To MOVE…or not to MOVE

By on Feb 02, 2016

This blog post was written by Teresa Wingfield.

In today’s business landscape, virtualization is a flexible, affordable and capable solution worth adopting. However, for IT departments, this can be a strain. Support for more end users, more workloads and more security standards and requirements can test even the most organized teams. Exacerbating this is a common problem: security tools built for physical environments don’t work well in virtual environments.

Traditional AV for physical environments can drain resources in a virtual environment. For example, traditional antivirus deployments — such as for servers, desktops and laptops — would run antivirus solutions locally, leveraging built-in processing power for intensive scans.

Running local scans in an enterprise virtual environment is problematic. It could consume more processing resources and hypervisor memory than feasible, and kill virtualization performance  in a “scan storm”, causing some administrators to turn antivirus scanning off. This is a dangerous gamble for any organization concerned with security and compliance.


What’s needed is a security solution built for virtual environments.

This is why we made McAfee® Management for Optimized Virtual Environments AntiVirus (McAfee MOVE AntiVirus). It brings optimized, advanced malware protection to your virtual infrastructure without draining hypervisor resources. McAfee MOVE AntiVirus offloads scanning, configuration and .DAT update operations from guest images to a hardened virtual appliance and/or an offload scan server. This means that any virtual machine (VM) can access files scanned and approved by our global cache without needing additional scans. You can also exclude scans on files signed by trusted certificates. These combined elements help to preserve the resources and memory needed to keep end-users in a virtual environment happy.

We like happy.

Let’s take a look at how McAfee MOVE AntiVirus works in a few additional ways. First, it leverages a scan server to reduce the memory allocation needed for every virtual machine to less than 10 megabytes per VM. This action equals more happy. Combined with intelligent AV scanning and scheduling, the chance of scan storms interfering with the hypervisor and day-to-day operations is reduced greatly. The end result: host RAM requirements are less taxed and more resources are available for general compute while keeping your virtual environment, and end users happy.

Like I said: we like happy.

But scans aren’t the only issue when it comes to security for virtual environments. Making sure that every VM is working off of the latest application version is critical. This is why, second, McAfee MOVE AntiVirus stores .DAT updates on a security virtual appliance (SVA), not on VMs. This centralized approach ensures that the .DAT file used by your VMs is always the same version because your IT team both owns and manages the SVA where the .DAT file is stored.

Speaking of management, McAfee MOVE AntiVirus is, third, simple to use. It leverages the same McAfee ePolicy Orchestrator® (McAfee ePO®) security management console administrators already know and trust. Administrators can monitor and create reports on security for specific assets, regardless of whether those assets are physical or virtual, under one policy and console system.

McAfee MOVE AntiVirus also supports agentless deployment for VMware environments through VMware vShield and VMware NSX. These use the hypervisor as a high-speed connection that allows your McAfee MOVE AntiVirus SVA to scan VMs from outside the guest image. Simply put: your VMs can move from host to host and remain seamlessly protected without any impact on scans or user experience. In fact, you can monitor SVA status within vCenter or NSX Manager, and receive alerts if the SVA loses connectivity. Combined with McAfee ePO®, you can receive event data detailing the when and the where in the event of an infection.

There you have it. McAfee MOVE AntiVirus provides you with the security you need for the virtual environment you have. It reduces memory usage, preserves resources and keeps you as (if not more) secure and compliant as your traditional antivirus solution. Best of all: it’s as flexible as your virtual platform because it’s built for your virtual platform. Let’s get a move on McAfee MOVE AntiVirus.


About the Author

McAfee Enterprise

McAfee offers industry-leading cybersecurity solutions for all business and enterprise needs. See our blog to stay up-to-date with the latest security trends

Read more posts from McAfee Enterprise

Subscribe to McAfee Securing Tomorrow Blogs