Management of agentless virtual machines via security virtual appliance

What is claimed is: 1 . A computing apparatus for providing policy per virtual machine (PPVM) on a plurality of virtual machines (VMs) on a hypervisor, comprising: a security virtual appliance (SVA) comprising a policy management engine operable for: receiving a policy rule set to define a security policy for a virtual machine (VM); building a policy table comprising a security policy entry for the VM; receiving an application programming interface (API) event notification from the VM; and issuing an API instruction to the VM to enforce the security policy entry. 2 . The computing apparatus of claim 1 , wherein the policy table includes policy entries for a plurality of VMs. 3 . The computing apparatus of claim 2 , wherein at least some of the VMs are identified by a universally unique identifier (UUID). 4 . The computing apparatus of claim 3 , wherein issuing the API instruction to the VM to enforce the security policy entry comprises correlating the security policy entry to a UUID for the VM in the policy table. 5 . The computing apparatus of claim 1 , wherein issuing the API instruction to the VM to enforce the security policy entry comprises issuing a file read instruction, and comparing a result of the file read instruction to a hash or fingerprint of a known malware object. 6 . The computing apparatus of claim 1 , wherein issuing the API instruction to the VM to enforce the security policy entry comprises issuing an API instruction to quarantine or inoculate a file. 7 . The computing apparatus of claim 1 , wherein issuing the API instruction to the VM to enforce the security policy entry comprises issuing an API instruction to perform a registry read. 8 . The computing apparatus of claim 1 , wherein issuing the API instruction to the VM to enforce the security policy entry comprises issuing an API instruction to perform a registry write. 9 . The computing apparatus of claim 1 , wherein the API event is a file event. 10 . The computing apparatus of claim 9 , wherein the file event is selected from the group consisting of read, write, access, create, delete, or replace. 11 . The computing apparatus of claim 1 , wherein the policy management engine is further operable for issuing an API scan instruction. 12 . The computing apparatus of claim 11 , wherein the API scan instruction is operable for generating a file access event for some or all files of the VM. 13 . The computing apparatus of claim 1 , wherein the policy management engine is further operable for detecting that the VM has been displaced to a second hypervisor, and replicating at least part of the policy table to the second hypervisor. 14 . One or more computer-readable mediums having stored thereon software instructions for provisioning a security virtual appliance (SVA) within a hypervisor, the SVA comprising a policy management engine operable for: receiving a policy rule set to define a security policy for a virtual machine (VM); building a policy table comprising a security policy entry for the VM; receiving an application programming interface (API) event notification from the VM; and issuing an API instruction to the VM to enforce the security policy entry. 15 . The one or more computer-readable mediums of claim 14 , wherein the policy table includes policy entries for a plurality of VMs. 16 . The one or more computer-readable mediums of claim 15 , wherein at least some of the VMs are identified by a universally unique identifier (UUID). 17 . The one or more computer-readable mediums of claim 16 , wherein issuing the API instruction to the VM to enforce the security policy entry comprises correlating the security policy entry to a UUID for the VM in the policy table. 18 . The one or more computer-readable mediums of claim 14 , wherein issuing the API instruction to the VM to enforce the security policy entry comprises issuing a file read instruction, and comparing a result of the file read instruction to a hash or fingerprint of a known malware object. 19 . The one or more computer-readable mediums of claim 14 , wherein issuing the API instruction to the VM to enforce the security policy entry comprises issuing an API instruction to quarantine or inoculate a file. 20 . The one or more computer-readable mediums of claim 14 , wherein issuing the API instruction to the VM to enforce the security policy entry comprises issuing an API instruction to perform a registry read or write. 21 . The one or more computer-readable mediums of claim 14 , wherein the API event is a file event. 22 . The one or more computer-readable mediums of claim 14 , wherein the policy management engine is further operable for issuing an API scan instruction operable for generating a file access event for some or all files of the VM. 23 . The one or more computer-readable mediums of claim 14 , wherein the policy management engine is further operable for detecting that the VM has been displaced to a second hypervisor, and replicating at least part of the policy table to the second hypervisor. 24 . A management console apparatus, comprising: a security management engine operable for interfacing with one or more security virtual appliances (SVAs), the one or more SVAs configured to provide a user-configurable policy per virtual machine (PPVM) security framework to a plurality of agentless virtual machines via virtual machine (VM) application programming interface (API) instructions; and a user interface driver operable for receiving a user input to configure the configurable PPVM. 25 . The management console apparatus of claim 24 , wherein the security management engine is further operable for providing a persistent PPVM to a virtual machine upon the virtual machine moving from a first hypervisor to a second hypervisor.