Bitdefender Hypervisor Introspection recently won the SCMagazine Innovator Award, marking the fact that truly groundbreaking security technologies have started to receive validation from the market, as traditional security solutions fail to cope with the ever-increasing complexity of advanced threats.
The number of sophisticated threats reported in the past couple of years has tragically emphasized that traditional security solutions are not just ill-equipped to detect them, but also that some advanced threats are specifically built for each target. Consequently, new innovative security technologies that offer an additional security layer to existing security stacks need to provide organizations with a proactive method for identifying and preventing even these new, unknown, and advanced threats.
Truly innovative security technologies, such as Bitdefender Hypervisor Introspection, are specifically built to offer a unique solution to hard problems.
“The key is the attack methodology, not the payload. HVI does not care what the malicious code is. It only cares that an unauthorized memory access is occurring,” wrote Peter Stephenson, technology editor, SC Media.
What happened in 2017?
EternalBlue, probably one of the biggest security vulnerabilities of 2017, has been actively used to affect hundreds of thousands of computers around the world in a matter of hours, delivering ransomware to victims. Allegedly developed by a government agency and leaked by a notorious hacker group, the vulnerability was quickly weaponized after becoming public and used in what is known as the WannaCry ransomware outbreak.
While ransomware is not uncommon, this one leveraged an alleged military-grade cyber weapon to dodge traditional security solutions and infect both end users and organizations without requiring any input from the victim. Without the need to click on a link or open an attachment, any user connected to the internet was potentially a victim of WannaCry.
European presidential elections were also targeted by advanced malware. Emanuel Macron, then a candidate for the French presidency, stated that his campaign was the victim of a sophisticated cyberattack leveraging an advanced piece of malware designed to infiltrate a victim computer and exfiltrate sensitive data.
While these are not the only security incidents in which advanced and sophisticated malware were used, they do show that traditional security solutions are becoming increasingly powerless to adequately protect against these new threats.
Traditional Security Doesn’t Cut It Anymore
With data breaches and advanced malware making headlines, traditional security technologies are clearly unable to cope with increasing threat sophistication. Focusing more on “what” instead of “how”, traditional security is often too focused on identifying malicious files, behavior, and malware type, instead of understanding how these threats operate.
Threat actors and advanced malware usually resort to a handful of tricks to gain control of a machine, which is why focusing on those tricks is far more effective. For example, instead of analyzing hundreds of millions of malware files, it’s far more effective to simply focus on the handful of attack techniques shared by those files. While the traditional method is to focus on the malware, it seems more effective to focus on “how” that malware is actually delivered.
All advanced attacks operate using those attack techniques, and traditional security simply doesn’t cut it anymore because those techniques operate at the memory level, meaning there are no files for the traditional security to analyze. The techniques are “invisible” to these security solutions and understanding “how” advanced attacks leverage these techniques gives you an unprecedented level of insight.
“The only way to defeat escalation of privilege, for example, is to isolate the attacker from the defense mechanism,” wrote Peter Stephenson, technology editor, SC Media. “However, you also need context. The hypervisor is the only thing that provides isolation and context.”
‘The key is the attack methodology’ - Changing the Security Paradigm
Fast, accurate, and truly agentless, Bitdefender Hypervisor Introspection is designed to prevent threats, while minimizing performance impact on the protected system. It has been tested against notorious APTs (Advanced Persistent Threats) that have plagued organizations and governments, including the EternalBlue vulnerability leveraged by the WannaCry outbreak.
As soon as the vulnerability was leaked and became publicly accessible, HVI instantly prevented it from being executed on protected systems. Because it focuses on the attack technique used by EternalBlue to compromise the victim, Hypervisor Introspection was able to prevent the attack from occurring, effectively denying the ransomware payload from even reaching the protected system. Focusing on the attack method instead of the actual malware payload, HVI prevented the breach from ever occurring. because of its ability to guarantee the integrity of in-guest applications and even the operating system, no vulnerability – known or unknown – can be exploited by attackers to deliver malware, without being spotted by Bitdefender Hypervisor Introspection.
Even the advanced threat used in the French election hack could have been prevented by Hypervisor Introspection, as attackers leveraged attack techniques that could have been spotted and plugged before they managed to actually compromise the victim.
“Unique solutions to hard problems come from unique people driven by innovation,” wrote Peter Stephenson, technology editor, SC Media. “This is a unique approach to securing a virtual system…this innovator always is looking for new ways to detect and prevent threats from having an impact on the system being protected.”
The SCMagazine Innovator Award for Bitdefender Hypervisor Introspection is a big deal, as organizations have faced the cold fact that threat sophistication requires a new way of tackling security – a change from a reactive to a proactive approach. As targeted attacks and zero day vulnerabilities are constantly deployed by advanced threats, Bitdefender Hypervisor Introspection is the new security layer that can protect your organization and increase its security posture without sacrificing performance or usability, or completely displacing your existing security stack.