- News stories involving zero-day Windows kernel exploits seemingly never end.
- Fresh examples abound with alarming regularity and devastating effects, often involving defects with a dwell time of many months before they are formally addressed by patch updates.
- Despite a sustained focus by Microsoft on improving cybersecurity top to bottom, dubious new records were set in both 2015 and 2016 for successful Windows kernel exploits.
This disturbing trend – zero-day exploits – is set to accelerate in 2017 with the recent release of the purported complete set of NSA hacking tools by Shadow Brokers, a massive data dump containing numerous previously unknown Windows kernel vulnerabilities and associated exploit toolkits. As these powerful hacking tools make their way into ever more hands, the potential for these types of attacks increases exponentially, as they no longer require nation-state sponsorship or expertise to effectuate sophisticated security breaches.
In addition, even well-known and longstanding kernel vulnerabilities continue to be exploited, as the backlog of fixes commonly lags exploit discovery by a substantial time period. Furthermore, enterprise Windows systems in production environments remain frequently unpatched by their owners or administrators.
Traditional Approaches Aren’t Doing the Job
Traditional layered defenses—even those augmented by next-generation detection tools involving artificial intelligence and machine learning—have a miserable track record against newly-discovered kernel threats, proving time and again that this “detect to protect” outdated approach is quickly reaching the end of its usefulness.
Common security tools in the standard “detection stack” suffer from a variety of systemic weaknesses because they:
- Are primarily reactive against threats
- Rely on existing signatures, heuristics, and behaviors
- Cannot adapt to keep pace with a rapidly evolving threatscape
- Do not protect users against themselves
Further compounding the problem, users continue to click recklessly on malicious links and attachments, share flash drives, and engage in other risky online behavior—including even trained security-minded individuals who think they are being careful all the time.
We Stop Zero-Day Threats
Bromium Secure Platform employs hardware-enforced virtualization and task isolation that operates beneath the kernel level, meaning that malicious exploits:
- Can’t reach the kernel
- Can’t touch the operating system
- Can’t access user files
- Can’t connect to network resources
- Can’t exfiltrate local or enterprise data
This all-new approach known as micro-virtualization completely neutralizes kernel vulnerabilities—both known and unknown—and eliminates the risk of users clicking indiscriminately in ways that traditional layered defenses simply cannot match.
Bromium changes the security game, putting malware authors on notice that their old kernel exploit tricks won’t work anymore. Zero-days, the gig is up and your days are numbered!
So go ahead, click with confidence … we’ve got you covered!