Not logged in » Login
May 27 2017

Bitdefender Now Protects Hypervisors

Romanian security outfit Bitdefender has introduced a fresh piece of software that promises to protect virtualized environments against so-called root level attacks, i.e. attacks that aim to bypass conventional security mechanisms, which typically shield VMs and guest OS's, but not the hypervisor they run on.

According to Bitdefender's claims, the aptly named stealth or root level attacks have plagued data centers and CSPs for years. The developers behind these schemes usually rely on rootkits or kernel exploits to inject their malicious code into target systems and later exfiltrate data or take over the hardware along with the VMs. This has proven a very effective attack vector, since regular endpoint security tools are normally installed on top of a given OS and thus remain – in Bitdefender's words – "blind" to low-level onslaughts even as they wreak havoc on companies' infrastructures. As a result, IT departments may take weeks or even months before they figure out something dubious is going on – and by that time, a lot of the intended damage will have already been done.

To tackle this problem, Bitdefender now teamed up with Citrix and the Linux Foundation in an effort to eliminate the above-named blind spots. The result is Bitdefender Hypervisor Introspection (HVI), a tool that will supposedly bridge "the security capability gap between context-aware endpoint security solutions and context-unaware network security solutions," according to analysis provided by IDC researchers Alex Proskura and Marc Child.1 The idea was to create a tool that will render any evasion mechanisms useless and even block Zero Day attacks like the infamous WannaCry ransomware from earlier this month. To achieve this, HVI stays out of the OS domain entirely and instead inspects what goes on inside a machine's raw memory. More specifically, it scans "raw memory lines" to ensure that all processes work as intended and are not being tampered with, thus enabling admins to prevent/block root level attacks. For this purpose, HVI relies on XenServer's Direct Inspect API, which was introduced by Citrix about a year ago as a means to provide advanced malware protection. This means Bitdefender's new tool doesn't need vulnerable agents or drivers running on VMs to work properly; in fact, it's intended to operate in total, hardware-enforced isolation. The expected benefit here is that HVI will remain completely unaffected by any regular attack routines intended to shut down or compromise endpoint security on VMs, thus forcing malefactors to invest more effort, time and money than ever before and eventually making assaults too costly to launch.

Bitdefender HVI debuted at this year's Citrix Synergy conference and is available immediately. Being a virtual appliance, it requires a separate host system equipped with Intel® Sandy Bridge or later processors with Intel VT-d or VT-x extensions enabled. Supported guest OS's include Windows 7 through Windows 10, Windows Server 2008 R2 through Windows Server 2016, and 64-bit editions of CentOS 7, Debian 8, Red Hat Enterprise Linux, and Ubuntu 14.04/16.04 LTS. To learn more and order a demo, visit Bitdefender's product page.

1. Cf. IDC Perspective: Hypervisor Introspection: A Transformative Approach to Advance Attack Detection, May 2017. Available online at: http://businessresources.bitdefender.com/idc-whitepaper-hypervisor-introspection (download after registration). Retrieved 2017-05-26.

 
SHARE

Comments on this article

No comments yet.

Please Login to leave a comment.

X

Please login

Please log in with your Fujitsu Partner Account.

Login


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now