Bitdefender Hypervisor Introspection Fights Advanced Persistent Threats in Datacenters

Liviu Arsene

January 26, 2017

Bitdefender Hypervisor Introspection Fights Advanced Persistent Threats in Datacenters

From 1960s mainframes to today’s datacenters, computing has changed drastically, in both hardware and software. Today’s converged infrastructures bring together hardware and software to redefine how we operated, helping businesses to cut costs while maintaining availability and performance.

The benefits of digitalization and hybrid cloud infrastructures are felt across all industries. But security – or securing the data in the cloud – has never been more problematic. Today’s threats are both persistent and stealthy, potentially harming an organization beyond recovery. With software-defined datacenters and virtualization playing a major role in the way businesses operate, threats have adapted to specifically target and affect even these new environments. Fortunately, there’s now a security solution that can protect datacenters from the hypervisor layer.

Today’s Security Concerns with Virtualization

Traditional security mechanisms and technologies are not only incompatible with virtual environments; they’re also ill-equipped to fight advanced persistent threats (APTs). While some argue VM isolation is a great premise for enforcing security, as VMs can easily be replaced by spawning new ones to take over the workload, it does not solve the problem of data exfiltration. If an advanced threat compromises a guest operating system, it can then quietly remain undetected and alter the data or processes the VM manages.

While installing a security solution could address malware and advanced threats, only a handful of security vendors have designed, from the ground up, security software specifically for virtual environments, by not affecting performance or taxing resources. Plus, there was also the issue that some advanced targeted attacks can compromise the guest OS and completely take over the VM without triggering any alert from traditional security solutions. With persistency as their main goal, some threats are estimated to have been inside organizations for months before being revealed.

Leveraging the Hypervisor in the Security Stack

Because the hypervisor is one of today’s critical components for datacenters – whether converged (CI) or hyperconverged (HCI) – researchers have speculated that it could be leveraged by security technologies to ensure guest OS integrity from outside the VM, without having any agent reporting from within the VM. While theorized in research paper, this level of access and bare-metal integration was deemed impossible to achieve, even though it had tremendous security applications.

However, Bitdefender’s research and development teams have managed to implement the first-ever technology that leverages hypervisor introspection, to secure guest operating systems, and successfully secure datacenter virtual environments with a truly agentless security solution. Because HVI leverages XenServer Direct Inspect APIs to run introspection of the raw memory of virtual machines, it has zero guest or drivers in the protected VMs while ensuring full compatibility with any existing security solution.

Live memory introspection though the hypervisor allows HVI to eliminate kernel-based malware or zero-days by real-time scanning of memory on Windows and Linux virtual machines, while remaining completely outside the operating system.

Bitdefender HVI completes existing business security tools without impacting consolidation ratios or affecting performance or user activity.

Datacenter Security from the Hypervisor Layer

Today’s converged and hyperconverged infrastructures are about more than just a high level of performance, high availability and manageability. Security plays a critical role in any datacenter, regardless of its level of abstraction. Security from the hypervisor layer offers unprecedented visibility into how guest operating systems and VMs operate. By focusing on the methods employed by advanced targeted threats rather than actual payloads, HVI can detect APIs and prevent them from compromising endpoints, heading off the costly financial fallout of data breaches.

Contact an expert

tags


Author


Liviu Arsene

Liviu Arsene is a Global Cybersecurity Researcher for Bitdefender, with a strong background in security and technology. Researching global trends and developments in cybersecurity, he focuses on advanced persistent threats and security incidents while assessing their impact in critical public and private business infrastructures. His passions revolve around innovative technologies and gadgets, focusing on their security applications and long-term strategic impact.

View all posts

You might also like

Bookmarks


loader