Bitdefender Hypervisor Introspection
Eliminate Your Security Blind Spots

Overview:

What secrets does your infrastructure hold?

In late 2013, a standard investigation on a bank in Kiev revealed that for several months the internal systems were being monitored by stealth malware. The malicious software was highly successful at covering its tracks, recording every employee’s move, and even sending back video feeds and images, all without raising suspicion.¹

When finally discovered, the sophisticated attack - known today as Carbanak - was eventually linked to more than one-hundred banks across thirty nations, revealing one of the largest bank thefts ever. This attack inflicted an estimated $1 billion worth of damage globally.²

Carbanak is just one of a series of targeted attacks that breached data in key industries around the world, by using stealth malware to gain entrance while avoiding detection. While there are many other similar examples of attacks, no proactive technology has yet been proven effective enough to single out these deep threats.

How malware out-privileges you, without you knowing it

Operating systems were not designed with security in-mind. Malicious code is able to run with kernel privilege, just like your security solution, and stands a good chance of bypassing your security.

After it surreptitiously infiltrates the system, both the workloads and the system remain operable. While everything may seem fine, it is only a front for data exfiltration and cyber-espionage.

Some malware can even brings an infrastructure to its knees

The damage inflicted by successful attacks on a system increases with the time to mitigate. Even a relatively innocuous malware, such a spam-sending Trojan, will impact the resources of an organization. Ultimately, it can impact profit by consuming resources, which may even be partly directed at employees of the company itself, inflicting further wasted time on the company.

5 months pass before an infiltration is uncovered

A study conducted in February 2016 shows it takes companies an average of 5 months to detect a data breach. What’s more, 53% of them needed external investigators to discover them, as internal resources showed no signs of a breach.³

Bitdefender and Citrix Join Forces to Root out Deep Threats from Your Infrastructure

By joining their considerable expertise in IT security and data center virtualization, Bitdefender and Citrix have developed an entirely new security layer which malware cannot compromise or evade – through raw memory introspection directly at the hypervisor level.

How do you catch that which you cannot see?

If a rootkit or kernel exploit tricked the operating system into hiding its tracks, even advanced security solutions will have difficulties discovering them, if those security solutions are in-guest. The trick is viewing a VM from the outside, while also monitoring its inside processes. The approach lies within the bare-metal hypervisor – a tool that hasn’t been used for security before. They hypervisor provides the context of VMs, while staying isolated from them. In an unprecedented collaboration against targeted attacks, Bitdefender and Citrix put their collective expertize in virtualization and security on the table. Together, they created a new security layer that will see everything happening in your infrastructure, but which malware cannot reach.

A solution deemed impossible to achieve

The way to catch the most advanced threats is to not rely on information given to you by the OS. Hypervisors provide clean, low-level information about the memory being used by each virtual machine. To provide these insights, Citrix is now introducing a new, specially designed API in XenServer, which offers insight into the raw memory stack of every virtual machine from the hypervisor. At this level, access to memory is so raw, and at such a low-level, that analyzing it has been impossible so far -- only a handful of people in the world write security at this level. Bitdefender is now introducing Hypervisor Introspection(HVI), a ground-breaking solution that detects suspicious activities by working directly with raw memory – a level of insight from which malware cannot hide.

An innovative security layer that protects your privileges

Working together, Bitdefender and Citrix are now giving datacenter owners the ability to know the previously unknowable, and act on information from this new level of insight.

Bitdefender Hypervisor Introspection (HVI)
HVI is able to detect attacks that can be hidden in your infrastructure for days, weeks, or even months – spying and exfiltrating information invisibly. HVI does not assume your systems are clean upon arrival; you can instruct HVI to inject cleaning tools into live virtual machines – a temporary footprint into running systems. This also allows your native endpoint protection to take care of the rest, from within the VM. HVI can also prevent further breaches, ensuring you have full visibility of the activity in your datacenter.

Already proven against targeted attacks

HVI already detects and blocks famous targeted attacks including Carbanak, Turla, APT28, NetTraveler or Wild Neutron without knowing beforehand the actual vulnerabilities used by the hackers.

Among the targeted attacks that HVI can detect is a massive cyber-espionage campaign uncovered in 2015 by Bitdefender called APT28. The attackers infiltrated political, e-crime services, telecommunication services or aerospace industries in US and Eastern Europe – stealing passwords, and gaining system privileges – all while remaining undetected. Coincidentally, during this period, in Minsk, the political leaders of Belarus, Russia, Germany, France and Ukraine were participating in a summit, discussing the ceasefire in the Donbass region in the east of Ukraine.⁴

Minimum Investment. Easy to Deploy.

Unlike other vendors that require you to remove your endpoint protection and replace it with theirs, HVI is complementary to your existing security tools. It is a new security layer, and is fully compatible with every existing EPP today. It also works hand in-hand with you current agent-based solution – it stops attackers from gaining privileges on your infrastructure, preventing them from hiding from your in-guest security.

¹ http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html
² https://threatpost.com/carbanak-ring-steals-1-billion-from-banks/111054/
³ https://www2.fireeye.com/rs/848-DID-242/images/Mtrends2016.pdf
⁴ http://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28–The_Political_Cyber-Espionage.pdf