed the typically scary details that keep security firms in business: more than 580 million web attacks in all of 2010 and 480 million attacks seen thus far in 2011.
While most of the workshop focused on consumer anti-virus and endpoint protection, I had a chance to sit down with Schouwenberg and Maksym Schipka, Director of European R&D, Oleg Ishanov, Deputy Director of Anti-Malware Research and other Kaspersky officials to talk about protecting virtual systems.
The conversation revolved mainly around what I would expect to see in a virtual endpoint protection product. For example, I'd look for scanning procedures that minimized the drag on the physical host. I'd want to evaluate how well the endpoint protection tools protected against malicious software while also recognizing that the virtual machine may be stored in a shutdown state for weeks or months at a time.
Kaspersky and other endpoint protection vendors either have mechanisms for dealing with the special nature of virtual machines or are considering ways to work with virtual infrastructure makers' APIs. As I continue to explore desktop and data center virtualization, I'll be writing more about how IT managers can protect these systems in the most efficient and effective manner.