Described systems and methods allow the detection and prevention of malware and/or malicious activity within a network comprising multiple client computer systems, such as an enterprise network with multiple endpoints. Each endpoint operates a hardware virtualization platform, including a hypervisor exposing a client virtual machine (VM) and a security VM. The security VM is configured to have exclusive use of the network adapter(s) of the respective endpoint, and to detect whether data traffic to/from the client VM comprises malware or is indicative of malicious behavior. Upon detecting malware/malicious behavior, the security VM may block access of the client VM to the network, thus preventing the spread of malware to other endpoints. The client system may further comprise a memory introspection engine configured to perform malware scanning of the client VM from the level of the hypervisor.