- Bromium does more than provide powerful isolation protection for endpoints and servers.
- We provide DLP controls that can help you strengthen your security.
- At no additional cost, you can apply quite granular policy around the ingress and egress of files and clipboard operations.
In a simple sense, Data Loss Prevention (DLP) is designed to protect you from the inside-out; by stopping the egress of data by users. When using microvirtualization the main goal is to protect from the outside-in; by isolating untrusted code execution.
So DLP and microvirtualization are an ideal complement for each other. Bromium makes it safe for users to do what they need to get their job done, and DLP stops them sending out stuff that the business doesn’t want in the public domain.
Certainly some Bromium customers use both tools side-by-side to solve different problems. We’re compatible with Microsoft IRM including Azure RMS as well as major DLP suites such as Symantec, McAfee and Digital Guardian.
Bromium has a simple solution.
However, if you need a simple out-of-the-box solution then there are “DLP-light” features in vSentry that you may not be aware of. Micro-VMs run behind the Bromium Microvisor and as a result, we have control over what crosses this very small security boundary. This means you can apply quite granular policy around the ingress and egress of files and clipboard operations.
For example, you can:
- Block all file uploads to untrusted websites
- Block/allow uploads to specific websites (blacklist, whitelist)
- Only allow safer formats such as clear text and BMP flattened images to be copied from the micro-VMs to the real PC
- Prevent pasting of clipboard contents to any untrusted website or untrusted file
- Control copy and paste per top level domain
- Block downloads from specific untrusted websites (whitelist or blacklist)
- Block downloads from all untrusted websites
While these configurations lack the granularity of larger-scale DLP tools that examine the content itself, they do provide very powerful controls for security-conscious organizations. We deliver solutions for the global 5000 and governments. If you’d like to see a demo, we’d be happy to take you through it.