Network Threat Protection
December 13, 2023
In this section, SVM refers to an SVM with the Network Threat Protection component.
An SVM with the Network Threat Protection component protects virtual machines on the VMware ESXi hypervisors. Kaspersky Security protects only virtual machines that meet all the conditions for virtual machine protection against network threats.
The Network Threat Protection component of Kaspersky Security performs the following functions:
- Intrusion Prevention. Kaspersky Security can scan the traffic of protected virtual machines to detect and block activity typical of network attacks and suspicious network activity that may be a sign of an intrusion into the protected infrastructure.
Kaspersky Security can scan traffic from IP addresses in IPv4 and IPv6 format.
- Web Addresses Scan. Kaspersky Security lets you scan web addresses that are requested by a user or application, and block access to web addresses if a threat is detected.
The settings that SVMs apply for virtual machine network threat protection are defined by using policies. Kaspersky Security starts protecting virtual machines only after you have configured network threat protection settings in the active policy.
If Kaspersky Security is installed in the infrastructure managed by VMware NSX-V Manager, the standard traffic processing mode and the monitoring mode are provided for network protection. If monitoring mode is used and Kaspersky Security detects signs of intrusions or attempts to access dangerous or undesirable web addresses, it does not take any actions to prevent the threats, but only sends information about the detected threats to Kaspersky Security Center Administration Server.
You can configure exclusions from Network Threat Protection as follows:
- Exclude from scan inbound or outbound traffic of the virtual machines that are assigned one NSX Policy which defines the network threat protection settings. You can specify which traffic to scan when configuring NSX Policy. The NSX Policy setup procedure depends on the type of VMware NSX Manager you use: VMware NSX-T Manager or VMware NSX-V Manager.
- Create network threat protection exclusion rules that Kaspersky Security can use to exclude traffic of specific IP addresses from scans or apply special actions when processing such traffic.
Information about events that occur during protection of virtual machines against network threats is transmitted to the Kaspersky Security Center Administration Server and logged in a report.
Descriptions of currently known types of network attacks, signs of intrusions, and the databases of malicious and phishing web addresses are included in the application databases and are updated during application database updates.