Network Threat Protection

In this section, SVM refers to an SVM with the Network Threat Protection component installed.

An SVM with the File Threat Protection component installed protects virtual machines on the VMware ESXi hypervisor. The settings that SVMs apply for virtual machine network threat protection are defined by using policies. Kaspersky Security starts protecting virtual machines only after you have configured network threat protection settings in the active policy.

Kaspersky Security protects only virtual machines that meet all the conditions for virtual machine protection against network threats.

The Network Threat Protection component of Kaspersky Security performs the following functions:

• Intrusion Prevention. Kaspersky Security can scan the traffic of protected virtual machines to detect and block activity typical of network attacks and suspicious network activity that may be a sign of an intrusion into the protected infrastructure.

  Kaspersky Security can scan traffic from IP addresses in IPv4 and IPv6 format.

• Web Addresses Scan. Kaspersky Security lets you scan web addresses that are requested by a user or application, and block access to web addresses if a threat is detected.

The Network Threat Protection component settings depend on the traffic processing mode selected during registration of the network protection service:

• If you selected Standard mode, when Kaspersky Security detects signs of intrusions or attempts to access dangerous or undesirable web addresses, it performs the action that is specified in policy settings and relays information about events to the Kaspersky Security Center Administration Server.
• If you selected Monitoring mode and signs of intrusions or attempts to access dangerous or undesirable web addresses are detected, Kaspersky Security does not take any actions to prevent the threats but only relays information about the events to the Kaspersky Security Center Administration Server.

You can select the traffic processing mode only when registering the network protection service (Kaspersky Network Protection).

You can configure exclusions from Network Threat Protection as follows:

• Exclude from scanning inbound or outbound traffic of all virtual machines that have been assigned an NSX Security Policy. You can specify which traffic should be scanned in the NSX Security Policy in which the use of the network protection service (Kaspersky Network Protection) is configured. An NSX Security Policy configuration is performed in the VMware vSphere Web Client console.
• Create network threat protection exclusion rules that Kaspersky Security can use to exclude traffic of specific IP addresses from scans or apply special actions when processing such traffic.

Information about events that occur during protection of virtual machines against network threats is transmitted to the Kaspersky Security Center Administration Server and logged in a report.

Descriptions of currently known types of network attacks, signs of intrusions, and the databases of malicious and phishing web addresses are included in the application databases and are updated during application database updates.

In this Help section Conditions for protection of virtual machines against network threats Intrusion Prevention Web Addresses Scan Configuring exclusions from Network Threat Protection

Page top