HBGary Unveils Deep Malware Analysis Solution For Virtual Desktop Infrastructures

Active Defense 1.3 provides live, runtime malware behavior analysis for remote virtualized desktops

April 9, 2013

4 Min Read


Sacramento, CA, April 8, 2013 In a significant technical advancement to help organizations proactively and quickly detect zero-days, rootkits and other targeted malware in remote virtual environments, today HBGary, a subsidiary of ManTech International Corporation, unveiled Active Defense&trade 1.3 to provide live, runtime memory analysis of concurrent Guest OS sessions with minimal impact on the shared physical resources of the underlying server.

With HBGary Active Defense&trade 1.3, malware analysis is no longer reliant on a physical memory dump saved to disk, resulting in quicker results that do not tax valuable shared resources to attain it.

Remote desktop virtualization is one of the biggest trends in IT today because it addresses the mobility of users while at the same time reduces the costs traditionally associated with supporting the devices they use. By using application virtualization and user profile management, it enables the central management of the desktop session environment and achieves separation from the physical device used to run it.

Yet VDIs are not immune to cyberattacks – roaming profiles enable roaming access; centralizing assets on shared physical resources means an outage will have a greater impact, and hypervisor isolation will only be secure so long.

"The popularity of remote virtualized desktops have made them a prime target for today's cyberattackers. Active Defense&trade 1.3 provides live, runtime malware behavior analysis for these environments," said Penny Leavy, Vice President & General Manager, HBGary. "More than five years ago, HBGary developed our revolutionary Digital DNA&trade technology to find the bad guys in the one place that they cannot hide – physical memory. We are pleased to offer our customers the industry's first deep malware analysis solution for Virtual Desktop Infrastructures."

Active Defense 1.3: How It Works

Active Defense 1.3 scores thousands of software modules so cyber defenders, using the technology's color-coded threat severity score, can quickly triage and respond to the most severe threats targeting their business environment.

"Runtime Digital DNA&trade reads the pseudo-physical memory abstraction on the Guest operating system, making it ideal for quick scans that will have minimal impact on the usability of the host system managing the virtualization tasks. Unlike our traditional Digital DNA&trade, it is no longer necessary to dump the memory to the disk prior to reassembling and analyzing its contents. When you consider the exponential impact of doing this a hundred plus times to analyze each Guest, it is not hard to exceed the physical resources of the host hardware," said Jim Butterworth, CSO, HBGary. "Active Defense&trade 1.3, with runtime Digital DNA&trade, is almost 20x faster when compared to the traditional (Memdump) Digital DNA&trade."

Active Defense&trade customers can choose to preserve memory using our traditional (Memdump) Digital DNA&trade or opt for the memory–only, runtime Digital DNA&trade version to adapt to the ever-changing threat environment while not adversely impacting their own resources.

In a live environment, the analysis of a memory dump file can involve a significant amount of disk I/O, which can impact usability of the system being scanned in heavily virtualized environments where multiple guests will be sharing the same physical disk. "For those users who cannot accept any server downtime but still need to detect malware in the guests, runtime Digital DNA&trade is available," added Butterworth.

Active Defense&trade 1.3 Availability

Active Defense&trade 1.3 will be available by April 30th, 2013. To request a demo of Active Defense 1.3, please contact [email protected].

About Active Defense&trade with Digital DNA&trade

HBGary Active Defense&trade with Digital DNA&trade does forensically sound host-level scans across the enterprise to gather critical intelligence, including discovery of additional infections. Digital DNA&trade, our core technology, encompasses thousands of the traits commonly seen in advanced malware, such as code and browser injection, packing, obfuscation, surveillance, network communication, and many others. The analysis reveals the capabilities of all the software running on the system, and is highly effective because it requires no prior knowledge of a specific piece of malware – the simple fact that it is coded to carry out certain potentially malicious functions is sufficient to identify it as suspicious.

About HBGary

HBGary provides Enterprise Incident Response solutions and services to enable organizations to conduct key phases of incident response including detecting zero-days and other unknown malware, validating whether an actual incident has occurred, and responding to the incident. Customers include Fortune 50 corporations and U.S. government agencies. HBGary is located in Sacramento, CA and is a subsidiary of ManTech International Corporation. For information, please visit www.hbgary.comor HBGary's Twitteror Facebooksocial media pages.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights