BITDEFENDER HYPERVISOR INTROSPECTION

A Transformative Approach to Advanced Attack Detection

Main Content

Bitdefender Hipervisor Introspection ( HVI )

Hypervisor Introspection (HVI)

Bitdefender was the first to develop Hypervisor Introspection (HVI). A groundbreaking security approach, HVI introspects the memory of running virtual machines using Virtual Machine Introspection APIs in Xen and KVM hypervisors. By applying security logic, HVI searches for attack techniques, such as buffer overflows, heap spray and code injection, to detect and block malicious activity before an attacker gains a foothold on targeted systems. In leveraging the hypervisor, the technology needs no software within protected virtual machines, allowing complete insight without sacrificing isolation.

HVI can be downloaded and used for free. For production use, Bitdefender advises organizations to purchase Bitdefender Hypervisor Introspection Enterprise Support.

Features and benefits

ACHIEVE INSIGHT AND ISOLATION SIMULTANEOUSLY​

In-guest elements of security stacks are, by nature, not isolated from the workloads they protect, while network solutions are hampered by a lack of insight into the context of virtual machines. By operating at hypervisor level, HVI enjoys deep insight into the memory of running virtual machines while remaining isolated, at the hardware layer, from protected systems.

PROTECT USER AND KERNEL MEMORY ACROSS WINDOWS AND LINUX ​

By leveraging Virtual Machine Introspection APIs in the Xen and KVM hypervisors, HVI is able to introspect the memory of running virtual machines. Bitdefender developed, and later open-sourced, the Hypervisor Introspection Engine to apply security logic to user- and kernel-mode memory of running virtual machines.

SECURITY THAT COMPLEMENTS YOUR EXISTING SOLUTIONS

Securing any organization involves multiple approaches to security, from the network to the endpoint, and down to the hypervisor. HVI does not displace existing in-guest security tools, such as antimalware. What HVI does is focus on the use of attack techniques, such as buffer overflows, heap spray, and code injection, which are used over and over to exploit vulnerabilities in operating systems and software.

ELIMINATE THE TOOLS ATTACKERS USE TO GAIN A FOOTHOLD

HVI focuses on attack techniques that abuse software vulnerabilities to gain an initial foothold on a target system or escalate privilege. For example, an attacker may use a buffer overflow to exploit a known or unknown vulnerability. By introspecting memory, HVI recognizes the buffer overflow condition, without requiring knowledge of the specific exploit or vulnerability, detecting and stopping the attack before a system is compromised.

Want to learn more?

DOWNLOAD DATASHEET

Focus on Memory-Manipulation Techniques

Instead of scanning millions of malware samples, Hypervisor Memory Introspection detects the handful of associated attack techniques, which are only visible at the hypervisor level, identifying zero-days as easily as any known exploit. Bitdefender HVI does not require signature updates, since the attack techniques do not change.

Protection at operating system level

HUNDREDS OF MILLIONS
OF KNOWN AND UNKNOWN THREATS

ENDPOINT SECURITY PERSPECTIVE

OPERATING SYSTEM LEVEL

Protection at hypervisor level

A HANDFUL OF ATTACK TECHNIQUES
HEAP SPRAY | CODE INJECTION | API HOOKING, ETC.

BITDEFENDER HVI PERSPECTIVE

HYPERVISOR LEVEL

WATCH VIDEO

Browser Isolation with
Hypervisor Introspection

Browsers and browsing have become a primary attack vector used by malicious actors as an entry-point for phishing, ransomware, and advanced targeted attacks. Bitdefender and Citrix have developed a secure browsing solution to help you reduce the attack surface arising from legacy, unprotected, or misconfigured browsers and careless or unscrupulous browsing activity.

READ SECURE BROWSER WHITEPAPER

BASED ON OPEN-SOURCE TECHNOLOGY

The Virtual Machine Introspection (VMI) APIs of the Xen and KVM open-source hypervisors were extended to take advantage of CPU-level instructions and facilitate HVI. Bitdefender was the first vendor to take advantage of VMI by developing HVI.

