- Disposability has become a regular thing in our lives; but you may have taken for granted the value it brings.
- Cost, convenience and risk are the cornerstones of successful disposability.
- Disposable computing offers a solution to cyber security and provides you with valuable threat information.
This is the first in our two-part series on disposable computing (part two tomorrow). We are also hosting a live webinar on Wednesday, June 26 at 1pm ET and 10am PT featuring Joe Malinka (today’s author) who will show you how this works in real life (register to attend or get a copy of the recording). Today, Joe explains how cost, convenience and risk are the foundations of good disposable computing.
We take for granted things that are disposable. We don’t even give them a second thought. However, let’s pretend for a moment that there was a shortage, and some disposable items had to be re-used. Not only would we give these things a second thought, but we would likely have a very strong, even visceral, reaction.
Register today: Our disposable computing webinar on June 28th.
Attend live or get the recording. Register here.
Imagine that you’re in a hospital room, and the nurse walks in and says, “We need to draw some blood, but needles have really gone up in price lately. Even though I used this needle on a previous patient, who, as far as we can tell, has no infectious diseases, do you mind if we re-use it on you?” You’d likely run out of that hospital as fast as your legs could carry you.
At the next hospital you drive to, the doctor walks in to the room and says, “We have a new device that detects diseases on the exam gloves we use. Its detection rate is 99.7%, so we’re now re-using our gloves instead of constantly buying more.” Even though you only have a 0.3% chance of catching something (supposedly), you’d likely run from that hospital, too.
Although that may sound like some dystopian Hollywood movie, most of us have never had to deal with the thought of re-using hospital supplies. Applied to our health, using disposable items makes perfect sense, particularly when we look at the three factors that come into consideration with such a decision: cost, convenience, and risk.
The cost of needles range from 5 – 10¢ each, and exam gloves cost even less. It’s only slightly inconvenient for doctors and nurses to have to remove each new needle from its packaging, or remove the used gloves, discard them, and put on a new pair. However, the risk of infection and subsequent pain, suffering, or even death, far outweighs the cost and slight inconvenience of using disposable items. Even if the risk dropped from 0.3% to 0.0001%, I suspect there would be very few of us willing to be pricked by a used needle or touched by exam gloves that had previously touched other potentially sick patients.
Cost, convenience and risk.
Now let’s apply this principle to computers, where re-use is rampant, and infection (from failed detection) all too often leads to subsequent data unavailability (in the case of ransomware), public disclosures (in the case of data breaches), or even job losses (when those responsible didn’t do enough to protect the organization). I think most would agree the risk is high.
Yet every single day, each one of us re-uses the same computer, visiting websites, opening email attachments, downloading documents, and plugging in USB devices. The challenge we face, if we look at computing, is the cost and inconvenience. But what if we could bring the cost and inconvenience of disposable computing down to a miniscule amount? Then the incredible reduction in risk would be substantial and oh-so-worth-it.
One way to bring the risk of malware infection down to almost zero would be disposable laptops, but the cost and inconvenience of discarding our laptop and getting a new one every time we click on something is obviously significant. Other methods that eliminate risk of infection, such as using a Linux Live CD or reverting to a VM snapshot, have almost zero cost, but yet they’re highly inconvenient and difficult for the average user to use.
Eliminate risk, reduce cost and limit inconvenience.
There is, of course, a solution to this problem – one that has almost zero cost per click, is extremely convenient, and lowers one’s risk (and attack surface) by at least 4 – 5 orders of magnitude. It’s called micro-virtualization, and I’ve been using it for half a decade. If you’re unfamiliar with it, please watch this video before reading the rest of this blog.
The cost of a micro-VM is infinitesimal, since the total CPU and power costs of running Bromium software on a desktop or laptop over the course of a year likely wouldn’t even amount to a single US dollar. If you divide the cost of a Bromium license by the tens of thousands of micro-VMs created over that same year to protect a user’s machine, we’d see that the cost of a micro-VM is a tiny fraction of a penny.
The inconvenience of a micro-VM is measured in milliseconds, particularly with all of the performance improvements that have been made over the past couple of years, culminating in our most recent 4.0 release. When a user clicks on a website or file that Bromium isolation renders in one of these disposable micro-VMs, a new micro-VM is instantiated in milliseconds. When a user browses to a different website (even using the same tab), or closes the file that he or she was working on, the used micro-VM is destroyed, also in milliseconds.
Most importantly, when the micro-VM is destroyed, any malware that may have executed in the micro-VM is destroyed as well, although we capture everything it did in the micro-VM as a forensic record to be used as threat intel. [Great story: we have customers now who get calls to their help desk from folks watching malware run, aware that they don’t want to close the micro-VM until the threat people gather everything they need for the trace.]
Always running, always protecting with little to no user impact.
Bromium isolation works behind-the-scenes to provide disposable micro-VMs when I’m offline, flying at 35,000 feet without an internet connection and I need to open a potentially malicious Outlook attachment. It works when I’m in a hotel, airport, or restaurant and need to connect to their potentially malicious captive portal before getting online. It works every time I deliberately download malware (usually multiple times a day) and double-click on it. It just works.
I’ve used every single version of Bromium isolation from v0.9 of vSentry back in mid-2012 to our most recent 4.0 release. Those earlier versions were less convenient, not very fast, and not highly deployable in an enterprise, but all of that has changed over the past five years. Now, we have many large, happy customers – they no longer deal with the daily “whack-a-mole” grind of fighting endpoint infections. They will attest to the superiority of micro-virtualization over any other approach.
Security solutions will never attain a perfect, 100% detection rate, even from Machine Learning or other forms of Artificial Intelligence. It’s mathematically impossible. We will also never see a network- or cloud-based approach that performs or scales as well as micro-virtualization. Nothing else in the world can reduce the risk of user clicks to the degree that Bromium can, because every Bromium user gets a disposable computer (invisible to them) every time they click.
So free your users from unnecessary restrictions and ineffective training. Remember, they have to click on stuff – it’s part of their job. As security professionals, we can all be free from worry and fear: we don’t fear infectious diseases from needles and gloves that have never been used before, and we don’t need to fear users clicking on anything if it’s always done in disposable micro-VMs, transparently and securely.
I invite you to the Age of Disposable Computing.