Bitdefender this week announced the general availability of its Hypervisor Introspection product, offering heavily-virtualized data center environments that run XenServer a new way of protecting themselves against advanced and targeted threats.
Bitdefender Hypervisor Introspection, developed in partnership with Citrix, monitors raw memory activity on the hypervisor level, exposing even the most subtle attempts by malware to alter a system's underlying memory. It's an approach that addresses a major blind spot in conventional products, according to the security vendor.
Solutions based on traditional endpoint security protections can miss root-level attacks on the same virtual machine on which they are installed, claims Bitdefender. Essentially, the software agent's security visibility extends only as far as the operating system running in each virtual machine.
Using Citrix XenServer Direct Inspect APIs (application programming interfaces), Bitdefender Hypervisor Introspection monitors a virtualized environment's memory space, triggering alarms that operating systems themselves may miss.
Harish Agastya, vice president of Enterprise Solutions at Bitdefender, said his company's solution finally addresses the gap between virtualization's purported security benefits and the reality of today's increasingly hostile cybersecurity landscape.
"While the hypervisor has enabled data centers to realize major improvements in resource utilization, business continuity and workload isolation, no security vendor has ever leveraged its true security potential. Bitdefender Hypervisor Introspection is a technological breakthrough that delivers something unparalleled for the security industry and practioners; leverage the hypervisor and get into God mode against advanced attacks," Agastya said.
The technology has already proven its worth.
Bitdefender claims that Hypervisor Introspection was able to detect the Eternal Blue zero day, part of the leaked cache of exploits and hacking tools allegedly used by the U.S. National Security Agency (NSA), which helped spawn the WannaCry ransomware outbreak. Had the exploit been circulated before March 14, the technology would have caught any attempts to attack it, the company claims.
Meanwhile, EternalBlue has opened the door to new threats.
Security researchers have uncovered a Remote Access Trojan, a cryptocurrency miner and the stealthy UIWIX ransomware, that can stage fileless infections and can terminate itself if it detects that it is running in a sandbox or virtual machine, inhibiting attempts to study it. Meanwhile, the IT industry is still assessing the extent of WannaCry's spread.
Although there were no victims within in the federal government, according to the U.S. Department of Homeland Security, some critical U.S. infrastructure was hit with the WannaCry ransomware. A number of small utilities and manufacturers where affected, fortunately not enough to undermine safety. Nonetheless, the attacks are cause for alarm, particularly for companies that rely on industrial control systems.