- Zero-day attacks exploit vulnerabilities or security holes in software.
- In the event of a malicious attack on any microVM, malware payloads cannot infiltrate the enterprise network.
- LAVA provides highly specific details about every malicious breach, identifying external IP addresses, memory exploits, a list of affected files, and covert attempts to connect to external command-and-control systems.
Bromium’s Micro-Virtualization Technology Can Protect You.
In 2015, Bromium fundamentally enhanced Windows 10 endpoint security with its pioneering micro-virtualization technology. Micro-virtualization technology isolates vulnerable applications from the hardware they run on. Bromium’s partnership with Microsoft guarantees that all sensitive OS services in the Enterprise edition of Microsoft 10 are secured by Hypervisor-protected Code Integrity (HVCI) and Credential Guard (CG). HVCI ensures that only SDL (Security Development Lifecycle) compliant code executes in the core operating system (kernel), while CG retains all ID and password data in a virtual container (called a microVM) that the operating system cannot directly access.
This means that hackers cannot obtain domain data and fixed-length hashing algorithms that are used to encrypt user credentials. Where the hashes were previously stored in local RAM, CG now isolates them within a virtual environment that is impervious to cyber-security breaches. Bromium’s Virtualization-Based Security (VBS) can also be implemented in Windows 7, 8 and Windows 10.Bromium’s VBS has revolutionized the global enterprise security market. It protects against rogue code polymorphic malware, zero-day security hole attacks, and APTs (Advanced Persistent Threats).
How Bromium Is Superior To Other Security Technologies.
Zero-day attacks exploit vulnerabilities or security holes in software. In June 2015, the Chinese espionage group APT3 executed Operation Clandestine Wolf, taking advantage of a security vulnerability in Adobe Flash Player (CVE-2015-3113) to target the military, tech, engineering, and telecommunication industries. APT3 has been documented as a key suspect in recent browser-based (Internet Explorer and Firefox) zero-day attacks. Unlike other security technologies like Symantec, McAfee, FireEye, and Damballa, Bromium’s Secure Files uses micro-virtualization to create task-level isolation. Each virtual environment (microVM) is managed and executed by the Xen Hypervisor from a virtual operating platform (Microvisor).
In the event of a malicious attack on any microVM, malware payloads cannot infiltrate the enterprise network. Secure Files is superior to sandboxes (restricted operating system environments) in that it prevents even sophisticated malware from exploiting kernel-mode vulnerabilities and bypassing endpoint protections. Secure Files is easy to use: Unlike other security technologies, it requires no signatures or security software updates, making it entirely accessible to end-users.
Bromium, Not Just Protection, But Also An Enhanced Analytics Solution.
Besides its VBS protective capabilities, Bromium can also be used as an analytics or forensic tool. To date, Security Operations Centers (SOC) have used Bromium to analyze and dissect malware that was blocked using other methods. Bromium’s Secure Files works with its Live Attack Visualization and Analysis (LAVA) tool to provide unparalleled insight into the structure of every malware attack. With LAVA, analysts can discover the origin, scope, and trajectory of attacks in minutes, rather than days, weeks, or months.
LAVA provides highly specific details about every malicious breach, identifying external IP addresses, memory exploits, a list of affected files, and covert attempts to connect to external command-and-control systems. The Secure Files Microvisor allows security officials to detect bootkits and rootkits from the outside (introspection). Introspection provides cyber-security engineers a panoramic view of the entire life-cycle of a malware attack. Since the malware is isolated in a virtual environment, IT operators can allow it to execute to completion without fear that it would compromise the entire network. Introspection gives analysts a wide-ranging visualization advantage, allowing them to analyze zero-day attacks and other forms of security breaches in their entirety. This forensic advantage allows analysts and IT security experts to craft effective and swift responses to cyber breaches. Through Bromium’s LAVA, analysts can determine how hackers gained access to the rootkits that gave them administrative-level access to sensitive programs and how they used bootkits to hijack Master Boot Records.
LAVA also provides four key security protections:
- Malware persistence detection. LAVA monitors how cyber hackers program future intrusions into sensitive programs. For example, LAVA exposes how hackers manipulate registry keys, startup keys, and boot registry keys to achieve persistence on a system.
- Command shell detection. LAVA detects breach incidents when cyber-criminals use remote command shells to take command of hijacked systems.
- Process injection detection. Unlike other security technologies, LAVA can expose the process injection techniques hackers use to introduce malicious code into running processes.
- Defense bypass detection. LAVA exposes how hackers use privilege escalation to incapacitate current security procedures, gain access to sensitive programs, and perform unauthorized actions.
Bromium’s Secure Files and LAVA analytics capabilities are increasingly relevant in a world where rival nation-states continue to vie for political and military advantage. Despite the 2015 Cybersecurity Agreement between China and the United States, the Asian tiger continues to practice economic and military espionage. A few days after the agreement was reached, Chinese hackers stole classified intelligence from the United States Navy and Marine Corps as well as sensitive data from at least five American technology companies.
Bromium’s LAVA not only records malware breaches in their entirety but also forwards encrypted copies of these breaches to the Bromium Enterprise Controller (BEC), where Security Operations Center Analysts can reverse engineer the malware, compare samples to previously analyzed malware attacks, and export malware information in the STIX/MAEC format to other intelligence agencies within the United States government. STIX was developed by MITRE, a United States government-funded organization, and is a standardized method of reporting security breach information, while MAEC is a standardized language that is used to facilitate the sharing of cyber-security breach data between disparate systems. Bromium’s Secure Platform is the only product on the market that comprehensively addresses the threat of cyber espionage. With its superior detection and analytics capabilities, Bromium’s Secure Files and LAVA represent the next generation of cyber-security solutions for the defense, finance, hi-tech, healthcare, and energy industries.