HBGary Unveils Deep Malware Analysis Platform for VDI

With Active Defense 1.3, malware analysis is no longer reliant on a physical memory dump saved to disk.

ManTech International subsidiary HBGary announced the release of Active Defense 1.3, a platform designed to provide live, runtime memory analysis of concurrent guest operating system sessions in virtual desktop infrastructure (VDI) environments.

Architected to help organizations proactively detect zero-days, rootkits and other targeted malware in remote virtual environments, Active Defense customers can choose to preserve memory using the company's traditional (Memdump) Digital DNA or opt for the memory-only, runtime Digital DNA version to adapt to the threat environment while not adversely impacting their own resources.

With Active Defense 1.3, malware analysis is no longer reliant on a physical memory dump saved to disk, which the company says results in quicker returns that do not put a strain on the shared resources required to attain it. The platform scores thousands of software modules so cyber-defenders, using the technology's color-coded threat severity score, can locate and respond to the most severe threats targeting their business environment.

"The popularity of remote virtualized desktops has made them a prime target for today's cyber-attackers. Active Defense 1.3 provides live, runtime malware behavior analysis for these environments," Penny Leavy, vice president and general manager of HBGary, said in a statement. "More than five years ago, HBGary developed our revolutionary Digital DNA technology to find the bad guys in the one place that they cannot hide—physical memory. We are pleased to offer our customers the industry's first deep malware analysis solution for Virtual Desktop Infrastructures."

The use of remote desktop virtualization is a growing trend in IT because it addresses the mobility of users while at the same time reduces the costs traditionally associated with supporting the devices they use. By using application virtualization and user profile management, it enables the central management of the desktop session environment and achieves separation from the physical device used to run it.

However, security issues are one of the sticking points in these environments—centralizing assets on shared physical resources means an outage will have a greater impact, and hypervisor isolation will only be secure so long. Additionally, in a live environment, the analysis of a memory dump file can involve a significant amount of disk input/output (I/O), which can impact usability of the system being scanned in heavily virtualized environments where multiple guests will be sharing the same physical disk.

"Runtime Digital DNA reads the pseudo-physical memory abstraction on the Guest operating system, making it ideal for quick scans that will have minimal impact on the usability of the host system managing the virtualization tasks," Jim Butterworth, chief security officer at HBGary, said in a statement. "Unlike our traditional Digital DNA, it is no longer necessary to dump the memory to the disk prior to reassembling and analyzing its contents. When you consider the exponential impact of doing this a hundred plus times to analyze each Guest, it is not hard to exceed the physical resources of the host hardware. For those users who cannot accept any server downtime but still need to detect malware in the guests, runtime Digital DNA is available."