14 DAY TRIAL // Bitdefender security vendor has released a new technology for better protection of virtualized endpoints, by carrying out the inspection of the system at hypervisor level.
Regular security solutions for virtualized environment are limited by architectural constraints and operate at the same privilege level (ring zero/root/administrator) as the planted malware does.
The entire virtualized infrastructure is monitored
Hypervisor-based Memory Introspection, the solution proposed by the Romania-based company, addresses both Windows and Linux endpoints and works at a level below the guest operating system (ring-minus-one) allowing full insight into the activity on the guest machine.
By leveraging hypervisor privileges, Bitdefender’s product can identify attacks and installed threats. From the get-go, it is assumed that the virtualized infrastructure has already been compromised, and to counter the potential threats, Bitdefender Clean-up Tools are injected into the running virtual endpoint via a unique method.
News about the new method for protecting virtualized environments comes at the same time as the disclosure of a serious vulnerability (VENOM) in the virtual Floppy Disk Controller code from QEMU.
Successful exploit of the glitch could lead to accessing other virtual machines on the same infrastructure and even escape into the host system.
Technology will become available by late 2015
“Virtualization revolutionized computing by adding a layer of abstraction below operating systems. Our technology brings security to that layer; and while intuitive, it is revolutionary because, until now, it was deemed extremely difficult to achieve," said Mihai Dontu, Chief Linux Officer at Bitdefender.
Intended for virtualization vendors and datacenter administrators, the technology is expected to become widely available until the end of the year.
Bitdefender demonstrated the capabilities of the new technology at the Citrix Synergy conference held this week in Orlando, Florida.
The antivirus engine developed by the company has been licensed to multiple security vendors, who use it in their multi-engine products, but it is unclear if the new hypervisor-level protection technology will follow the same path.