Can a hypervisor be used as a security layer?

According to Trustwave’s most recent Global Security Report, the average time from intrusion to detection of a breach is around 49 days. With more advanced malware – also known as Advanced Persistent Threats (APT’s) – detection times can be much higher.

These advanced attacks use various methods to escape detection. But there’s something that every attack – whether the latest and greatest state-sponsored malware or a yet-to-be-disclosed zero-day vulnerability - has in common; they all require at least a little memory to exist and execute.

“All malware leaves a memory footprint,” says Liviu Arsene, Senior E-Threat Analyst at Romanian security provider Bitdefender. “I pull my hair out every time I hear about fileless attacks. There is no such thing. It's still code. All of these advanced tools, they all require some sort of memory footprint.”

However, it can be hard to find traces of malware. Today’s malware is adept at hiding itself within systems; just because Windows says there’s isn’t an executable file using up lots of memory doesn’t mean that’s actually true.

“The disadvantage of having an agent inside in the machine is that it's dependent on information coming from the Operating System.”

To continue reading...


« C-suite career advice: Maarten Bais, Elo Touch Solutions


Millennials talk careers: Guen X Dang »
Dan Swinhoe

Dan is a journalist at CSO Online. Previously he was Senior Staff Writer at IDG Connect.

  • twt
  • twt
  • twt
  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends


Do you think your smartphone is making you a workaholic?