Aspects of the present disclosure are directed to methods and systems of hypervisor driven embedded endpoint security monitoring. A computer implemented method may include providing one or more computer processors configured to operate a bare-metal hypervisor; launching a user OS virtual machine operatively connected to the hypervisor; launching a security virtual machine operatively connected to the hypervisor and receiving data from the security virtual machine via the hypervisor; and receiving data representative of security information from the computer processor processed by the security virtual machine. The hypervisor may include using a virtual switch for providing communications between the user OS virtual machine and the security virtual machine. The method may include using the security virtual machine to monitor malware on the user OS virtual machine.