Skip to content
September 19, 2012 / Simon Crosby

A Big Day for Bromium, and a Bold Step for Humanity

Today Bromium announced general availability of our first product, Bromium vSentry.

Shipping v1.0 is a huge accomplishment for any startup.  This is no less true for the incredible team at Bromium who took a neat prototype and a bunch of cool ideas and transformed them into a superbly engineered product that is a joy to use.   vSentry was the most compelling reason for my switch back to Windows, where I’ve always been more productive – and now am much more secure.   But this GA is also a little scary.  In addition to the usual “opening night jitters” (will customers like it?) we at Bromium are also trying to move the world forward – toward a better, more secure systems architecture.  That’s a significant challenge for a small team, and one that we don’t take lightly.  vSentry marks a bold step forward for humanity by enabling our computer systems to better deal with our human nature.   Our social structure embraces “relative trust” and we automatically practice the principle of “need to know”.  We also make mistakes.  vSentry allows us to be human when we use computer systems, protecting us even when we make mistakes.

We at Bromium want to help IT to get back to its core charter: enabling users to be productive and empowering them to collaborate, communicate and embrace cloud delivered applications – without risk.   The right path forward for enterprise IT is one in which IT has full dominion over the enterprise presence on any device – data, applications and access to infrastructure –  and can protect the enterprise from the unwitting consequences of sharing the device with an increasingly empowered (but easily tricked) user who demands unfettered access to the consumer web, social applications and content.

Collaboration and communication with the outside world are the lifeblood of a productive enterprise, but also represent a risk: Whenever we access untrustworthy networks, web sites, applications or content we unwittingly expose  the enterprise  to attack.  The traditional IT response – locking down the desktop and dis-empowering the user –  doesn’t help:   Productive users have to travel, must open email attachments and share documents with colleagues, and need to access the public web. But the simple act of clicking on a bad link or attachment is sufficient to invite malware into the enterprise    – sophisticated, polymorphic, targeted malware that can evade firewalls, network protection devices and end-point security.  At the very least these attacks increase costs – remediation, lost productivity and incident response.   At worst the risks are incalculable – brand reputation, Intellectual Property, compliance and business relationships hang in the balance. And the longer it takes to detect a breach, the more expensive it is to address.  Worse still, it leaves IT in the unenviable position of being the barrier between a user and productivity, so IT becomes a drag on the entire organization.

Today’s approach to security – which focuses on trying to detect attacks in order to protect the system – is incapable of detecting (and therefore blocking) carefully crafted malware for which signatures are not available.   vSentry for the first time decouples protection from detection.   It  is designed to protect-first, to protect always, by design, independent of detection.

Whenever a user opens an e-mail attachment, visits a website, opens a document from a USB drive, or accesses any untrusted application or data,  vSentry instantly, automatically and invisibly hardware isolates that task using CPU features for hardware virtualization that are available on every PC.  These hardware isolated tasks are called micro-VMs and are only able to access files, networks and devices on a strictly ‘need-to-know’ basis. They execute just as the user expects – but any changes they attempt to make to the operating system are isolated within the Micro-VM.  Micro-VMs are light-weight and invisible to the user – and are automatically created and destroyed as needed.

An attack that is isolated within a micro-VM cannot access enterprise data, the network infrastructure or high value SaaS applications.  It cannot persist, or modify Windows. When the user closes the task’s window or browser tab, vSentry automatically and permanently discards the micro-VM and any malware in it, eliminating the need for remediation. vSentry enabled PCs simply shrug off attacks – by design.

vSentry introduces a paradigm shift in information and infrastructure security.   The user gets all the power, performance and productivity they expect from  Windows.  vSentry doesn’t need signatures, and doesn’t slow the OS to a crawl.  It protects enterprise information and infrastructure by design. And vSentry doesn’t require new management tools or skill sets.  Deploy it as an MSI, and configure it easily using Active Directory.  Patch your desktops however (and whenever) you want.

Users love a productive environment that empowers them, and Desktop IT will be delighted with the reduced patching and remediation workload.  But what does vSentry do for IT Pros charged with Regulatory Compliance and IT Security?  These vitally important functions are powered by detailed information:  What assets are the attackers after? Where are they attempting to enter?  What sort of techniques are they using? Is the enterprise still compliant? Is data secure?   vSentry helps here too.

