On the 9/5 Virtualization Security Podcast we discussed Hyper-V Security and were joined by Alex Kibkalo, a former senior architect at Microsoft who works as a Director of Product Management in 5nine Software. 5nine Software has developed the first introspective virtualization security device for Hyper-V. Introspective security has been missing from Hyper-V for a number of years, while it was possible to implement, the market has been so small that is was not feasible until now. Which implies Hyper-V is gaining adherents so has a need for better security measures.
Articles Tagged with introspection
Virtualization Security vendors are starting to seriously investigate the possibilities of the various introspection APIs available to the hypervisors. Introspection APIs allow security groups to now investigate the security of a virtual network, virtual machine, and other components from without. In other words, why rely on an agent within the VM to protect your network, virtual machine, or components. Instead, we can use these APIs to peer into these components from without the system to be tested.
Why is this important?
Introspection is important due to the fact that one the first things attackers do is disable, bypass, or otherwise render harmless any security agents that live within the virtual machine under attack. Thereby making it difficult to track. You would think, the management tools for these agents can see that the agent may not be running, but intelligent attackers will keep the agent running, but they will be below its radar. The agent is rendered harmless to the attacker.