- November 28, 2016
- Posted by: Jeff Kish
- Category: Enterprise & Network Security News, Latest News, Networks & Cyber Security News, Research & Development News
Enterprise networks are constantly attacked by adversaries using techniques that evade host- and network-based security applications, including current technologies that use a persistent defensive agent or agents on each network system or workstation. Developing new adaptive agentless host security techniques will help improve resiliency, fight-through and survivability of enterprise network systems. To meet this goal, IAI and collaborators at AIS are continuing development of a virtualization-based end system protection framework, called Virtual Shield, which leverages virtualization to adaptively protect endpoint systems without deploying agents in them. Virtual Shield integrates techniques like virtualization, rollback, failover, Virtual Machine (VM) introspection, and VM migration under one umbrella for an agentless and adaptive defense architecture. The preliminary Virtual Shield prototype previously developed by IAI can quickly and repeatedly save the execution state of a VM and instantly switch the execution of the VM to a previously saved state. IAI has already demonstrated the feasibility of this technology. The team will now add new functions, including developing various defense techniques like rollback, failover, attack surface diversification and moving target defense. Further, VM image sanity checking capability and live VM patching capability will also be added to the Virtual Shield architecture, before integrating all the proposed techniques into a prototype implementation. The Virtual Shield architecture can help defend cloud computing environments and enterprise networks. It can be applied to a broad range of military scenarios that involve sensitive information protection including war-time command and control, real-time surveillance networks, and homeland security. It can be used commercially in cloud computing, information security, and trusted computing applications, and will also be useful to financial, retail, and healthcare organizations that host large numbers of online services.