Data is one of the most valuable targets for hackers, and data exfiltration from an organization is a form of intelligence gathering, often used in political and industrial espionage. The field of Data Loss Prevention (DLP) aims to stop data from being stolen or lost either intentionally or unintentionally. Due to the complexity of modern computers, operating systems and software, it is increasingly difficult to stop data from being stolen once hackers are executing code on a target machine.
A computer system includes devices, each such device can include hardware elements that may be electrically coupled via a bus, the elements including, for example, a central processing unit (CPU), an input device (e.g., a mouse, keyboard, controller, microphone, touch screen, or keypad), and an output device (e.g., a display device, printer, or speaker). Such a system may also include one or more storage devices, including magnetic disk drives, optical storage devices, and solid-state storage devices including random access memory (“RAM”) or read-only memory (“ROM”), as well as removable media devices, memory cards, flash cards, etc.
Hypervisor technology enables multiple operating systems to co-exist on a single physical machine. A hypervisor, also known as a Virtual Machine Manager (VMM) allows different operating systems to run on the same hardware concurrently, where each operating system runs inside a virtual machine (also known as a guest Domain). The hypervisor presents virtual operating platforms, including virtual devices, to guest Domains and manages the execution of guest Domains. Guest Domains can execute as if they are running on physical hardware, and hardware including network cards, disks, keyboards, and displays can be virtualized. Hypervisors have many advantages including resource isolation and the ability to concurrently run different operating systems and associated applications.
There are two main types of hypervisors. As shown in FIG. 4, a Type 1 (or native, bare metal) hypervisor is one in which the hypervisor runs directly on the hardware, which allows good performance in each guest operating system. A Type 2 hypervisor is one in which the hypervisor runs under an existing possibly conventional operating system. Embodiments of the invention may use any type of hypervisor. A virtual disk image is a file on a physical disk, which is interpreted by a hypervisor as a hard disk.