Traditional kernel monitoring models based on virtualization have two main drawbacks: 1) Virtual machine monitor (VMM) is vulnerable to attacks due to its non-trivial complexity and considerable attack surface; 2) VMM executes redundant virtualization functionalities, leading to heavy performance loss. To address those issues, this paper proposes a secure and efficient kernel monitoring model, named HyperNE, based on hardware virtualization. In HyperNE, any virtualization functionalities that are isolation and protection unrelated are removed from VMM, and guest OS is allowed to directly conduct privileged operations with no need to interact with VMM. Meanwhile, without sacrificing isolation guarantees, HyperNE utilizes a newly supported virtualization feature to transfer execution between security monitoring applications and guest OS in a controlled manner with no VMM involvement. As a result, HyperNE can not only eliminate the attack surface of VMM and effectively reduce trusted computing base (TCB) size of monitoring model, but also greatly improve system and monitoring performance by avoiding virtualization overheads.