“Citrix has really taken on the initiative of providing the most secure virtual computing platform in the market.” — Jeff Kater, Director of IT at Kansas Development Finance Authority
With ever-evolving threats, Citrix realized that the hypervisor had an untapped security potential. In partnership with Bitdefender, we developed the revolutionary Hypervisor Introspection (HVI) security solution for Citrix XenServer that protects against zero-day exploits, targeted and advanced attacks, and even unknown threats. I’m proud to share a real-life use case involving Citrix XenServer, our Citrix Ready partner Bitdefender and Kansas Development Finance Authority (KDFA)
At Citrix Synergy 2017, I met Jeff Kater, director of IT at Kansas Development Finance Authority, and had the pleasure of speaking with him multiple times throughout the conference. We joked that Jeff knew the Citrix and Bitdefender Hypervisor Introspection security solution so well that he could fill in for me at the HVI demo pod if I had to take a break. Jeff was also an attendee in our Hypervisor Introspection hands-on lab session – actually, he was more of an advocate than an attendee. With such a new technology, having Jeff in the class validated for everyone else in the room that HVI really lives up to the hype.
What makes Jeff’s story so compelling is the fact that his organization had previously experienced six ransomware infections within a six-to-eight-month period.
“Even while running different security solutions in production, KDFA still was repeatedly infected with malware and ransomware in a short window of time! Traditional security models were no longer protecting against these advanced threats that were beginning to emerge,” says Kater. “Clean-up and lost productivity from the six incidents cost time and resources. Normal work operations were disrupted for two to three days each time.”
Jeff tracked the development of HVI from the concept stage, after hearing about it at an industry conference. After KDFA’s existing security solutions failed to prevent ransomware infections, Jeff evaluated multiple security products from industry-leading vendors and realized that HVI offered protection that was not available from any other security solution.
What Citrix and Bitdefender have done with XenServer and Hypervisor Introspection is simply unparalleled. It is revolutionary, says Kater.
It takes a bit of explanation to understand what makes Hypervisor Introspection so revolutionary. It can be complex to understand, so let me try this from a very high-level. While there are hundreds of millions of variations of malware released every year — which is why antivirus solutions need to be updated hourly — hackers only have a limited set of attack techniques to gain a remote foothold on your systems. Their attack techniques include buffer overflows, heap sprays, code injections, and API hooking. Hypervisor Introspection works by scanning the memory of the running virtual machines (VMs) to identify whether any of these attack techniques are being attempted. It blocks them in real time.
“We are able to protect from beneath the kernel and user spaces now, stopping malware exploits via attack patterns and techniques in a secure layer where it [malware] cannot reach,” says Kater.
Hypervisor Introspection is also a truly agentless solution. Why does this matter? When a system is compromised, the installed security tools are subject to compromise too. Because HVI operates at the hypervisor level — with an outside-looking-in approach — it remains completely isolated from the VMs and cannot be compromised.
“Bitdefender Hypervisor Introspection running on Citrix XenServer allows for security blind spots to be eliminated. Malware cannot hide from what it cannot see,” says Kater.
He explains that there are several next-gen security tools and solutions in the market that provide great results. None have been truly agentless, however. All have required at least a kernel to be running to detect and remediate exploits when they are detected. Kater stresses that HVI is the only solution that is truly agentless, that it once was thought impossible to have an agentless solution and now that is a reality.
KDFA was one of our first Hypervisor Introspection customers, implementing HVI in production to extend the security of their XenApp and XenDesktop deployments, as well as their entire infrastructure, which runs entirely on XenServer.
“KDFA chose XenServer as our hypervisor of choice, as it came packaged with the XenDesktop and XenApp solutions that we identified as our answer for migrating from physical to virtual,” says Kater. “We found it very beneficial that we were supplied with the hypervisor complimentary with our XenDesktop Platinum licensing! Virtualizing our desktops was the intent at the time, and we have since virtualized all of our servers.”
WannaCry infected 200,000 systems across 150 countries. By protecting its entire infrastructure with Citrix XenServer and Bitdefender Hypervisor Introspection, KDFA was assured that the organization was protected. HVI prevented WannaCry and other types of ransomware by blocking EternalBlue, the exploit tool that hackers used to spread malicious software. Specifically, HVI blocked EternalBlue on Day-1 without any updates; it would have even blocked EternalBlue before the security industry knew it existed.
“The day after WannaCry hit, I got an email from Bitdefender encouraging me to enjoy my weekend and assuring us we were protected from day zero,” recalls Kater.
This showcases the power of HypervisorIntrospection. Not only can it protect against zero-day attacks, it can even protect against unknown threats.
“Innovation drives the future. Citrix is leading the charge in security innovation with its revolutionary approach to protecting mission-critical data.”
Jeff Kater, director of IT, KDFA
Learn more about Hypervisor Introspection: check out our recent demo video.