Cybersecurity company Bitdefender has launched its ‘Bitdefender Hypervisor Introspection’ solution to protect data centers from advanced attacks.

Announced at Citrix Synergy 2017, it is currently only available on Citrix XenServer. The company claims it is the first and only vendor to offer a commercial hypervisor-based security solution.

How it works

cyber security image
– DCD/Sebastian Moss

“What we did is that, with virtualization and everything going hybrid and going cloud, we thought that the hypervisor can be leveraged from a security perspective, because it sits below the operating system, it controls the physical resources - the CPU, the RAM, etc,” Adrian Liviu Arsene, senior security specialist at Bitdefender told DCD.

He compared it to existing security systems: “How does traditional security work? Basically you have an agent within the operating system.

“The security solution taps into a couple of operating system APIs and asks the operating system ‘How many files are in this folder?,’ and the OS says ‘five files’ and the security solution starts scanning.

“However, there’s the matter of advanced persistent threats (APTs), where you get advanced threats that leverage - for instance - zero day vulnerabilities or rootkits and bootkits that boot before the OS boots. They can manipulate the information the OS sends to the security solution. So if it asks how many files are in the folder, it can say ‘tell the AV vendor that there’s nobody here, it’s ok, you’re safe.’”

With Bitdefender’s new product, Arsene said that “we can protect the operating system from outside the operating system. Why not use the hypervisor to gain insight into how the raw memory for each VM is actually being used, what’s executed in there, so we don’t have to rely on the OS?”

He added that this approach can “detect zero day vulnerabilities - when an attacker tries to insert a new block with new instructions, you can actually see it happening, you can actually see the code unencrypted because everything that runs in memory is unencrypted.”

Starting with Citrix

Arsene said that Bitdefender “reached out to Citrix not from a marketing side or a PR side, but from a technical perspective.”

“They were really excited because it was an open source project. We got somebody from Intel, we got The Linux Foundation, the entire open source community, and Citrix working with us on how to build those APIs, and internally we developed our own Introspection engine. We worked on that for three years.”

As for other partnerships, Bitdefender has “approached VMware and Hyper-V from Microsoft to figure out if they want to open up the hypervisor. Basically they have to build the APIs so that they can allow access to those resources.”