McAfee Move Anti-Virus
What it does: Provides ePO managed anti-virus for virtualised environments.
What we liked: Ease of use combined with the ability to integrate a virtual environment into the overall hybrid environment for an ePO-managed, anti-malware capability that is seamless across all of the hybrid components, physical or virtual.
Anti-malware today suffers from a frustrating dichotomy. First, it is, arguably, the most mature of all of the capabilities in the security practitioner's toolkit. Certainly, McAfee is one of the grand old products of the genre. On the other hand, a huge percentage of today's threats - especially advanced persistent threats - are delivered using increasingly sophisticated malware. Throw virtualised environments into the mix and one has a witch's brew of potentially bad news.
McAfee has successfully brought together the application of a centralised policy engine - ePO - with its anti-malware capability in the physical world. There is a strong suite of enterprise-class protection for the physical data centre. Today, though most enterprises of any size are becoming virtualised, so this protection needs to reach into the virtual to be effective. Today's virtualisation extends from servers to endpoints, so the notion of pervasive anti-virus (AV) is even more important. Data and other transmittable files - especially bad files such as malware - can move extremely quickly across a virtualised network backbone, so controlling malware in a virtualised world may well be more important than it is in the physical world. Management for Optimised Virtual Environments (Move) AV addresses this challenge head-on.
Move is optimised for the virtual - and it is hypervisor agnostic. It is managed through ePO policies and it integrates cleanly with other McAfee capabilities in the physical enterprise. Nowhere is a scan storm more threatening to system performance than when it results from AV scanning across a virtual network. Move monitors all of the loads - memory, CPU, IO, disk, hypervisor and more - in the virtual environment and manages itself accordingly.
Should one be using VMware as a hypervisor, Move hooks the vShield API and works directly at the hypervisor level. Overall, this is an efficient, comprehensive approach to integrating a virtualised data centre with a physical data centre, as well as with endpoints. If one is a virtualised shop and not using McAfee as the in-house AV product, Move alone is a good enough reason to rethink the enterprise-wide AV strategy. AV is not the end of the line for Move, either. We were told that new capabilities will be added to it, fleshing out a total security environment that addresses an integrated hybrid environment, all under the control of a single ePO. Not bad for the company that started the widespread acceptance of anti-virus by giving it away.