Bitdefender was the first to develop Hypervisor Introspection (HVI). A groundbreaking security approach, HVI introspects the memory of running virtual machines using Virtual Machine Introspection APIs in Xen and KVM hypervisors. By applying security logic, HVI searches for attack techniques, such as buffer overflows, heap spray and code injection, to detect and block malicious activity before an attacker gains a foothold on targeted systems. In leveraging the hypervisor, the technology needs no software within protected virtual machines, allowing complete insight without sacrificing isolation.
Receive alerts the instant a zero day or exploit targets your infrastructure. Bitdefender Hypervisor Introspection detects breach attempts early and stops the attack chain before sensitive data is exposed, protecting your business from damage to finances or reputation.
By focusing on techniques rather than the payloads, hypervisor memory introspection stays ahead of attacks that are not visible from the operating system, and provides detailed reporting of the attack chain in Bitdefender’s GravityZone console.
A truly agentless solution, Bitdefender Hypervisor Introspection has zero footprint inside your workloads, ensuring immunity to attacks as well as high consolidation ratios and application performance.
In-guest security stacks are by nature not isolated from the workloads they protect. Network solutions lack insight into the context of virtual machines. By operating at the hypervisor level, Hypervisor Introspection has deep insight into the memory of running virtual machines while remaining isolated, at the hardware layer, from protected systems.
By leveraging Virtual Machine Introspection APIs in the Xen and KVM hypervisors, HVI is able to introspect the memory of running virtual machines. Bitdefender developed, and later open-sourced, the Hypervisor Introspection Engine to apply security logic to user- and kernel-mode memory of running virtual machines.
Securing any organization involves multiple approaches to security, from the network to the endpoint, and down to the hypervisor. HVI does not displace existing in-guest security tools, such as antimalware. What HVI does is focus on the use of attack techniques, such as buffer overflows, heap spray, and code injection, which are used over and over to exploit vulnerabilities in operating systems and software.
HVI focuses on attack techniques that abuse software vulnerabilities to gain an initial foothold on a target system or escalate privilege. For example, an attacker may use a buffer overflow to exploit a known or unknown vulnerability. By introspecting memory, HVI recognizes the buffer overflow condition, without requiring knowledge of the specific exploit or vulnerability, detecting and stopping the attack before a system is compromised.
Instead of scanning millions of malware samples, Hypervisor Memory Introspection detects the handful of associated attack techniques, which are only visible at the hypervisor level, identifying zero-days as easily as any known exploit. Bitdefender HVI does not require signature updates, since the attack techniques do not change.
Hundreds of Millions Of Known and Unknown Threats Endpoint Security Perspective Operating System Level
A Handful of Attack Techniques Heap Spray | Code Injection | Api Hooking, Etc. Bitdefender HVI Perspective Hypervisor Level
Browsers and browsing have become a primary attack vector used by malicious actors as an entry-point for phishing, ransomware, and advanced targeted attacks. Bitdefender and Citrix have developed a secure browsing solution to help you reduce the attack surface arising from legacy, unprotected, or misconfigured browsers and careless or unscrupulous browsing activity.
The Virtual Machine Introspection (VMI) APIs of the Xen and KVM open-source hypervisors were extended to take advantage of CPU-level instructions and facilitate HVI. Bitdefender was the first vendor to take advantage of VMI by developing HVI.
In mid-2020, Bitdefender provided the HVI technologies to the open-source community as a sub-project of Xen Project to foster further research and development, which you can take part in. That project, known as Hypervisor-based Memory Introspection (HVMI), can be found at https://github.com/hvmi.
Bitdefender offers support and services, known as Bitdefender Hypervisor Introspection Enterprise Support, for HVI. Licensed as a subscription on a per-CPU basis, HVI includes support for centralized management via GravityZone, support of new operating systems and versions, as well as day-to-day troubleshooting and deployment guidance.
Hypervisor Introspection can be used without cost. For production environments,
Bitdefender Hypervisor Introspection Enterprise Support is strongly recommended.
You will find details of the Bitdefender Hypervisor Introspection (HVI) Enterprise Support Policy here
If you are interested in finding-out more about Bitdefender Hypervisor Introspection Enterprise Support, simply click the appropriate checkbox after clicking on the Get HVI button on this page.
Bitdefender has worked with the open-source community, including Xen Project and KVM Project, to extend Virtual Machine Introspection (VMI) capabilities.
WATCH WEBINAR
This webinar features Dr. Ramaswamy Chandramouli, Computer Scientist, Computer Security Division, National Institute of Technology (NIST), Kurt Roemer, Chief Security Strategist (Citrix), and Andrei Florescu, Group Product Manager (Bitdefender) as they discuss hypervisor-level security and how it can help organizations comply with NIST “Security Recommendations for Server-based Hypervisor Platforms” (SP 800-125A Rev.1).
WATCH WEBINAR
Learn how Bitdefender HVI was able to prevent the WannaCry ransomware long before the attack wave hit, by stopping the EternalBlue zero-day. WannaCry was deemed one of the most severe ransomware waves, having affected over 200,000 devices in 150 countries in just 24 hours.
READ REPORT
Learn how IT administrators can strengthen their defense strategy by combining XenServer with XenApp and XenDesktopby, and leveraging the industry’s most secure virtual app and desktop delivery platform.
READ SOLUTION BRIEF
Working with Citrix, Bitdefender has created an approach previously deemed impossible. Bitdefender Hypervisor Introspection (HVI) reveals malicious activity hiding below the surface of your data center by detecting and annihilating attacks from the level of the underlying hypervisor.
READ WHITEPAPER
Mark Child, Alexei Proskura, Idc Trusted by Global Leaders and Analysts
Jeff Kater, Director of It, Kansas Development Finance Authority Trusted by Global Leaders and Analysts
Simon Gassmann, Cio and Managing Director, Quilvest (Switzerland) Trusted by Global Leaders and Analysts
Our experts will help you install and configure your Bitdefender solution for the optimal protection and performance your business applications need. The SMB Start service offers customers the benefit of expert guidance throughout the beginning of the implementation, ensuring a smooth and trouble-free start.
Skilled Bitdefender engineers will follow best practices and keep your business needs in mind as they guide you at the start of implementing the security solution in your environment.
