Bitdefender Hypervisor Introspection has been in a class of its own since the solution was launched. The gist of it is this – get ahead of the results of an attack (malware in general; ransomware being a timely example) by using APIs within hypervisors – based on CPU instructions - to gain access to raw memory events within running virtual machines and apply security logic by taking advantage of the role of hypervisors in the workload stack to stop attacks.
That opening paragraph has quite a lot going-on. Breaking-down what is needed to prevent zero-day attacks from succeeding in a security-minded virtualization stack is helpful:
Bitdefender is Contributing Hypervisor-based Memory Introspection
There are hypervisors with VMI APIs which provide access to raw memory, but that doesn’t bridge the gap between capability and ability. Bitdefender has deep expertise in this area. For example:
Organizations don’t always have R&D teams focused on tackling these types of advanced attack structures. Bitdefender is going to help move the security industry into the post-virtualization age by open-sourcing how Bitdefender has been able to implement hypervisor-based introspection.
We are contributing our technologies as a sub-project of Xen Project.
Bitdefender has contributed valuable projects over the years. One of our most recent contributions (a short while before Hypervisor-based Memory Introspection) is:
bddisasm (https://github.com/bitdefender/bddisasm)
“bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.”
Bitdefender is open sourcing technology that bridges the gap between having access to the raw memory of virtual machines running on Xen and KVM, via Virtual Machine Introspection, and making use of that access.
To get into the details of the project, go here: https://github.com/hvmi
HVMI Project Goals
Hypervisors have been around for quite some time, yet the wider security industry has not taken full advantage of the security potential of hypervisors in the modern software stack across public and private datacenters. By open sourcing how Bitdefender takes advantage of open-source VMI APIs via HVMI, we anticipate new:
How You Can Work with the HVMI Project
The HVMI project is licensed under Apache 2.0 – a permissive license. Anyone can contribute to the HVMI project, and anyone can use it. As a sub-project of Xen Project, the HVMI project is governed in the same way as Xen Project. Bitdefender experts will continue to be engaged, while we invite input from any and all individuals and organizations.
You can get involved using the following channels:
If you are new to Hypervisor-based Memory Introspection, or are looking at revolutionizing your security with GravityZone Hypervisor Introspection, have a look at:
https://www.bitdefender.com/business/enterprise-products/hypervisor-introspection.html.
tags
Shaun Donaldson is Editor-at-large at Bitdefender Enterprise. Shaun is also responsible for supporting relationships with strategic alliance partners and large enterprise customers, and analyst relations. Before joining Bitdefender, Mr. Donaldson was involved in various technology alliances, enterprise sales and marketing positions within the IT security industry, including Trend Micro, Entrust, Bell Security Solutions and Third Brigade.
View all postsDon’t miss out on exclusive content and exciting announcements!