BITDEFENDER HYPERVISOR INTROSPECTION

A Transformative Approach to Advanced Attack Detection

Bitdefender Hipervisor Introspection ( HVI )

Hypervisor Introspection (HVI)

Bitdefender was the first to develop Hypervisor Introspection (HVI). A groundbreaking security approach, HVI introspects the memory of running virtual machines using Virtual Machine Introspection APIs in Xen and KVM hypervisors. By applying security logic, HVI searches for attack techniques, such as buffer overflows, heap spray and code injection, to detect and block malicious activity before an attacker gains a foothold on targeted systems. In leveraging the hypervisor, the technology needs no software within protected virtual machines, allowing complete insight without sacrificing isolation.

HVI can be downloaded and used for free. For production use, Bitdefender advises organizations to purchase Bitdefender Hypervisor Introspection Enterprise Support.

Features and benefits

ACHIEVE INSIGHT AND ISOLATION SIMULTANEOUSLY​

In-guest elements of security stacks are, by nature, not isolated from the workloads they protect, while network solutions are hampered by a lack of insight into the context of virtual machines. By operating at hypervisor level, HVI enjoys deep insight into the memory of running virtual machines while remaining isolated, at the hardware layer, from protected systems.

PROTECT USER AND KERNEL MEMORY ACROSS WINDOWS AND LINUX ​

By leveraging Virtual Machine Introspection APIs in the Xen and KVM hypervisors, HVI is able to introspect the memory of running virtual machines. Bitdefender developed, and later open-sourced, the Hypervisor Introspection Engine to apply security logic to user- and kernel-mode memory of running virtual machines.

SECURITY THAT COMPLEMENTS YOUR EXISTING SOLUTIONS

Securing any organization involves multiple approaches to security, from the network to the endpoint, and down to the hypervisor. HVI does not displace existing in-guest security tools, such as antimalware. What HVI does is focus on the use of attack techniques, such as buffer overflows, heap spray, and code injection, which are used over and over to exploit vulnerabilities in operating systems and software.

ELIMINATE THE TOOLS ATTACKERS USE TO GAIN A FOOTHOLD

HVI focuses on attack techniques that abuse software vulnerabilities to gain an initial foothold on a target system or escalate privilege. For example, an attacker may use a buffer overflow to exploit a known or unknown vulnerability. By introspecting memory, HVI recognizes the buffer overflow condition, without requiring knowledge of the specific exploit or vulnerability, detecting and stopping the attack before a system is compromised.

Want to learn more?

DOWNLOAD DATASHEET

Focus on Memory-Manipulation Techniques

Instead of scanning millions of malware samples, Hypervisor Memory Introspection detects the handful of associated attack techniques, which are only visible at the hypervisor level, identifying zero-days as easily as any known exploit. Bitdefender HVI does not require signature updates, since the attack techniques do not change.

Protection at operating system level

HUNDREDS OF MILLIONS
OF KNOWN AND UNKNOWN THREATS

ENDPOINT SECURITY PERSPECTIVE

OPERATING SYSTEM LEVEL

Protection at hypervisor level

A HANDFUL OF ATTACK TECHNIQUES
HEAP SPRAY | CODE INJECTION | API HOOKING, ETC.

BITDEFENDER HVI PERSPECTIVE

HYPERVISOR LEVEL

Browser Isolation with
Hypervisor Introspection

Browsers and browsing have become a primary attack vector used by malicious actors as an entry-point for phishing, ransomware, and advanced targeted attacks. Bitdefender and Citrix have developed a secure browsing solution to help you reduce the attack surface arising from legacy, unprotected, or misconfigured browsers and careless or unscrupulous browsing activity.

READ SECURE BROWSER WHITEPAPER

BASED ON OPEN-SOURCE TECHNOLOGY

The Virtual Machine Introspection (VMI) APIs of the Xen and KVM open-source hypervisors were extended to take advantage of CPU-level instructions and facilitate HVI. Bitdefender was the first vendor to take advantage of VMI by developing HVI.

In mid-2020, Bitdefender provided the HVI technologies to the open-source community as a sub-project of Xen Project to foster further research and development, which you can take part in. That project, known as Hypervisor-based Memory Introspection (HVMI), can be found at https://github.com/hvmi.

Bitdefender offers support and services, known as Bitdefender Hypervisor Introspection Enterprise Support, for HVI. Licensed as a subscription on a per-CPU basis, HVI includes support for centralized management via GravityZone, support of new operating systems and versions, as well as day-to-day troubleshooting and deployment guidance.

ENTERPRISE SUPPORT

Hypervisor Introspection can be used without cost. For production environments,
Bitdefender Hypervisor Introspection Enterprise Support is strongly recommended.

You will find details of the Bitdefender Hypervisor Introspection (HVI) Enterprise Support Policy here

If you are interested in finding-out more about Bitdefender Hypervisor Introspection Enterprise Support, simply click the appropriate checkbox after clicking on the Get HVI button on this page.

Resources

Previous Next
VIEW ALLVIEW LESS

Additional Protection Layers and Services

Intrigued yet? Request a demo now.

GET HVI

Still have questions?

Do you need help deciding which solution is right for you? The Bitdefender Sales Team is happy to be of service.

Get support