Virtualization Security vendors are starting to seriously investigate the possibilities of the various introspection APIs available to the hypervisors. Introspection APIs allow security groups to now investigate the security of a virtual network, virtual machine, and other components from without. In other words, why rely on an agent within the VM to protect your network, virtual machine, or components. Instead, we can use these APIs to peer into these components from without the system to be tested.
Why is this important?
Introspection is important due to the fact that one the first things attackers do is disable, bypass, or otherwise render harmless any security agents that live within the virtual machine under attack. Thereby making it difficult to track. You would think, the management tools for these agents can see that the agent may not be running, but intelligent attackers will keep the agent running, but they will be below its radar. The agent is rendered harmless to the attacker. Continue reading Anti-This, Anti-That, getting into the Virtualization Security Game with Introspection