- Credit card providers protect their users from fraud, making sure they don’t lose out financially when the bad guy strikes.
- The IT industry needs to start thinking the same way that credit card provider do. It isn’t reasonable to expect the user to pick up the responsibility for IT security.
- Our patented isolation technology allows user tasks to be put into disposable hardware isolated micro-VM containers. Users can get on with their day without needing to be specially trained to spot the bad guy trying to get them.
Recently I received a phone call from my credit card provider who questioned why I had bought a few hundred dollars’ worth of goods from a Best Buy in Los Angeles. I am based in the UK and haven’t been to LA in about ten years the credit card provider was right to call it into question.
While a little frustrating that somehow the bad guy had managed to get my credit card details, I have nothing but praise for my credit card provider: they spotted the problem, contacted me to make sure it was a fraudulent event, took all responsibility for the fraud and refunded the money to me straight away. My part of the process was resolved within a three minute phone call and two days later a new credit card landed in my post box and I was ready to continue doing my bit for the consumer confidence index
Watch: Bromium defeats ransomware.
- In part one, I shared my story of giving advice to the Trump Transition Team.
- My bottom line advice, “Move everything to the cloud. Fast.”
- Then use virtualization to protect what matters most.
First, some clarity on the term “cloud”.
I’m heavily biased toward the adoption of public cloud services wherever regulations permit. The three major public clouds: AWS (including GovCloud), Azure and Google Cloud Services are best known, but there are many others. A host of government contractors operate facilities that are FedRAMP accredited, and SaaS application offerings from major players also count as public cloud services. Public clouds can operate at a high degree of scale and automation – and thereby achieve cost savings and benefits of dependability and security that are impossible for any single enterprise to achieve on its own.
Where use of a public cloud is not possible I strongly recommend the use of private cloud infrastructure. VMware is clearly the infrastructure leader, but Microsoft, Citrix and Red Hat play important roles. Importantly I strongly recommend adoption of VMware NSX for network micro-segmentation as a key enhancement to improve isolation and therefore security of private cloud infrastructure.
- The challenge: collapse fifteen years of experience into a one-page recommendation.
- Keeping the government safe from cyber villains is a shared responsibility.
- This is part one of two parts about my experience. Read part two here.
I was recently asked to provide guidance to the Trump transition team to help prioritize their IT strategy to improve the resilience of the US government (USG) to cyber-attacks. On a single page.
I realized that I would need to condense into that page almost everything I’ve learned in 15+ years of enterprise IT. Detail would be impossible, and my recommendations for how to fix ‘the cybers’ would need to make sense to serving agency CIOs who are, in my experience, dedicated and informed but hamstrung by complexity, legacy and red tape.
They need less advice on new technologies and products and more clout.
They need to be empowered to mandate change.
There’s an urgent need for fundamental change.
- Winner! Best Endpoint Detection and Response
- Winner! Best Anti-Malware Solution
- The GSN Awards, now in its 8th year, are recognized as the gold standard of accomplishments and the Best of the Best in IT and Cybersecurity.
Think of this as a blog version of a selfie. We need just a minute to strut our stuff and thank Government Security News for acknowledging our work in endpoint protection and stopping malware.
“We are extremely proud of the work we’ve done protecting government resources against nation-state attacks and are grateful to be recognized by Government Security News for our market leadership,” said Gregory Webb, CEO.
“We are also now seeing how our enterprise customers benefit from our defense-level security and years of interaction with the most security-conscious intelligence, defense and civilian organizations who are our customers.These awards validate our efforts.”
Learn more: Federal Focus
- With breaches happening regularly, there’s a lot to lose if the bad guys get in.
- Our research finds most companies invest in our tech to protect business assets (like IP, customer records, etc.).
- When company stock takes a dive because of a breach, it gets everyone’s attention.
The Identify Theft Resource Center has a 2016 Breach List summing up 980 breaches with over 35 million records exposed in the US.
If you drill down into the various agencies and companies who experienced a breach last year, it includes names like Quest Diagnostics, University of Wisconsin, Madison, Veterans Management Services, Inc., University of Vermont, CVS Health, Caesars Entertainment, US Olympic Committee, Aon Hewitt, Capitol One, Boeing Employees Credit Union, and the list goes on. Healthcare, financial services, schools, all fell victim to being breached in 2016.
Learn more: Watch Bromium At-A-Glance
What’s the real cost of being owned? Read more…
- Many businesses are struggling to maintain their application estates because app updates are painful, and may not even be possible in the medium term.
- The market is trying hard to move to seamless and frequent application upgrades. This often relies on the vendor to handle the patching – but they don’t know your PCs.
- Hardware enforced isolation protects you before the vendor of the app is even aware of any security vulnerabilities.
