Malware analysis for Virtual Desktop Infrastructures

HBGary unveiled Active Defense 1.3 to provide live, runtime memory analysis of concurrent Guest OS sessions with minimal impact on the shared physical resources of the underlying server.

With HBGary Active Defense 1.3, malware analysis is no longer reliant on a physical memory dump saved to disk, resulting in quicker results that do not tax valuable shared resources to attain it.

Remote desktop virtualization is one of the biggest trends in IT today because it addresses the mobility of users while at the same time reduces the costs traditionally associated with supporting the devices they use. By using application virtualization and user profile management, it enables the central management of the desktop session environment and achieves separation from the physical device used to run it.

Yet VDIs are not immune to cyberattacks – roaming profiles enable roaming access; centralizing assets on shared physical resources means an outage will have a greater impact, and hypervisor isolation will only be secure so long.

Active Defense 1.3 scores thousands of software modules so cyber defenders, using the technology’s color-coded threat severity score, can quickly triage and respond to the most severe threats targeting their business environment.

“Runtime Digital DNA reads the pseudo-physical memory abstraction on the Guest operating system, making it ideal for quick scans that will have minimal impact on the usability of the host system managing the virtualization tasks. Unlike our traditional Digital DNA, it is no longer necessary to dump the memory to the disk prior to reassembling and analyzing its contents. When you consider the exponential impact of doing this a hundred plus times to analyze each Guest, it is not hard to exceed the physical resources of the host hardware,” said Jim Butterworth, CSO, HBGary. “Active Defense 1.3, with runtime Digital DNA, is almost 20x faster when compared to the traditional (Memdump) Digital DNA.”

Active Defense customers can choose to preserve memory using our traditional (Memdump) Digital DNA or opt for the memory-only, runtime Digital DNA version to adapt to the ever-changing threat environment while not adversely impacting their own resources.

In a live environment, the analysis of a memory dump file can involve a significant amount of disk I/O, which can impact usability of the system being scanned in heavily virtualized environments where multiple Guests will be sharing the same physical disk. “For those users who cannot accept any server downtime but still need to detect malware in the Guests, runtime Digital DNA is available,” added Butterworth.

More about

Don't miss