CRN Exclusive: Bitdefender Bets Big On Hypervisor Security With New Hypervisor Introspection Tool

Bitdefender is looking to bring security to the hypervisor level, announcing on Tuesday the general availability of its Bitdefender Hypervisor Introspection solution.

The solution, announced at Citrix Synergy 2017 in Orlando, Fla. this week, adds a new security layer to the data center, providing an agent-less solution for memory introspection around the Citrix XenServer. With those added visibility capabilities, the company said the solution could identify and isolate attacks at the hypervisor level.

That fills a gap that was previously left open in data center security, Bitdefender Vice President of Enterprise Solutions Harish Agastya said. That gap was left open as endpoint security solutions provide context into events but few isolation capabilities and network security solutions lacking the context to isolate all types of attacks. Agastya said the Bitdefender Hypervisor Introspection solution fills that gap, with both context through memory introspection and isolation through root-level capabilities.

[Related: Q&A: Sophos CEO On WannaCry Ransomware, New Products And Double-Digit Security Growth]

While the solution doesn't solve all of a company's security needs, Agastya said it adds another layer of advanced breach protection to the data center. That is critical when defending against advanced persistent threats, he said. He said it is complementary to existing security technologies, including firewalls and endpoint security offerings.

"These attacks that are running in your data center and typically resulting in the exfiltration of confidential IP, that is something that everyone wants to protect against. No one wants to be on the front page [for a breach] … and they don’t really have a breach prevention or detection solution. That's the particular problem that the Hypervisor Introspection solution solves," Agastya said.

The solution was developed in collaboration with Citrix's Xen Project, allowing it to run on any system running Citrix virtualization technology. Agastya said Bitdefender is also working to extend the solution to other virtualization companies. Citrix Director of Product Management David Cottingham said that collaboration is key, especially as Citrix looks to play a bigger role in securing organizations from the virtualization level.

"Citrix is positioning itself very much as having a big part to play in security. If you talk to our customers, we have been perceived as a security vendor for quite a while, but we have not been getting that message out until relatively recently," Cottingham said. He said Citrix plans to further build on that strategy with analytics capabilities.

For partners, Bitdefender's Agastya said the new Hypervisor Introspection solution presents a "greenfield opportunity," as it is an additive layer to existing security solutions that few if any, other companies offer. He said it also helps partners who work with either Citrix or Bitdefender raise the security level for their customers around advanced threats.

"It's a greenfield product that solves a legitimate problem," Agastya said. "Now you have an opportunity to sell a more complete solution. Nobody wants to be attacked by a breach, and for a reseller to have the ability to solve that problem is huge."

Justin Current, director of professional services at Lifeboat Distribution, said the Hypervisor Introspection technology is a benefit for resellers because it is easy to implement and adds value with another layer of security protections. Current said hypervisor security is an area that the security industry has been "anxiously awaiting someone to develop a solution around."

"The idea that someone can track threats at the hypervisor level, rather than at the virtual machine level, has always been intriguing," Current said. "It changes the way we formulate a security plan, with the understanding that if we can protect the virtual machine at the hypervisor level … It's an additional layer to help protect against all the threats that are occurring."

That being said, Bitdefender's Agastya said hypervisor security is a new market, so education of partners and customers will be key going forward. He said attacks like the recent WannaCry ransomware attacks would likely help raise awareness for the importance of this type of security solution for enterprises. He also expects other vendors will look to jump into the hypervisor security market. Lifeboat's Current agreed, saying he expects to see more companies move to offer security technologies for virtualization.

"I think now the door has been opened to the fact that this can be done and that is key," Current said. I think security is heading this direction."