This video introduces a XenServer 7 security feature – Direct Inspect APIs, and how to leverage it to provide “better than physical” protection against malicious activity.
Up until now, security vendors have developed increasingly sophisticated solutions that aim to protect systems (physical or virtual) by trying to find malicious files. The key point here is find.
Malware needs to find a vehicle into the system. Typically, this would be a foreign file (downloaded, received by email, copied from a USB stick etc) that resides on the system’s disk. Therefore, the name of the game is to attempt to inspect each file that pops up on the system, and figure out if it’s bad (will do something malicious).
In order to do this, each system requires security software running as a privileged application inside the system it is protecting, carrying out the scanning and remediation using a global list of known bad signatures for files that have already been seen and are known to be malicious.
In XenServer 7.0, we’ve added a set of APIs that allow security vendors to take a revolutionary approach to protecting Virtual Machines in an entirely new way, using the hypervisor to improve security, not just performance.
This project has been a real collaboration between a number of organizations: Citrix, Intel, the Xen Project and most notably Bitdefender who have been working on this project for several years and are the first vendor to deliver a security solution that makes use of these APIs (check out Bitdefender Hypervisor Introspection).