Bitdefender Hypervisor Introspection (HVI)

Bitdefender Hypervisor Introspection is means of security for detection of the malware in guest virtual machines.

On July 3, 2017 the Bitdefender company announced development of Bitdefender Hypervisor Introspection technology which monitors guest virtual machines and carries out low-level storage scan in real time.

The technology was created by Bitdefender companies together with Citrix. This special means of security started in a hypervisor for detection of the malware existing in guest virtual machines - the specialized bezagentsky solution for the XenServer platform which allows to detect and block the most sophisticated target attacks, zero day attacks and other methods of unauthorized impact on information resources at the expense of unique innovative technological solutions.

Representation of component interaction of protection, (2017)

According to the statement of developers, software helps to detect and block the dangerous and hidden threats, including the directed attacks and threats of zero day.

The tool offered by Bitdefender company — bare-metal a hypervisor, it checks virtual machines, remaining at the same time isolated from them. The system of protection observes the events in IT infrastructure, the malware will not be able to reach and mask, prevent work.

B-HAVE

As a part of software the module of protection against malware based on signature scanning and the heuristic analysis (B-HAVE) is created for protection against viruses, worms, trojans, programs spies, advertizing software, keyloggers, rootkits and other types of malware.

The technology of scanning of Bitdefender from the malware is based on the following protective levels:

• Use of the traditional scanning method when already checked contents are compared to the database of signatures. The database of signatures contains records of bytes codes which are characteristic of the known threats. The base is regularly updated by Bitdefender. This scanning method is effective against any known threats and is used by the majority of antiviruses.

Irrespective of, how quickly the database updates records, there is always a vulnerability window between that moment when there is a detection of threat and subjects when there is a correction.

• Against even unknown threats protection acts on the second level of protection of Bitdefender which uses the heuristic B-HAVE engine. Heuristic algorithms detect malware on the basis of behavioural characteristics of malwares. B-HAVE starts suspicious malware in virtual environment, thereby checking their impact on a system and representation of threat for your virtual or physical machine. If the threat is detected, the program is refused in start.

Expanded control of threats (Advanced Threat Control)

Capable to escape the heuristic analysis the Bitdefender company developed the third layer of protection in the form of expanded control of threats for fight against threats (Advanced Threat Control – ATC). It carries out the complex assessment of set and the sequence of action of processes with assignment of the rating of danger by it.

ATC assigns to each process score, and according to process actions, makes changes to this rating. With exceeding of a certain value process is considered suspicious, its work is blocked, and the hash goes for additional check in a virtual cloud of Bitdefender where it is checked by a system on the basis of machine learning and renders a final verdict. If a system confirms danger of process to the virtual machine, its hash will be added to the base of malware and all machines using Bitdefender worldwide learn about it during a couple of minutes from the moment of detection.