Real-Time Endpoint Threat Detection and Response

Virtual Machine Introspection: Think “Inside the Box”

Posted by John Worrall    Apr 6, 2012 3:21:00 PM

“Even the best security technology and expertise can’t stop a well-funded and determined attacker,” writes Dark Reading’s Kelly Jackson Higgins.

When it comes to detecting advanced persistent threats (APTs), the danger, of course, is that the attackers will inevitably penetrate your layered defenses and find themselves in a position to do some real damage. The threat is no longer held up at the gates of your network. It lurks inside as well.

The industry is coming to terms with the idea that layered defenses are no longer sufficient. Attacks will get through, no matter what you do. So why are organizations only focused on improving external barriers? Do we really need next generation firewalls? You bet. What about next generation anti-virus protection? Absolutely. Make your defenses as strong as you can. But, these “next generation” products are incremental improvements. Good from far, but far from good enough. They raise the bar for the attacker, but with time, they too will be breached. These improvements represent evolution, when what’s needed is revolution.

So let’s carry this to the next logical step.  Once you’ve made the mental leap from “defend and protect” your assets to “find the enemy within and mitigate potential damage,” you need a new strategy and new tools. Can you even currently find an in-progress attack that has breached your perimeter? It’s incredibly hard to stop an attack if you can’t see it in the first place. Further, do you know what the attacker is after? Do you have any situational awareness at all? The answer is unfortunately, ‘no’. 

Organizations need to be in the business of “intelligence,” not just “protection.” The only way to detect an adversary inside your network is to monitor activity deep inside the operating system, where no one can tell you’re watching – but you can see everything, as it’s happening. The only effective way to do that is through virtual machine introspection. Applied virtualization technology is game-changing stuff for sure, and quite capable of sparking the revolution our cyber security industry so desperately needs.  

Topics: APT, virtual machine introspection, Security Intelligence, Virtualization

Blog covers topics related to detecting and monitoring in-progress cyber attacks for IT security operations teams.

Subscribe to Email Updates