Bitdefender makes HVI available as open source. This enables hypervisor introspection to be used for other purposes besides IT security. The publication takes place as part of the Xen Project
Bitdefender provides HVI (Hypervisor Introspection) as open source. The cybersecurity company, which protects over 500 million systems worldwide, is making one of its groundbreaking technologies freely available to the open source community. HVI uses the position of the hypervisors between the underlying hardware and the virtualized operating systems of the servers and desktops. The technology examines the memory in real time for signs of memory-based attack techniques that are used to exploit known and unknown vulnerabilities. The code was published as part of the Xen Project under the name HVMI (Hypervisor-based Memory Introspection) under the Apache 2.0 license.
HVI mechanisms as open source
Bitdefender is a member of the advisory board of the Xen Project hosted by the Linux Foundation. By providing the HVI mechanisms as open source, Bitdefender is helping to understand and apply the security logic for events in the main memory in virtual machines under Linux and Windows. The mechanisms use APIs on the hypervisor level for introspection, i.e. a kind of self-analysis, of virtual machines.
The HVI code enables organizations to understand the storage view provided by Virtual Machine Introspection in both the Xen and KVM hypervisors. The technology, which Bitdefender first introduced in 2017, gained widespread recognition for stopping EternalBlue attacks without any knowledge of the attack or the underlying vulnerability. The WannaCry attacks that used EternalBlue and the success of HVI made it clear that hypervisor security solutions like HVI need to become part of the security fabric of organizations. While Bitdefender has used the technology for security purposes, the possibilities extend to a number of other areas that can leverage and expand this unique, powerful sensor.
Additionally published hypervisor technology "Napoca"
At the same time as HVI, Bitdefender also released its slim hypervisor technology "Napoca", which it used in the development of HVI, as open source. Napoca can prove useful to researchers and open source endeavors because, unlike virtualizing all hardware, it can only virtualize the processor and memory and combine it with HVI to protect physical systems.
"The Xen Project is proving to be extremely fruitful and the hypervisor VMI capabilities of the Xen Project have fundamentally changed IT security," said Shaun Donaldson, director of strategic alliances at Bitdefender. “We are excited to see the many possible uses that the community will develop for the technology. We expect HVI and Napoca to be used in areas that go beyond Bitdefender's security-oriented goals and that we cannot foresee today. "
Beyond the boundaries of operating system-based security models
Kurt Roemer, Chief Security Strategist and member of the Office of the CTO at Citrix, says the creativity of the open source community will embed HVMI technology in a wealth of resources with surprising innovations that go beyond the confines of operating system-based security models: “HVI has provided extensive threat insights and remedial action for Xen-based virtual machines. Now that the technology is open source, the use cases to which HVMI can be applied will be of immediate benefit to both security teams and their organizations - especially as threats emerge. "
More on this at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de