The release of vSphere 4.0 introduced something really revolutionary to the virtual world, VMsafe. The article published here dates all the way back to 2008. In addition, VMwold 2010 did some name changing and introduced vShield Edge. We're mid-way through 2011, so it's taken a bit over 3 years for a vendor to actually bring a completely baked product to market.
VMsafe isn't an actual product within vSphere itself but is a set of APIs that allows a 3rd party security vendor to do anti-virus scanning without the need to use agents on the VMs. This is HUGE! Have you ever stepped back to wonder how many CPU (and human) cycles are wasted on anti-virus scanning, deployment, and updates? Every server gets the updates, every server has to do scheduled scans, and there is an administrator out there that has to manage all of that. This is the one piece of software that needs to be re-engineered for a virtualized environment. This key piece of security software has been done the same way for physical environments, and everyone knows that virtualization changed everything.
This past week, Trend Micro released a new version of Deep Security 7.5 that now offers complete agent-less anti-virus and malware scanning. Trend 
Micro uses a new virtual appliance that is deployed into your environment that uses vShield Endpoint. It allows Trend Micro to do packet inspection in the hypervisor. Now agents aren't needed on the VMs. The scanning is all done on the appliance through the EPSEC Introspection API and serves as a point of management. This virtual appliance by Trend Micro needs to be deployed on every host to keep all of your VMs protected. The appliances all talk to each other and vCenter to simplify management. The appliance has access to all file IO read/writes within a guest VM that allows it to do it's scanning. Doing this allows fewer resources to be used in many area of your virtual environment. CPU cycles aren't being taxed, RAM consumption is lower, and SAN IOPS are being saved as well. In addition it helps an administrator by consolidating management into a single pane of glass, as well as simplifying deployment.
The Deep Security suite offers more than AV scanning, but it can also do firewall rules which I find very useful and curious as to how that may work either in conjunction or in direct competition to vShield Zones. There is also individual VM logging inspection and would be great for companies that have different products spread out all over the place. Trend Micro has really stepped up to the plate and hit a homerun with this product in my opinion. I can't wait to see how the rest of the industry evolves.
Watch the video below to learn more