In mid-2020, Bitdefender provided the HVI technologies to the open-source community as a sub-project of Xen Project to foster further research and development, which you can take part in. That project, known as Hypervisor-based Memory Introspection (HVMI), can be found at https://github.com/hvmi.

Bitdefender offers support and services, known as Bitdefender Hypervisor Introspection Enterprise Support, for HVI. Licensed as a subscription on a per-CPU basis, HVI includes support for centralized management via GravityZone, support of new operating systems and versions, as well as day-to-day troubleshooting and deployment guidance.

Join the HVMI Slack Channel

Join the HVMI Slack Channel
GitHub HVMI Project

GitHub HVMI Project
HVMI Docs

HVMI Docs

ENTERPRISE SUPPORT

Hypervisor Introspection can be used without cost. For production environments,
Bitdefender Hypervisor Introspection Enterprise Support is strongly recommended.

You will find details of the Bitdefender Hypervisor Introspection (HVI) Enterprise Support Policy here

If you are interested in finding-out more about Bitdefender Hypervisor Introspection Enterprise Support, simply click the appropriate checkbox after clicking on the Get HVI button on this page.

Resources

Bitdefender and Xen Project Announce New Open-Source Project

Bitdefender has worked with the open-source community, including Xen Project and KVM Project, to extend Virtual Machine Introspection (VMI) capabilities.

WATCH WEBINAR

WEBINAR BY NIST, CITRIX AND BITDEFENDER: CYBER KILL-CHAIN DISRUPTION WITH HVI

This webinar features Dr. Ramaswamy Chandramouli, Computer Scientist, Computer Security Division, National Institute of Technology (NIST), Kurt Roemer, Chief Security Strategist (Citrix), and Andrei Florescu, Group Product Manager (Bitdefender) as they discuss hypervisor-level security and how it can help organizations comply with NIST “Security Recommendations for Server-based Hypervisor Platforms” (SP 800-125A Rev.1).

WATCH WEBINAR

HOW BITDEFENDER HVI HELPED DEFEAT WANNACRY

Learn how Bitdefender HVI was able to prevent the WannaCry ransomware long before the attack wave hit, by stopping the EternalBlue zero-day. WannaCry was deemed one of the most severe ransomware waves, having affected over 200,000 devices in 150 countries in just 24 hours.

READ REPORT

JOINT BITDEFENDER-CITRIX SOLUTION BRIEF

Learn how IT administrators can strengthen their defense strategy by combining XenServer with XenApp and XenDesktopby, and leveraging the industry’s most secure virtual app and desktop delivery platform.

READ SOLUTION BRIEF

HYPERVISOR INTROSPECTION DATASHEET

What secrets does your infrastructure hold?

READ DATASHEET

HYPERVISOR INTROSPECTION WHITEPAPER

Working with Citrix, Bitdefender has created an approach previously deemed impossible. Bitdefender Hypervisor Introspection (HVI) reveals malicious activity hiding below the surface of your data center by detecting and annihilating attacks from the level of the underlying hypervisor.

READ WHITEPAPER
Previous Next
VIEW ALLVIEW LESS

Additional Protection Layers and Services

PROFESSIONAL SERVICES

Our experts will help you install and configure your Bitdefender solution for the optimal protection and performance your business applications need. The SMB Start service offers customers the benefit of expert guidance throughout the beginning of the implementation, ensuring a smooth and trouble-free start.
Skilled Bitdefender engineers will follow best practices and keep your business needs in mind as they guide you at the start of implementing the security solution in your environment.

Download Datasheet

Intrigued yet? Request a demo now.

GET HVI

Still have questions?

Do you need help deciding which solution is right for you? The Bitdefender Sales Team is happy to be of service.

Get support