Register for free to
view the full innovation profile.
With more than 92% of enterprises now having a cloud presence and the frequency of large-scale data breaches rising over 273% year-over-year, does your organization have the tools to know whether and how it has been breached?
About
Sandia's Cloud Hypervisor Forensics and Incident Response Platform (CHIRP) introduces a custom Virtual Machine Introspection (VMI) based approach to provide intelligence and forensic artifacts from active VMs in cloud systems. This platform agnostic solution involves significantly lower overhead than comparable solutions. Its ability to collect text and binary data allows correlation with other sources. Typically, hypervisor-based solutions abstract underlying computer hardware from operating systems running on virtual machines. Instrument virtual machine solutions (VMs) place an extra load that attackers can detect or even influence. Instrument hypervisors such as CHIRP provide an advantageous solution where the attacker cannot detect monitoring. Using CHIRP, analysts can pinpoint suspicious activities, track and record attacker actions for forensic analysis, and may retrieve materials transparently from the targeted machines automatically or on-demand. These extractions occur in real-time without affecting or alerting the intruder to the detection.
Key Benefits
Designed for IaaS applications from the start A platform and OS agnostic solution Lower overhead Lightweight Dynamic response Configurable logging
Applications
Enterprise security operations in diverse industries