The invention relates to computer security systems and methods, and in particular to systems and methods for protecting hardware virtualization environments from computer security threats.
Malicious software, also known as malware, affects a great number of computer systems worldwide. In its many forms, such as computer viruses, worms, rootkits, and spyware, malware presents a serious risk to millions of computer users, making them vulnerable to loss of data and sensitive information, identity theft, and loss of productivity, among others.
Computer security software may be used to protect computer systems from malicious software. However, in distributed computing systems such as corporate networks and cloud computing systems, conventional security software typically does not respond well to attacks. Even when the security software is capable of detecting an attack, analysis and remediation may still require that a human operator be dispatched to the affected client system, for instance to apply a patch, recover lost data, etc. In addition, once a new threat is detected and analyzed, updated versions of the security software must be distributed promptly to all protected computer systems.
An alternative computer security system may execute on a central server computer, receiving relevant data from security clients over a communication network. The server may determine according to the received data whether the respective client is infected with malware, and may communicate a verdict to the respective client. While such configurations are better equipped to deal with emerging threats, they require substantial server-side computational power.
Computer security operations were further complicated by the advent of hardware virtualization. As more and more goods and services are traded online, and as work becomes progressively de-localized, infrastructure as a service (IAAS) has become a viable alternative to owning computer hardware. A substantial proportion of computing activities are currently conducted using virtual machines. In typical applications, such as server farms and cloud computing, hundreds of virtual machines may execute concurrently on a single hardware platform. All such virtual machines may require malware protection.
Adapting to the ever-changing nature of malicious software and to the challenges of a mobile workforce requires the development of innovative computer security systems and protocols, and especially of systems and methods enabling an efficient management of computer security operations across multiple distributed clients.