- Bromium now supports Citrix XenServer 7.3 nested virtualization with superior performance.
- Use application isolation to stop common attack vectors that layered defenses miss.
- Real-time, high-fidelity alerts trigger the Bromium Sensor Network to provide extended protection.
XenServer is an open source platform for cost-effective application, desktop, cloud, and server virtual infrastructures. When Bromium is used for cybersecurity, any supported application or task is completely isolated inside a micro virtual-machine (micro-VM) so that any malicious behavior is contained and cannot impact the host or VDI environment. Adding application isolation as a security layer is the smartest way to allow employees to get back to work while containing malware so it can’t get through traditional defenses.
Each endpoint protected by Bromium becomes part of the Sensor Network that collects, shares, and learns about new attack vectors and compromise indicators as they happen. Application isolation and control is a critical part of 2018 security stacks because it works as the last line of defense to protect against common attacks that continue to slip by layered defenses.
Return productivity to your organization as targeted threat vectors are protected.
Organizations are counting on application isolation to protect one of their biggest threat vectors – end users doing regular work who are targeted by cybercriminals. As tasks are isolated so malware can’t attack the host or network, these threat vectors are protected:
By using hardware enforcement to isolate the threat from the host, Bromium learns about the attack in real-time as it plays out without impacting the user experience. All threat information is collected by the Bromium Controller so that the SOC team can take action and blacklist the malicious files on the network.
Register: Cybersecurity Architect for Homeland Security Recommends the 2018 Security Stack
(register and we’ll send the recording if you can’t make it)
Performance testing conducted in a VDI environment shows that Bromium protected systems use 35% less CPU than non-Bromium systems and also 10% less IOPS.
The business benefits of using Bromium.
- Reduced cost of investigating false positives.
In research conducted by Ponemon Institute, the average cost of time wasted on responding to false alerts for large enterprise organizations is $1.27 million annually. Even though 19% of the security alerts are considered reliable, only 4% of alerts are investigated. Bromium only delivers high-fidelity alerts without false positives because we are 100% certain of malicious activity due the fact that there is no guessing if something is malicious. We let it run inside our hardware-enforced isolation and fully trace the kill chain.
- Returns employee innovation.
Organizations can free end users from being locked down in the name of “protecting the network” with security policies. With patented, hardware-enforced isolation, disposable computing results in no remediation steps required for an attack, and no dwell time as end users can open any document or visit any website without the fear of malware infections.
- Eliminates the impact of malware.
Bromium uses hardware-enforced containerization to stop zero-day and unknown threats without the need for signatures. As a result, organizations no longer need to worry about re-imaging of machines post infection. When an end user closes the respective application or task the threat is disposed of along with the micro-VM.
- Maintain regular patching routines.
With Bromium, crisis patch management is a thing of the past. End users can safely use unpatched applications without the risk of a breach. Each supported application and task is completely isolated from the host. If an attacker attempts to breach the organization via a zero day or known unpatched vulnerability, there is nowhere to go; the attacker will be completely isolated inside a Bromium micro-VM protecting the host operating system and network.
Ready to see a demonstration? Let us know.