ITB - IT Solutions for the next generation
linkedin logo twitter logo facebook logo google+ logo

‘MOVE’ over Traditional AV – McAfee MOVE is HERE

13th November 2018
‘MOVE’ over Traditional AV – McAfee MOVE is HERE

The year is 2018. Waiting for anything is no longer an option. People want bigger, better, faster and easier to use and it’s no different in IT. This is why we love McAfee MOVE (McAfee for Optimised Virtual Environments).

Many organisations still use traditional antivirus on their server estate. Hands up if this is you?

Whilst this is perfectly ok, is it the most efficient way to go about things?

In an antivirus solution, there are two types of scans. Real-Time protection and Scheduled scans known as On Access Scan and On-Demand Scan in the McAfee world.

Any file to be analysed in Real Time is off-loaded to the SVM (security virtual machine). Most of the time, in this case, the scanned file is not huge so even if analysed locally the impact wouldn’t be major.

On-Demand Scans are different. MOVE builds up a cache of files previously analysed and classified as not malicious. Once scanning is complete and the system is confident the file is clean, subsequent VMs accessing the file won’t have to wait for a scan.

Due to numerous concurrent scans, host resources with clients running traditional antivirus are severely impacted during an ODS storm. Clients using endpoint security specifically for their servers, such as McAfee MOVE Anti-Virus perform much better. This is because caching avoids repeatedly scanning the same files across clients. This produces huge improvements over traditional antivirus during an ODS storm.

It makes for interesting reading when we look at the benefits of offload scanning vs traditional scanning in a server environment:

  • 70% less CPU usage
  • 75% less network usage
  • 75% less disk usage
ODS Storm with and without McAfee MOVE
Smaller Footprint in each Virtual Machine (VM) with McAfee MOVE

In a traditional product, the system has full AV installed on the host.

When there are shared resources, the main goal is to provide a user experience that meets or exceeds the expectations of native hardware, while reducing the amount of resource on the back end.

The hard drive space utilised by some security vendors is 500mb or more. McAfee MOVE is 14 MB.

Lack of DAT updates (or virus definition updates from any vendor) on offline virtual machines.

So what happens if a virtual machine is offline for some time I hear you say.

Well naturally, when it comes back online, the system’s security software is out of date. This will usually cause a hit on the network and the hypervisor when that system tries to download the latest virus definitions, which in some cases is over 100mb or more.

McAfee MOVE performs updates on the offload scan server SVM so that they do not negatively impact virtual machines (VMs), resulting in significant advantages over traditional antivirus. Again the figures here are impressive:

  • 87% less CPU usage
  • 93% less network usage
  • 92% less disk usage

DAT Storm with and without McAfee MOVE

The same applies to scheduled scans. When you restart a machine after some time (more than a day) powered down, depending on the policy configuration, it could kick off a daily quick scan, a startup scan and possibly a weekly full scan.

During System Boot-Up is the worst time for the device to be doing these activities as the system is busy starting up other services and apps at the same time. This can contribute to killing responsiveness.

This is a major issue with standard products within a virtual environment as all virtual machines share the same resources.

Enablement of McAfee Threat Intelligence Exchange Test with McAfee MOVE

McAfee Threat Intelligence Exchange is available for multiplatform deployment of McAfee MOVE Anti-Virus. When a McAfee Threat Intelligence Exchange server is configured with McAfee MOVE AntiVirus, fewer files are transferred to the offload scanner, resulting in significant scan avoidance.

Total Files Sent to Offload Scanner with McAfee MOVE

For a confidential chat about server specific endpoint security, or to arrange a demo of McAfee MOVE contact one of our security specialists on 01865 595510 and we’ll be happy to help.

Jose Rodriguez – Senior McAfee Technical Engneer, ITB