Virtualization Technology News and Information
HBGary Unveils First Deep Malware Analysis Solution for Virtual Desktop Infrastructures (VDI)

In a significant technical advancement to help organizations proactively and quickly detect zero-days, rootkits and other targeted malware in remote virtual environments, today HBGary, a subsidiary of ManTech International Corporation, unveiled Active Defense 1.3 to provide live, runtime memory analysis of concurrent Guest OS sessions with minimal impact on the shared physical resources of the underlying server.

With HBGary Active Defense 1.3, malware analysis is no longer reliant on a physical memory dump saved to disk, resulting in quicker results that do not tax valuable shared resources to attain it.

Remote desktop virtualization is one of the biggest trends in IT today because it addresses the mobility of users while at the same time reduces the costs traditionally associated with supporting the devices they use. By using application virtualization and user profile management, it enables the central management of the desktop session environment and achieves separation from the physical device used to run it.

Yet VDIs are not immune to cyberattacks – roaming profiles enable roaming access; centralizing assets on shared physical resources means an outage will have a greater impact, and hypervisor isolation will only be secure so long.

“The popularity of remote virtualized desktops have made them a prime target for today’s cyberattackers. Active Defense 1.3 provides live, runtime malware behavior analysis for these environments,” said Penny Leavy, Vice President & General Manager, HBGary. “More than five years ago, HBGary developed our revolutionary Digital DNA technology to find the bad guys in the one place that they cannot hide – physical memory. We are pleased to offer our customers the industry’s first deep malware analysis solution for Virtual Desktop Infrastructures.”

Active Defense 1.3: How It Works

Active Defense 1.3 scores thousands of software modules so cyber defenders, using the technology’s color-coded threat severity score, can quickly triage and respond to the most severe threats targeting their business environment.

“Runtime Digital DNA reads the pseudo-physical memory abstraction on the Guest operating system, making it ideal for quick scans that will have minimal impact on the usability of the host system managing the virtualization tasks. Unlike our traditional Digital DNA, it is no longer necessary to dump the memory to the disk prior to reassembling and analyzing its contents. When you consider the exponential impact of doing this a hundred plus times to analyze each Guest, it is not hard to exceed the physical resources of the host hardware,” said Jim Butterworth, CSO, HBGary. “Active Defense 1.3, with runtime Digital DNA, is almost 20x faster when compared to the traditional (Memdump) Digital DNA.”

Active Defense customers can choose to preserve memory using our traditional (Memdump) Digital DNA or opt for the memory–only, runtime Digital DNA version to adapt to the ever-changing threat environment while not adversely impacting their own resources.

In a live environment, the analysis of a memory dump file can involve a significant amount of disk I/O, which can impact usability of the system being scanned in heavily virtualized environments where multiple Guests will be sharing the same physical disk. “For those users who cannot accept any server downtime but still need to detect malware in the Guests, runtime Digital DNA is available,” added Butterworth.

Active Defense 1.3 Availability

Active Defense 1.3 will be available by April 30th, 2013. 


Published Monday, April 08, 2013 6:31 PM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2013>