Bromium is most well-known for secure browsing and secure document handling. However, there are other benefits from using micro-virtualization that may not be immediately obvious. One of these is application maintenance.
Learn more: Get the Bromium Overview
An impossible task
Many businesses are struggling to maintain their application estates. There are tools that can tell you if you have older software versions running, there are also tools that can help you update them, but there’s no easy way of knowing what impact these changes will have on your Line-of-Business (LOB) applications and workflows. Which means that you probably have the classic feeling of the ‘painting-the-bridge’ cycle; where you start at one end, get to the other end, then start again… Read more…
- Innovating as part of a start-up is awesome but it doesn’t mean it’s going to be easy.
- I am a software tester for Bromium and I have watched us grow and mature.
- I’m proud of what our product has become and how we’re helping stop cybercrime.
When I joined the Bromium team in March of 2013, I joined for the chance to work on a revolutionary, game-changing technology that was boasting about its plans to disrupt the market and become the de facto standard for security in the enterprise. As a start-up, however, it still had a way to go to prove that what was a watertight architecture “in a vacuum” could actually be applied to the chaotic real world.
Once upon a time, our technology was only for those who were willing to persevere.
In those early days, much of Bromium’s success was in places where security was the main, or perhaps only requirement. Those early-adopters were able to cope with the missing features or “niggles” and “quirks” that come with game-changing technology, and reap the massive security benefits and peace of mind offered nonetheless. Read more…
- Darren Bilby, Google Senior Security Engineer, describes antivirus like a canary in a coal mine.
- Mathematician Alan Turing proved that AV is an impossible problem in 1936, long before malware existed.
- Bromium Hardware Task Isolation works because it doesn’t rely on solving the Halting problem.
Senior Google Security Engineer Darren Bilby recently described Antivirus as a “useless tick boxing exercise” at a conference in New Zealand. He states that, while antivirus does some useful things “In reality it is more like a canary in a coal mine. It is worse than that. It’s like we are standing around the dead canary saying, ‘Thank god it inhaled all the poisonous gas’.”
Detection doesn’t work
Darren Bilby is perfectly correct. The sad thing is we have actually known that AV is an impossible problem long before malware (or even the computer in any modern sense of the word) existed. Back in 1936 the legendary mathematician Alan Turing proved that an algorithm cannot predict from a general description of a program and an input if the program will finish running or execute forever, its known as the Halting Problem. This rather irritating proof has big implications for the world of AV because it means you also cannot predict if the program will be good or bad, ergo AV as a concept is flawed and no amount of shiny new detection features can ever make it reliable. Read more…
- Virtualization based security stops what next-gen antivirus misses!
- Now you can have virtualization based security & peak performance.
- With more than one billion micro-VMs launched, we’ve had no reported breaches.
In my last article, I discussed how Bromium has made some major breakthroughs in client-side virtualization performance and that virtualization based security is now ready for prime time.
Now let’s lift the hood and check out how the latest virtualization-based security, powered by Bromium, actually performs.
With the release of Bromium 3.2 Update 5 we have significantly reduced the resource footprint of Bromium virtualization and improved the user experience. With each major release of Bromium over the last two years, we have significantly reduced the resource footprint. Back in July 2016, when we released version 3.2 with our initial support for Windows 10 (Windows 7 / 8.1 were already supported), it was the fastest and best performing edition of Bromium ever. Now, with the release of 3.2 Update 5 in November we have made a quantum leap forward!
- Bromium is well known for its revolutionary approach of using micro-virtualization to solve the endpoint security challenge.
- Virtualization is the most secure method for isolating untrusted content and protecting users from the internet, email, USB, and other external sources.
- Even Microsoft has now embraced the concept by adding some basic micro-virtualization capabilities natively into Windows 10.
No one argues the fact that virtualization is the most secure approach to solving the cyber security dilemma. However, the biggest challenge and question that must be answered is whether virtualization can be run on an end user’s device without sucking up all the system resources and causing a poor user experience. The only thing anyone questions about the Bromium approach to security is whether it can meet the performance demands of today’s users.
If you remember, about 10 years ago we had this same conversation about virtualization in the data center. Back in 2005, I remember helping customers implement VMware ESX Server 2.5 and the great skepticism there was as to whether enterprise SQL servers, Exchange Servers or Citrix Terminal Servers would ever be able to be hosted as a virtual machine. Sure, VMware ESX was cool and had some niche use cases, but would it ever fully replace physical servers for most enterprise workloads? How did that turn out? In 2006 Intel and AMD introduced the first virtualization features on their CPUs and VMware released ESX 3.0 The enterprise data center was forever changed and cloud computing was born. Read more…