Recall that  vSentry decouples protection from detection – protecting by design.  This in turn allows it to transform the task of analyzing and visualizing the attempts of malware to penetrate the enterprise.  Because it is built on the Bromium Microvisor – a security focused hypervisor – vSentry has the ability to introspect each running micro-VM.   Introspection in micro-VMs is much more powerful than in traditional virtualized environments: Only a single (known) task executes in each micro-VM, and only the barest essential resources (files, network services, devices, clipboard, user access etc) are available to the task.   Moreover access to resources is semantically rich (a task opens / persists a named file with specific content; by comparison a traditional VM reads/writes blocks to its virtual hard disk).  Finally, because vSentry will protect the system from an unidentifiable attack it can permit malware to execute completely, to the point where it attempts to persist, or to propagate itself, or to the point where it compromises the micro-VM.   These steps are easy to spot, and because each micro-VM is isolated copy-on-write in its own hardware-isolated micro-VM, when a blatant compromise is spotted vSentry can easily pause the micro-VM and call in the security team.

Malware can be safely allowed to execute to completion within a micro-VM without fear of compromise.  This gives vSentry the opportunity to analyze its origins, techniques, and targets – without risking compliance or data loss – and to deliver real-time visualization of the attack, from start to finish.  We call this powerful, unique capability “Live Attack Visualization & Analysis” (LAVA).

It is very difficult to detect malware in the early stages of its execution – which detect-to-protect systems have to do in order to prevent the attack from succeeding.  So they tend to generate false alarms.  But eventually every attack must attempt to persist, compromise Windows or further penetrate the enterprise, and vSentry can spot these clear signs of malicious behavior  with great accuracy, basically eliminating false alarms.  Moreover, because vSentry can pause execution of a micro-VM at any time, it has access to the entire malware kill-chain – needed by security pros to understand how the attack works.  Finally, because it is semantically aware of transitions in the micro-VM, vSentry automatically generates fingerprints for any files persisted by the task.  These are, in effect, the signatures of otherwise undetectable malware, that can be used to configure existing defense mechanisms such as network-based IPSs and firewalls.    So, vSentry can offer real-time, live attack analysis that allows IT to immediately achieve defense in depth.

vSentry revolutionizes enterprise security:  It defeats polymorphic malware – even on unpatched PCs, eliminates the need for remediation, and automates attack forensics and analysis, protecting the enterprise and freeing up IT for more strategic initiatives.

But that isn’t why we built it.   vSentry enables IT to get back to its core mission: empowering users to be productive – by allowing them to communicate, collaborate and use modern applications – without risk.  Today we invite you to take a bold step forward:  Embrace a new approach to enterprise infrastructure that is more secure – by design. Make IT strategic to the business by empowering users and reducing risk.

5 Comments

Leave a Comment
  1. Lani Refiti / Sep 19 2012 4:14 pm

    Congratulations and well done Bromium team. I had a suspicion of what the first GA product would look like, it sounds very intriguing. I’ll look forward to the whitepapers to see in more details how or which CPU’s support the micro-VM and results of stress testing a PC with multiple apps opening and closing, both large and small.

  2. Andrew S. Baker / Sep 19 2012 5:33 pm

    Congrats. I am looking forward to using new and improved tools in the fight against malware and APT.

  3. Robert Hartwig / Sep 21 2012 7:59 am

    vSentry looks and sounds like a transformational solution in the workstation security domain. I too look forward to locating and stress testing the product. Where and when will it be available. I have explored every link on your website and attempted to schedule a demo with no success. When I tried to access the blog post announcing vSentry on the 19th I recieved a 404 page not found error. When I tried to schedule a demo I got the following “http://beta-req.bromium.com/
    Invalid form”. When I tried to access your support it requires a registered account, but there is no link to register. As I told my Director, it is the coolest vaporware I have seen in years. Very intriguing.

Trackbacks

  1. A Big Day for Bromium, and a Bold Step for Humanity - Ignition
  2. Introducing LAVA « A Collection of Bromides on Infrastructure

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 20,795 other followers

%d bloggers like this: