Today Bromium announced the general availability of Bromium Enterprise Controller (BEC), a key component in our architecture to help enterprises achieve security by design. This post is just a brief introduction. I’ll provide more detail shortly.
BEC plays a pivotal role in the Bromium architecture for enterprise-wide security. It is a centralized co-ordination “brain” for a distributed system of Bromium protected endpoints that allows the endpoints to collaborate to help the enterprise infrastructure to respond in real time to targeted attacks. It is architected to serve global organizations and to deliver the availability and redundancy that they expect.
In the first wave of Bromium product delivery we focused on ensuring that each endpoint can protect itself by design using micro-virtualization to hardware-isolate threats on the endpoint CPU. Micro-virtualization also transforms threat detection by allowing attacks to safely execute in isolation while being comprehensively tracked to deliver real-time forensic insights, capturing every move of the attacker in a hardware-isolated micro-VM in which there is nothing to steal and no way to pivot onto high value networks. A full realization of the Bromium architecture will enable our customers to dramatically improve their security enterprise-wide, and today’s announcement is the beginning of a series of capabilities that we will deliver to achieve this vision.
BEC enables enterprise security teams to deploy vSentry and LAVA at scale, to tens of thousands of endpoints, with a single click. For example, recently, a Fortune 50 corporation deployed vSentry and LAVA to tens of thousands of endpoints in less than 90 days. It also provides a powerful set of policy orchestration, monitoring and threat management capabilities for enterprise endpoint infrastructure. BEC complements Bromium vSentry and LAVA as the “brain” that robustly scales a distributed architecture for defeating attacks, gathering real-time threat intelligence from each endpoint, and distributing that real-time intelligence to the security infrastructure as a whole, to permit a rapid enterprise-wide response to targeted attacks. BEC uses industry standard STIX/MAEC formats to allow organizations to rapidly share intelligence between vendor products and with their peer organizations.
Key features and benefits of BEC include:
- Streamlined and Scalable Global Deployment—Accelerate deployments at scale with a fully autonomous installation and update engine that does not impinge on existing desktop management systems or personnel.
- Simplified and Granular Policy Management—Configure dynamic policy requirements with an advanced engine and granular controls. Fully integrated directory services can assign, deliver and update security policies relevant to individual or group roles.
- Centralized Visibility and Actionable Security Intelligence—Monitor, analyze and report on dangerous security events, attack kill chains and risk profiles in real time from a centralized dashboard.
- Integration with Threat Intelligence Systems—Publish threat intelligence in real time to SIEM systems and network security tools to provide defense-in-depth. Share threat data in a structured format, such as STIX, with other agencies and organizations to enable cooperation in the fight against cyber attacks.
BEC automates deployment and configuration of Bromium vSentry and LAVA, enabling the largest enterprises in the world to immediately realize the benefits of proactive protection from advanced threats and unparalleled visibility into security events. Bromium’s patented micro-virtualization technology enables the CPU-based isolation and real-time introspection of unknown Internet tasks as they run on the enterprise’s endpoints.
- Automatically Defeat Advanced Attacks—Bromium vSentry leverages micro-virtualization to automatically isolate and defeat attacks—without the need for signatures or whitelists.
- Identify and Analyze Malware Execution—Bromium LAVA leverages micro-virtualization to identify and analyze malware execution in each isolated task, including memory changes, files, registry and full packet capture. LAVA analysis is streamed to the Security Operations Center in real time, before automatically remediating the endpoint.
More information about Bromium Enterprise Controller is available here.