Can a hypervisor be used as a security layer?

According to Trustwave’s most recent Global Security Report, the average time from intrusion to detection of a breach is around 49 days. With more advanced malware – also known as Advanced Persistent Threats (APT’s) – detection times can be much higher.

These advanced attacks use various methods to escape detection. But there’s something that every attack – whether the latest and greatest state-sponsored malware or a yet-to-be-disclosed zero-day vulnerability - has in common; they all require at least a little memory to exist and execute.

“All malware leaves a memory footprint,” says Liviu Arsene, Senior E-Threat Analyst at Romanian security provider Bitdefender. “I pull my hair out every time I hear about fileless attacks. There is no such thing. It's still code. All of these advanced tools, they all require some sort of memory footprint.”

However, it can be hard to find traces of malware. Today’s malware is adept at hiding itself within systems; just because Windows says there’s isn’t an executable file using up lots of memory doesn’t mean that’s actually true.

“The disadvantage of having an agent inside in the machine is that it's dependent on information coming from the Operating System.”

To continue reading...


« C-suite career advice: Maarten Bais, Elo Touch Solutions


Millennials talk careers: Guen X Dang »
Dan Swinhoe

Dan is a journalist at CSO Online. Previously he was Senior Staff Writer at IDG Connect.

  • twt
  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?