Malware analysis for Virtual Desktop Infrastructures
Posted on 09.04.2013
HBGary unveiled Active Defense 1.3 to provide live, runtime memory analysis of concurrent Guest OS sessions with minimal impact on the shared physical resources of the underlying server.

With HBGary Active Defense 1.3, malware analysis is no longer reliant on a physical memory dump saved to disk, resulting in quicker results that do not tax valuable shared resources to attain it.

Remote desktop virtualization is one of the biggest trends in IT today because it addresses the mobility of users while at the same time reduces the costs traditionally associated with supporting the devices they use. By using application virtualization and user profile management, it enables the central management of the desktop session environment and achieves separation from the physical device used to run it.

Yet VDIs are not immune to cyberattacks – roaming profiles enable roaming access; centralizing assets on shared physical resources means an outage will have a greater impact, and hypervisor isolation will only be secure so long.

Active Defense 1.3 scores thousands of software modules so cyber defenders, using the technology’s color-coded threat severity score, can quickly triage and respond to the most severe threats targeting their business environment.

“Runtime Digital DNA reads the pseudo-physical memory abstraction on the Guest operating system, making it ideal for quick scans that will have minimal impact on the usability of the host system managing the virtualization tasks. Unlike our traditional Digital DNA, it is no longer necessary to dump the memory to the disk prior to reassembling and analyzing its contents. When you consider the exponential impact of doing this a hundred plus times to analyze each Guest, it is not hard to exceed the physical resources of the host hardware,” said Jim Butterworth, CSO, HBGary. “Active Defense 1.3, with runtime Digital DNA, is almost 20x faster when compared to the traditional (Memdump) Digital DNA.”

Active Defense customers can choose to preserve memory using our traditional (Memdump) Digital DNA or opt for the memory–only, runtime Digital DNA version to adapt to the ever-changing threat environment while not adversely impacting their own resources.

In a live environment, the analysis of a memory dump file can involve a significant amount of disk I/O, which can impact usability of the system being scanned in heavily virtualized environments where multiple Guests will be sharing the same physical disk. “For those users who cannot accept any server downtime but still need to detect malware in the Guests, runtime Digital DNA is available,” added Butterworth.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th