Click on ANYTHING without risk of breach
This is the message from Bromium, a company approaching endpoint security from a very different angle, using virtualization and hardware technologies included in Intel and AMD processors.
Bromium Advanced Endpoint Security is deployed, managed and orchestrated by the Bromium Endpoint Controller, a scalable management system built on standard enterprise infrastructure components that is engineered to reliably manage hundreds of thousands of enterprise endpoints Windows and Mac. It includes tools to Protect, Monitor, Analyze and Manage the entire enterprise.
Bromium Endpoint Protection is built on the Bromium Microvisor, a Xen-based, security-focused hypervisor designed to automatically isolate each vulnerable user task, such as visiting a website, reading an email, opening a document, or accessing a USB drive. Today’s enterprises are supporting a number of legacy applications which in turn may be dependent on legacy browsers, java or active X components. Also, do not forget the “road warriors”, living on public networks outside of the prying eyes of internal security team. In these scenarios there is very little that can be done on the technology side and a lot of focus is being put on user training, however, the attackers are getting more innovative in targeting their audience leaving the user exposed. Being infected in the office is one thing, being infected on the road presents a very different scenario, just imagine going into a meeting with a new client, turning on your laptop and finding out that your system has been hijacked or will not even start, not the best first impression.
How is Bromium addressing this? Endpoint Protection uses endpoint CPU micro-virtualization, a light-weight micro-VM that cannot modify Windows or gain access to high-value files, data, networks or sites, or access any OS services, to hardware-isolate each untrusted website, document or executable to defeat attacks from the Web, email, social media and USB. Endpoints are protected even on untrusted networks, and automatically self-remediate when attacked. When an endpoint is attacked, malware may execute in the context of a micro-VM, but no content of value is available to be stolen, and the attacker cannot pivot onto the enterprise network to further the attack and as the website, document or executable is closed the micro-VM is discarded and so is the malware.
This isolation enables Bromium to protect endpoints that have not been patched, or those that are tied to legacy third-party plugins and applications. The architecture automatically defeats and automatically discards malware, and eliminates costly remediation—keeping users productive.
As attacks are being executed, the monitor alerts the Bromium Endpoint Controller that an attack is in progress and provides detailed real-time forensic data that allows the attack to be visualized in increasing detail using Bromium Threat Analysis. Since all forensics data is stored on the local client the solution does not require a centralized server for storing the endpoint monitoring data. Bromium presents the entire application flow, providing a complete view of the attack tying together thousands of low-level monitoring events.
Bromium turns the security problem on its head: It eliminates the need to detect malware, because it protects the system by design. Users can safely click on anything— and even when they make a mistake the system will defend itself. The enterprise can stop mandating new controls on the endpoint that hamper users, and rely on hardware that it has already purchased and deployed.
Bromium does not replace your existing Anti-virus, Anti-malware, Intrusion Detection or Patching solutions, it is there to compliment and enhance the overall user protection against all external threats. It also gives the administrators confidence and time in that latest signatures, patches and vulnerability fixes can be deployed in a more controlled manner, rather than ‘now’.
This personal overview of Bromium was written by Lanworks Senior Solutions Architect, Arthur Zylka
